-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathLogFile.txt
More file actions
5346 lines (5344 loc) · 328 KB
/
LogFile.txt
File metadata and controls
5346 lines (5344 loc) · 328 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Image|C:\temp\UrlDownload.exe|Base@0x400000|MappedSize@0x1b000|EntryPoint@0x41110e
Image|C:\WINDOWS\system32\ADVAPI32.DLL|Base@0x77dd0000|MappedSize@0x9b000|EntryPoint@0x77dd710b
SYMBOL|ADVAPI32.DLL|RegOpenKeyExW|@77dd6aaf
SYMBOL|ADVAPI32.DLL|RegQueryValueExW|@77dd6fff
SYMBOL|ADVAPI32.DLL|RegCreateKeyExW|@77dd776c
SYMBOL|ADVAPI32.DLL|RegOpenKeyExA|@77dd7852
SYMBOL|ADVAPI32.DLL|RegQueryValueExA|@77dd7abb
SYMBOL|ADVAPI32.DLL|RegSetValueExA|@77ddd767
SYMBOL|ADVAPI32.DLL|RegCreateKeyExA|@77dde9f4
SYMBOL|ADVAPI32.DLL|RegSetValueExA|@77ddeae7
Image|C:\WINDOWS\system32\RPCRT4.dll|Base@0x77e70000|MappedSize@0x93000|EntryPoint@0x77e7628f
Image|C:\WINDOWS\system32\Secur32.dll|Base@0x77fe0000|MappedSize@0x11000|EntryPoint@0x77fe2146
Image|C:\WINDOWS\system32\kernel32.dll|Base@0x7c800000|MappedSize@0xf6000|EntryPoint@0x7c80b64e
SYMBOL|KERNEL32.DLL|ReadFile|@7c801812
SYMBOL|KERNEL32.DLL|CloseHandle|@7c809be7
SYMBOL|KERNEL32.DLL|CreateFileW|@7c810800
SYMBOL|KERNEL32.DLL|SetFilePointer|@7c810c2e
SYMBOL|KERNEL32.DLL|WriteFile|@7c810e27
SYMBOL|KERNEL32.DLL|ReadFileEx|@7c82bd0b
SYMBOL|KERNEL32.DLL|DeleteFileW|@7c831f63
SYMBOL|KERNEL32.DLL|WriteFileEx|@7c85d6d9
Image|C:\WINDOWS\system32\ntdll.dll|Base@0x7c900000|MappedSize@0xb2000|EntryPoint@0x7c9120f8
Image|C:\WINDOWS\system32\urlmon.dll|Base@0x7e1e0000|MappedSize@0xa4000|EntryPoint@0x7e1e1787
Image|C:\WINDOWS\system32\GDI32.dll|Base@0x77f10000|MappedSize@0x49000|EntryPoint@0x77f16587
Image|C:\WINDOWS\system32\USER32.dll|Base@0x7e410000|MappedSize@0x91000|EntryPoint@0x7e41b217
Image|C:\WINDOWS\system32\ole32.dll|Base@0x774e0000|MappedSize@0x13e000|EntryPoint@0x774fd061
Image|C:\WINDOWS\system32\msvcrt.dll|Base@0x77c10000|MappedSize@0x58000|EntryPoint@0x77c1f2a1
Image|C:\WINDOWS\system32\SHLWAPI.dll|Base@0x77f60000|MappedSize@0x76000|EntryPoint@0x77f6520b
Image|C:\WINDOWS\system32\VERSION.dll|Base@0x77c00000|MappedSize@0x8000|EntryPoint@0x77c01135
Image|C:\WINDOWS\system32\MSVCR100D.dll|Base@0x1c50000|MappedSize@0x172000|EntryPoint@0x1c98e00
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SYSTEM\CurrentControlSet\Control\Session Manager
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000078C
Thread=a60|RegQueryValueExA|CALL|hKey=0000078C|lpValueName=CriticalSectionTimeout
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Ole
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000078C
Thread=a60|RegQueryValueExA|CALL|hKey=0000078C|lpValueName=RWLockResourceTimeOut
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\Performance
Thread=a60|RegOpenKeyExA|RETN|Value=2
Image|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll|Base@0x773d0000|MappedSize@0x103000|EntryPoint@0x773d4256
Thread=a60|CreateFileW|CALL|lpFileName=C:\WINDOWS\WindowsShell.Manifest|dwDesiredAccess=80000000|dwShareMode=5|dwCreationDisposition=3|dwFlagsAndAttributes=0
Thread=0xa60|CreateFileW|RETN|Value=00000774
Thread=a60|RegOpenKeyExW|CALL|hKey=00000774|lpSubKey=Control Panel\Desktop
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000077C
Thread=a60|RegQueryValueExW|CALL|hKey=0000077C|lpValueName=SmoothScroll
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000774|lpSubKey=software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000077C
Thread=a60|RegQueryValueExW|CALL|hKey=0000077C|lpValueName=EnableBalloonTips
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows NT\CurrentVersion\LanguagePack
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000774
Thread=a60|RegOpenKeyExA|CALL|hKey=80000000|lpSubKey=PROTOCOLS\Name-Space Handler\
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000077E
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000770
Thread=a60|RegQueryValueExA|CALL|hKey=00000770|lpValueName=DisableImprovedZoneCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000770
Thread=a60|RegQueryValueExW|CALL|hKey=00000770|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000770
Thread=a60|RegQueryValueExW|CALL|hKey=00000770|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000770
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_OBJECT_CACHING
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_ZONE_ELEVATION
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_MIME_HANDLING
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_MIME_SNIFFING
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_WINDOW_RESTRICTIONS
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_WEBOC_POPUPMANAGEMENT
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_BEHAVIORS
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_DISABLE_MK_PROTOCOL
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_LOCALMACHINE_LOCKDOWN
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_SECURITYBAND
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_RESTRICT_ACTIVEXINSTALL
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_VALIDATE_NAVIGATE_URL
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_RESTRICT_FILEDOWNLOAD
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_ADDON_MANAGEMENT
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_PROTOCOL_LOCKDOWN
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_SAFE_BINDTOOBJECT
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=UrlDownload.exe
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=*
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_UNC_SAVEDFILECHECK
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|WriteFile|CALL|hFile=00000007
Thread=a60|WriteFile|RETN|Value=1
Thread=a60|RegCreateKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\DownloadManager
Thread=a60|RegCreateKeyExA|RETN|Value=0|phkResult=00000770
Thread=a60|RegQueryValueExA|CALL|hKey=00000770|lpValueName=CacheOk
Thread=a60|RegQueryValueExW|RETN|Value=2
Image|C:\WINDOWS\system32\UxTheme.dll|Base@0x5ad70000|MappedSize@0x38000|EntryPoint@0x5ad71626
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=Software\Microsoft\Windows\CurrentVersion\ThemeManager
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=Compositing
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000770|lpSubKey=Control Panel\Desktop
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=0000076C
Thread=a60|RegQueryValueExW|CALL|hKey=0000076C|lpValueName=LameButtonText
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000000|lpSubKey=PROTOCOLS\Name-Space Handler\
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000076A
Thread=a60|RegOpenKeyExA|CALL|hKey=80000000|lpSubKey=PROTOCOLS\Name-Space Handler\https\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000000|lpSubKey=PROTOCOLS\Name-Space Handler\*\
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Ole
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000768
Thread=a60|RegQueryValueExW|CALL|hKey=00000768|lpValueName=MaximumAllowedAllocationSize
Thread=a60|RegQueryValueExW|RETN|Value=2
Image|C:\WINDOWS\system32\mlang.dll|Base@0x75cf0000|MappedSize@0x91000|EntryPoint@0x75cf136f
Image|C:\WINDOWS\system32\WININET.dll|Base@0x771b0000|MappedSize@0xaa000|EntryPoint@0x771b1551
Image|C:\WINDOWS\system32\CRYPT32.dll|Base@0x77a80000|MappedSize@0x95000|EntryPoint@0x77a81632
Image|C:\WINDOWS\system32\MSASN1.dll|Base@0x77b20000|MappedSize@0x12000|EntryPoint@0x77b233a1
Image|C:\WINDOWS\system32\OLEAUT32.dll|Base@0x77120000|MappedSize@0x8b000|EntryPoint@0x77121560
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=SYSTEM\CurrentControlSet\Services\crypt32\Performance
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\OLEAUT
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\OLEAUT\UserEra
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\OLEAUT
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegCreateKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegCreateKeyExA|RETN|Value=0|phkResult=00000760
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=FromCacheTimeout
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=SecureProtocols
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=CertificateRevocation
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableKeepAlive
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisablePassport
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=CacheMode
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000758
Thread=a60|RegQueryValueExA|CALL|hKey=00000758|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000758
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000754
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000750
Thread=a60|RegQueryValueExA|CALL|hKey=00000758|lpValueName=EnableHttp1_1
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000750|lpValueName=EnableHttp1_1
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000750
Thread=a60|RegQueryValueExA|CALL|hKey=00000750|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000750
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000754
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000758
Thread=a60|RegQueryValueExA|CALL|hKey=00000750|lpValueName=ProxyHttp1.1
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000758|lpValueName=ProxyHttp1.1
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000754|lpValueName=ProxyHttp1.1
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=EnableNegotiate
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableBasicOverClearChannel
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000758
Thread=a60|RegQueryValueExA|CALL|hKey=00000758|lpValueName=Feature_ClientAuthCertFilter
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=SyncMode5
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000754
Thread=a60|RegQueryValueExA|CALL|hKey=00000754|lpValueName=FixupKey
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000754
Thread=a60|RegQueryValueExA|CALL|hKey=00000754|lpValueName=SessionStartTimeDefaultDeltaSecs
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000754
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=System\Setup
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000750
Thread=a60|RegQueryValueExA|CALL|hKey=00000750|lpValueName=SystemSetupInProgress
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000750
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000074C
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000748
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=Signature
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=Cache
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=Cookies
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=History
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=Content
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=00000754|lpSubKey=Content
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExA|CALL|hKey=00000740|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=Content
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Image|C:\WINDOWS\system32\shell32.dll|Base@0x7c9c0000|MappedSize@0x817000|EntryPoint@0x7c9e7496
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=SYSTEM\Setup
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExW|CALL|hKey=00000740|lpValueName=SystemSetupInProgress
Thread=a60|RegQueryValueExW|RETN|Value=0
Image|C:\WINDOWS\system32\comctl32.dll|Base@0x5d090000|MappedSize@0x9a000|EntryPoint@0x5d0934ba
Thread=a60|RegOpenKeyExW|CALL|hKey=00000738|lpSubKey=Control Panel\Desktop
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExW|CALL|hKey=00000740|lpValueName=SmoothScroll
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExW|CALL|hKey=00000740|lpValueName=Cache
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegSetValueExW|CALL|hKey00000740|lpValueName=Cache|dwType=1|cbData=144|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files
Thread=a60|RegSetValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000740
Thread=a60|RegOpenKeyExA|CALL|hKey=00000740|lpSubKey=Paths
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000734
Thread=a60|RegOpenKeyExA|CALL|hKey=00000734|lpSubKey=Path1
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000730
Thread=a60|RegOpenKeyExA|CALL|hKey=00000734|lpSubKey=Path2
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000072C
Thread=a60|RegOpenKeyExA|CALL|hKey=00000734|lpSubKey=Path3
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExA|CALL|hKey=00000734|lpSubKey=Path4
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExA|CALL|hKey=00000740|lpSubKey=Special Paths
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000720
Thread=a60|RegSetValueExA|CALL|hKey00000734|lpValueName=Directory|dwType=1|cbData=84|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000734|lpValueName=Paths|dwType=4|cbData=4|lpData=4000
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000730|lpValueName=CachePath|dwType=1|cbData=91|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey0000072C|lpValueName=CachePath|dwType=1|cbData=91|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\Cache2
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000728|lpValueName=CachePath|dwType=1|cbData=91|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000724|lpValueName=CachePath|dwType=1|cbData=91|lpData=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000730|lpValueName=CacheLimit|dwType=4|cbData=4|lpData=8c7f20
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey0000072C|lpValueName=CacheLimit|dwType=4|cbData=4|lpData=8c7f20
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000728|lpValueName=CacheLimit|dwType=4|cbData=4|lpData=8c7f20
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegSetValueExA|CALL|hKey00000724|lpValueName=CacheLimit|dwType=4|cbData=4|lpData=8c7f20
Thread=a60|RegSetValueExA|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=Cookies
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExA|CALL|hKey=00000740|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=00000754|lpSubKey=Cookies
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000720
Thread=a60|RegQueryValueExA|CALL|hKey=00000720|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=Cookies
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExW|CALL|hKey=00000740|lpValueName=Cookies
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegSetValueExW|CALL|hKey00000740|lpValueName=Cookies|dwType=1|cbData=80|lpData=C:\Documents and Settings\user2\Cookies
Thread=a60|RegSetValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=History
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExA|CALL|hKey=00000740|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=00000754|lpSubKey=History
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000720
Thread=a60|RegQueryValueExA|CALL|hKey=00000720|lpValueName=PerUserItem
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=0000074C|lpSubKey=History
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000744
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegQueryValueExW|CALL|hKey=00000740|lpValueName=History
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegCreateKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Thread=a60|RegCreateKeyExW|RETN|Value=0|phkResult=00000740
Thread=a60|RegSetValueExW|CALL|hKey00000740|lpValueName=History|dwType=1|cbData=110|lpData=C:\Documents and Settings\user2\Local Settings\History
Thread=a60|RegSetValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000744|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000750
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Local Settings\Temporary Internet Files\Content.IE5\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000750
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Cookies\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000740
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Cookies\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000740
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Local Settings\History\History.IE5\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000730
Thread=a60|CreateFileW|CALL|lpFileName=C:\Documents and Settings\user2\Local Settings\History\History.IE5\index.dat|dwDesiredAccess=c0000000|dwShareMode=3|dwCreationDisposition=4|dwFlagsAndAttributes=10000000
Thread=0xa60|CreateFileW|RETN|Value=00000730
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExA|CALL|hKey=00000728|lpSubKey=Extensible Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExA|CALL|hKey=00000724|lpSubKey=MSHist012012073120120801
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheRepair
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePath
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheOptions
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000724|lpSubKey=MSHist012012080320120804
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheRepair
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePath
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheOptions
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000724|lpSubKey=UserData
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheRepair
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePath
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CachePrefix
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheLimit
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=CacheOptions
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=RETRY_HEADERONLYPOST_ONCONNECTIONRESET
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=FEATURE_CHUNK_TIMEOUT_KB914453
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExW|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000724|lpSubKey=FEATURE_CERT_TRUST_VERIFIED_KB936882
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=DisableWorkerThreadHibernation
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableWorkerThreadHibernation
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableReadRange
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=SocketSendBufferLength
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=SocketReceiveBufferLength
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=KeepAliveTimeout
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=MaxHttpRedirects
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=MaxConnectionsPerServer
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=MaxConnectionsPer1_0Server
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=ServerInfoTimeout
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=ReceiveTimeOut
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableNTLMPreAuth
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=ScavengeCacheLowerBound
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=CertCacheNoValidate
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=ScavengeCacheFileLifeTime
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=ScavengeCacheFileLimit
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=ScavengeCacheFileLimit
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_BUFFERBREAKING_818408
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_USE_CNAME_FOR_SPN_KB911149
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_USE_SPN_FOR_NTLM_AUTH_DISABLED
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_USE_SPN_FOR_DIGEST_AUTH_DISABLED
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=HttpDefaultExpiryTimeSecs
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=FtpDefaultExpiryTimeSecs
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=GopherDefaultExpiryTimeSecs
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableCachingOfSSLPages
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExW|CALL|hKey=00000728|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000728
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000728|lpSubKey=FEATURE_HTTP_HEADER_NAME_LENGTH_MATCH_KB950759
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=PerUserCookies
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=LeashLegacyCookies
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DisableNT4RasCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=DialupUseLanSettings
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=DialupUseLanSettings
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=SendExtraCRLF
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=BypassFtpTimeCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=EnableGopher
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=ReleaseSocketDuringAuth
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=ReleaseSocketDuring401Auth
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=ReleaseSocketDuring401Auth
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WpadSearchAllDomains
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=DisableLegacyPreAuthAsServer
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=DisableLegacyPreAuthAsServer
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=BypassHTTPNoCacheCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=BypassHTTPNoCacheCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=BypassSSLNoCacheCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=BypassSSLNoCacheCheck
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=EnableHttpTrace
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=EnableHttpTrace
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=NoCheckAutodialOverRide
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000724
Thread=a60|RegQueryValueExA|CALL|hKey=00000724|lpValueName=NoCheckAutodialOverRide
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=DontUseDNSLoadBalancing
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DontUseDNSLoadBalancing
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=NonBlockingClient32
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000728
Thread=a60|RegQueryValueExA|CALL|hKey=00000728|lpValueName=ShareCredsWithWinHttp
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=MimeExclusionListForCache
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=MimeExclusionListForCache
Thread=a60|RegQueryValueExW|RETN|Value=ea
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=HeaderExclusionListForCache
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DnsCacheEnabled
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DnsCacheEntries
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=DnsCacheTimeout
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnPost
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnAlwaysOnPost
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnZoneCrossing
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnBadCertSending
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnBadCertRecving
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnPostRedirect
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=AlwaysDrainOnRedirect
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=WarnOnHTTPSToHTTPRedirect
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=GlobalUserOffline
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=EnableAutodial
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000710
Thread=a60|RegQueryValueExA|CALL|hKey=00000710|lpValueName=UrlEncoding
Thread=a60|RegQueryValueExW|RETN|Value=ea
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=TruncateFileName
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000760|lpValueName=BadProxyExpiresTime
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000710
Thread=a60|RegQueryValueExW|CALL|hKey=00000710|lpValueName=Security_HKLM_only
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=80000002|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=0|phkResult=00000710
Thread=a60|RegOpenKeyExW|CALL|hKey=80000001|lpSubKey=Software\Microsoft\Internet Explorer\Main\FeatureControl
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExW|CALL|hKey=00000710|lpSubKey=FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
Thread=a60|RegOpenKeyExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000710
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=0000070C
Thread=a60|RegQueryValueExA|CALL|hKey=0000070C|lpValueName=Default
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=0000070C|lpValueName=Compatible
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=0000070C|lpValueName=Version
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=00000710|lpSubKey=UA Tokens
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000708
Thread=a60|RegOpenKeyExA|CALL|hKey=80000001|lpSubKey=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000704
Thread=a60|RegQueryValueExA|CALL|hKey=00000704|lpValueName=User Agent
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000710|lpSubKey=Pre Platform
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=0000070C|lpSubKey=Pre Platform
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=0000070C|lpValueName=Platform
Thread=a60|RegQueryValueExW|RETN|Value=2
Thread=a60|RegOpenKeyExA|CALL|hKey=00000710|lpSubKey=Post Platform
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000708
Thread=a60|RegOpenKeyExA|CALL|hKey=0000070C|lpSubKey=Post Platform
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000708
Image|C:\WINDOWS\system32\wsock32.dll|Base@0x71ad0000|MappedSize@0x9000|EntryPoint@0x71ad1039
Image|C:\WINDOWS\system32\WS2_32.dll|Base@0x71ab0000|MappedSize@0x17000|EntryPoint@0x71ab1273
SYMBOL|WS2_32.DLL|socket|@71ab4211
SYMBOL|WS2_32.DLL|connect|@71ab4a07
Image|C:\WINDOWS\system32\WS2HELP.dll|Base@0x71aa0000|MappedSize@0x8000|EntryPoint@0x71aa1638
Thread=a60|RegOpenKeyExA|CALL|hKey=80000002|lpSubKey=System\CurrentControlSet\Services\WinSock2\Parameters
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000708
Thread=a60|RegQueryValueExA|CALL|hKey=00000708|lpValueName=WinSock_Registry_Version
Thread=a60|RegQueryValueExW|RETN|Value=ea
Thread=a60|RegOpenKeyExA|CALL|hKey=00000708|lpSubKey=Protocol_Catalog9
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000704
Thread=a60|RegQueryValueExA|CALL|hKey=00000704|lpValueName=Serial_Access_Num
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000704|lpValueName=Serial_Access_Num
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000704|lpSubKey=00000004
Thread=a60|RegOpenKeyExA|RETN|Value=2
Thread=a60|RegQueryValueExA|CALL|hKey=00000704|lpValueName=Next_Catalog_Entry_ID
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=00000704|lpValueName=Num_Catalog_Entries
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000704|lpSubKey=Catalog_Entries
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=00000700
Thread=a60|RegOpenKeyExA|CALL|hKey=00000700|lpSubKey=000000000001
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=000006FC
Thread=a60|RegQueryValueExA|CALL|hKey=000006FC|lpValueName=PackedCatalogItem
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegQueryValueExA|CALL|hKey=000006FC|lpValueName=PackedCatalogItem
Thread=a60|RegQueryValueExW|RETN|Value=0
Thread=a60|RegOpenKeyExA|CALL|hKey=00000700|lpSubKey=000000000002
Thread=a60|RegOpenKeyExA|RETN|Value=0|phkResult=000006FC