Analysis Date2017-07-14 21:06:27
MD56a1f7b0014d63bc790e5d548919487f3
SHA178507acf60b63abc79ae128933e00099eece9614

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 791799c54171a5ebfbf278a4f374a193 sha1: 5db23bfcf3c863d5a8eec76d0673bbf559effeec size: 2560
Section.data md5: d447e459653b50488035fa0eeb73205e sha1: 247a07d59dfdeacbc7632ff820aeb5d980df6839 size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: 41e0574f20f21f653aa920261dd7710c sha1: 63a97f03e700c27b1faeb452a2c26c9a4e22c0f2 size: 1536
Section.reloc md5: sha1: size:
Section.rsrc md5: 3a5ce84acf065afa8eb57ef1e71c0c7b sha1: adb7311758780baa7404f91a4a32e4f346138407 size: 7680
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash2882965f02737a1b501e426c9c6b57a3
AV360 SafeNo Virus
AVAd-AwareTrojan.GenericKD.1416345
AVAlwil (avast)Crypt-QFY [Trj]
AVArcabit (arcavir)Trojan.GenericKD.1416345
AVAuthentiumW32/Trojan.RULM-9121
AVAvira (antivir)TR/Rogue.AI.11221
AVBitDefenderTrojan.GenericKD.1416345
AVBullGuardTrojan.GenericKD.1416345
AVCA (E-Trust Ino)Trojan.GenericKD.1416345
AVCAT (quickheal)TrojanDownloader.Upatre.A5
AVClamAVWin.Trojan.Agent-1123801
AVDr. WebTrojan.DownLoad3.28161
AVEmsisoftTrojan.GenericKD.1416345
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVF-SecureTrojan.GenericKD.1416345
AVFortinetW32/Zbot.HFQ!tr
AVFrisk (f-prot)W32/Trojan3.GPA
AVGrisoft (avg)Crypt2.BXXF
AVIkarusTrojan-Spy.Win32.Zbot
AVK7Trojan-Downloader ( 0040f6bd1 )
AVKasperskyTrojan-Downloader.Win32.Agent.hdsz
AVMalwareBytesTrojan.FakeMS.ED
AVMcafeePWSZbot-FMO!6A1F7B0014D6
AVMicroWorld (escan)Trojan.GenericKD.1416345
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Agent.cqixup
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-FakePDF
AVSymantecDownloader
AVTrend MicroTROJ_UPATRE.SMJ8
AVTwisterTrojanDldr.Waski.A.rmgu
AVVirusBlokAda (vba32)TrojanDownloader.Agent
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Downloader.Agent.Win32.182483

Runtime Details:

Screenshot

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates FileC:\WINDOWS\system32\userenv.dll
Creates FileC:\WINDOWS\system32\userenv.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar6.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar8.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarA.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarC.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarE.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar10.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar12.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar14.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar16.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar18.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar20.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar22.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar24.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar26.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp

Process
↳ C:\78507acf60b63abc79ae128933e00099eece9614.exe

Creates Filemciwave.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\78507acf60b63abc79ae128933e00099eece9614.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe ➝
budha\\x00

Network Details:


Raw Pcap
0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cf9443dc 0fa07584 ed133f43 efa3e474   ..C...u...?C...t
0x00000100 (00256)   432b9a4d c87d695e 3fbcf601 7661c0f9   C+.M.}i^?...va..
0x00000110 (00272)   3123bb68 5aaf4cc7 d2a292cc c4a0b9d3   1#.hZ.L.........
0x00000120 (00288)   f47de9b1 0f79fe91 eac8d881 988a0466   .}...y.........f
0x00000130 (00304)   43a47377 9b4e92de 5537df84 eb0ab7e4   C.sw.N..U7......
0x00000140 (00320)   cbc43c8c fa8f0de1 e4484ade d89daf78   ..<......HJ....x
0x00000150 (00336)   5ca37a55 d85a3614 03                  \.zU.Z6..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cf9443dc 0fa07584 ed133f43 efa3e474   ..C...u...?C...t
0x00000100 (00256)   432b9a4d c87d695e 3fbcf601 7661c0f9   C+.M.}i^?...va..
0x00000110 (00272)   3123bb68 5aaf4cc7 d2a292cc c4a0b9d3   1#.hZ.L.........
0x00000120 (00288)   f47de9b1 0f79fe91 eac8d881 988a0466   .}...y.........f
0x00000130 (00304)   43a47377 9b4e92de 5537df84 eb0ab7e4   C.sw.N..U7......
0x00000140 (00320)   cbc43c8c fa8f0de1 e4484ade d89daf78   ..<......HJ....x
0x00000150 (00336)   5ca37a55 d85a3614 03                  \.zU.Z6..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   361eee73 daadfdee 67897c5b 11436d8c   6..s....g.|[.Cm.
0x00000100 (00256)   29b30c11 65371ba2 5e2d621e f62a1272   )...e7..^-b..*.r
0x00000110 (00272)   8b7b7a18 043ad8ed 7fbfba76 ccbb6f7c   .{z..:.....v..o|
0x00000120 (00288)   924bd320 bde7653b 33938739 b8e0eabd   .K. ..e;3..9....
0x00000130 (00304)   a1ed9758 f6e785f9 4bc9b564 49c14bc1   ...X....K..dI.K.
0x00000140 (00320)   11355690 f5619021 2602e4c3 6e3b7dcd   .5V..a.!&...n;}.
0x00000150 (00336)   0da10b2a 63828adf 3ba90202 aaa91bb9   ...*c...;.......
0x00000160 (00352)   ca4cde6a 94a0156a 0591f618 912f4a14   .L.j...j...../J.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   361eee73 daadfdee 67897c5b 11436d8c   6..s....g.|[.Cm.
0x00000100 (00256)   29b30c11 65371ba2 5e2d621e f62a1272   )...e7..^-b..*.r
0x00000110 (00272)   8b7b7a18 043ad8ed 7fbfba76 ccbb6f7c   .{z..:.....v..o|
0x00000120 (00288)   924bd320 bde7653b 33938739 b8e0eabd   .K. ..e;3..9....
0x00000130 (00304)   a1ed9758 f6e785f9 4bc9b564 49c14bc1   ...X....K..dI.K.
0x00000140 (00320)   11355690 f5619021 2602e4c3 6e3b7dcd   .5V..a.!&...n;}.
0x00000150 (00336)   0da10b2a 63828adf 3ba90202 aaa91bb9   ...*c...;.......
0x00000160 (00352)   ca4cde6a 94a0156a 0591f618 912f4a14   .L.j...j...../J.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0e19f587 41ff63d5 a6e32f22 233f2746   ....A.c.../"#?'F
0x00000100 (00256)   1fc0cad3 a765dc7e bf28bc63 6a3862f0   .....e.~.(.cj8b.
0x00000110 (00272)   90739462 b610f309 07b8af78 98573288   .s.b.......x.W2.
0x00000120 (00288)   397b71b3 11a61f68 101806a2 0c66b02e   9{q....h.....f..
0x00000130 (00304)   68807842 0f06d84c ef31efbc 448505e3   h.xB...L.1..D...
0x00000140 (00320)   a51a5018 0bd1b34c 8d5ce190 55814759   ..P....L.\..U.GY
0x00000150 (00336)   2bc7412b ad79d06b 8b9b7f1c e1a9c9f2   +.A+.y.k........
0x00000160 (00352)   cbb70dc7 dea3db6b b0cbcb92 ddad9e14   .......k........
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0e19f587 41ff63d5 a6e32f22 233f2746   ....A.c.../"#?'F
0x00000100 (00256)   1fc0cad3 a765dc7e bf28bc63 6a3862f0   .....e.~.(.cj8b.
0x00000110 (00272)   90739462 b610f309 07b8af78 98573288   .s.b.......x.W2.
0x00000120 (00288)   397b71b3 11a61f68 101806a2 0c66b02e   9{q....h.....f..
0x00000130 (00304)   68807842 0f06d84c ef31efbc 448505e3   h.xB...L.1..D...
0x00000140 (00320)   a51a5018 0bd1b34c 8d5ce190 55814759   ..P....L.\..U.GY
0x00000150 (00336)   2bc7412b ad79d06b 8b9b7f1c e1a9c9f2   +.A+.y.k........
0x00000160 (00352)   cbb70dc7 dea3db6b b0cbcb92 ddad9e14   .......k........
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   bf3a1381 7e506620 5daa8f2e b5bcc51a   .:..~Pf ].......
0x00000100 (00256)   8ac0db5f 1c58a35b dafeb73b 892b29f6   ..._.X.[...;.+).
0x00000110 (00272)   0ed58195 446a35a7 aff45446 f3dbc6a0   ....Dj5...TF....
0x00000120 (00288)   ad1c44a0 2c30ef52 e1d54a27 3b2b284e   ..D.,0.R..J';+(N
0x00000130 (00304)   fc509e64 ecdb42c8 14b642a1 8c55ba19   .P.d..B...B..U..
0x00000140 (00320)   0fa2b14d bb4932b6 edc4f922 f295c2e6   ...M.I2...."....
0x00000150 (00336)   fcbbece2 672a9ba0 6e7d07a9 b1b5850a   ....g*..n}......
0x00000160 (00352)   a5eabbb2 20974511 5d92cdd1 135c6314   .... .E.]....\c.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   bf3a1381 7e506620 5daa8f2e b5bcc51a   .:..~Pf ].......
0x00000100 (00256)   8ac0db5f 1c58a35b dafeb73b 892b29f6   ..._.X.[...;.+).
0x00000110 (00272)   0ed58195 446a35a7 aff45446 f3dbc6a0   ....Dj5...TF....
0x00000120 (00288)   ad1c44a0 2c30ef52 e1d54a27 3b2b284e   ..D.,0.R..J';+(N
0x00000130 (00304)   fc509e64 ecdb42c8 14b642a1 8c55ba19   .P.d..B...B..U..
0x00000140 (00320)   0fa2b14d bb4932b6 edc4f922 f295c2e6   ...M.I2...."....
0x00000150 (00336)   fcbbece2 672a9ba0 6e7d07a9 b1b5850a   ....g*..n}......
0x00000160 (00352)   a5eabbb2 20974511 5d92cdd1 135c6314   .... .E.]....\c.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   bf35c03a 97416847 41e36723 65e0ca06   .5.:.AhGA.g#e...
0x00000100 (00256)   e8be938a b3243605 4d7ac199 4410f9d6   .....$6.Mz..D...
0x00000110 (00272)   f2892c94 eb89d170 b4bf84f8 af4b91a5   ..,....p.....K..
0x00000120 (00288)   43ddd17c 2b                           C..|+

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   bf35c03a 97416847 41e36723 65e0ca06   .5.:.AhGA.g#e...
0x00000100 (00256)   e8be938a b3243605 4d7ac199 4410f9d6   .....$6.Mz..D...
0x00000110 (00272)   f2892c94 eb89d170 b4bf84f8 af4b91a5   ..,....p.....K..
0x00000120 (00288)   43ddd17c 2b                           C..|+

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   7417ddbc f3e99832 80fcd8f9 f6346b96   t......2.....4k.
0x00000100 (00256)   bb538c67 b874de6d 61acf2d0 2adb8fc5   .S.g.t.ma...*...
0x00000110 (00272)   f8226a0a 7186566f fa8908aa 3b49bba7   ."j.q.Vo....;I..
0x00000120 (00288)   555b0d72 adf9efc1 dd2016ee 2ba28d11   U[.r..... ..+...
0x00000130 (00304)   a6cc8074 9965a9fa bb22e9d8 42952b1f   ...t.e..."..B.+.
0x00000140 (00320)   a92fc8b5 0bb2561d ddb33712 0914e076   ./....V...7....v
0x00000150 (00336)   eae20f35 054a92fb a13bbdc4 422233cc   ...5.J...;..B"3.
0x00000160 (00352)   8e1ed02d 599b1f5c 93be919a 2d578014   ...-Y..\....-W..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   7417ddbc f3e99832 80fcd8f9 f6346b96   t......2.....4k.
0x00000100 (00256)   bb538c67 b874de6d 61acf2d0 2adb8fc5   .S.g.t.ma...*...
0x00000110 (00272)   f8226a0a 7186566f fa8908aa 3b49bba7   ."j.q.Vo....;I..
0x00000120 (00288)   555b0d72 adf9efc1 dd2016ee 2ba28d11   U[.r..... ..+...
0x00000130 (00304)   a6cc8074 9965a9fa bb22e9d8 42952b1f   ...t.e..."..B.+.
0x00000140 (00320)   a92fc8b5 0bb2561d ddb33712 0914e076   ./....V...7....v
0x00000150 (00336)   eae20f35 054a92fb a13bbdc4 422233cc   ...5.J...;..B"3.
0x00000160 (00352)   8e1ed02d 599b1f5c 93be919a 2d578014   ...-Y..\....-W..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   d1bc123b fe65b810 28ffde04 6da69616   ...;.e..(...m...
0x00000100 (00256)   4e88f357 dd87ab0a aec49d04 666b9e97   N..W........fk..
0x00000110 (00272)   b369104e 96f40dba fc21efc9 7b4ff760   .i.N.....!..{O.`
0x00000120 (00288)   1bc1b289 cd915135 257925e5 281983f8   ......Q5%y%.(...
0x00000130 (00304)   388080a7 dc5c5720 1fa14715 4bb8f51e   8....\W ..G.K...
0x00000140 (00320)   939b195e bf068a91 88664bc7 f4a8190c   ...^.....fK.....
0x00000150 (00336)   c11bd0b3 f0015ec6 67aba4f5 ae121b91   ......^.g.......
0x00000160 (00352)                                         

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   d1bc123b fe65b810 28ffde04 6da69616   ...;.e..(...m...
0x00000100 (00256)   4e88f357 dd87ab0a aec49d04 666b9e97   N..W........fk..
0x00000110 (00272)   b369104e 96f40dba fc21efc9 7b4ff760   .i.N.....!..{O.`
0x00000120 (00288)   1bc1b289 cd915135 257925e5 281983f8   ......Q5%y%.(...
0x00000130 (00304)   388080a7 dc5c5720 1fa14715 4bb8f51e   8....\W ..G.K...
0x00000140 (00320)   939b195e bf068a91 88664bc7 f4a8190c   ...^.....fK.....
0x00000150 (00336)   c11bd0b3 f0015ec6 67aba4f5 ae121b91   ......^.g.......
0x00000160 (00352)                                         

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   5cd688c2 157524ea 9f80aa35 07951fea   \....u$....5....
0x00000100 (00256)   6224b366 4fe39d23 0893819c 813f07ea   b$.fO..#.....?..
0x00000110 (00272)   53d66f76 8962b354 d950eee3 9b3b4d91   S.ov.b.T.P...;M.
0x00000120 (00288)   d3ff4d86 c403f541 9517f997 5881feeb   ..M....A....X...
0x00000130 (00304)   ebd8b43d 3bdbea20 3ad219bb 73d954d4   ...=;.. :...s.T.
0x00000140 (00320)   a33bd89d 0a69fd33 39695c33 351ce275   .;...i.39i\35..u
0x00000150 (00336)   f06bf519 9dede915 f0196360 ebc67cfb   .k........c`..|.
0x00000160 (00352)   ba14f017 97b70b30 fc679c2d 3865cb14   .......0.g.-8e..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   5cd688c2 157524ea 9f80aa35 07951fea   \....u$....5....
0x00000100 (00256)   6224b366 4fe39d23 0893819c 813f07ea   b$.fO..#.....?..
0x00000110 (00272)   53d66f76 8962b354 d950eee3 9b3b4d91   S.ov.b.T.P...;M.
0x00000120 (00288)   d3ff4d86 c403f541 9517f997 5881feeb   ..M....A....X...
0x00000130 (00304)   ebd8b43d 3bdbea20 3ad219bb 73d954d4   ...=;.. :...s.T.
0x00000140 (00320)   a33bd89d 0a69fd33 39695c33 351ce275   .;...i.39i\35..u
0x00000150 (00336)   f06bf519 9dede915 f0196360 ebc67cfb   .k........c`..|.
0x00000160 (00352)   ba14f017 97b70b30 fc679c2d 3865cb14   .......0.g.-8e..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   603fed91 7d99ce65 f6f17117 131ae187   `?..}..e..q.....
0x00000100 (00256)   34c57bb1 e1bf4939 6345397a 54ea9ec2   4.{...I9cE9zT...
0x00000110 (00272)   7e3f39ed 97f9a9d6 0a4cc93a 29fe760e   ~?9......L.:).v.
0x00000120 (00288)   35c3baeb 74e2c777 115ad5c3 37eed99a   5...t..w.Z..7...
0x00000130 (00304)   1ec1f032 ca76cc3f d5928cee e03a74ac   ...2.v.?.....:t.
0x00000140 (00320)   c48418b3 5443e0f9 16e30aeb a3708494   ....TC.......p..
0x00000150 (00336)   c9c5f214 5382a7d7 b6f31028 6a8345a2   ....S......(j.E.
0x00000160 (00352)   45d238ef c078758b e5791f39 31222714   E.8..xu..y.91"'.
0x00000170 (00368)   03                                    .


Strings
 s`K
s<+K
@&+K
JRQQQ[
 7`K
 s`K
s.+K
sQ+K
 g`K
H%+K
#jif
 W^K
 ?^K
 /^K
 +^K
 O^K
 S^K
 +^K
 K^K
 [^K
 _^@
~H_:
|v,M
v'qn
(|"
5B @
Ph% @
PRFT
SSCL
CreateWindowExA
LoadCursorA
TranslateMessage
set waveaudio door open
LoadLibraryExA
user32.dll
mciSendStringA
Winmm.dll
r5Ht
user32.dll
GDI32.dll
Msacm32.dll
ADVAPI32.dll
IMM32.dll
kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
GetMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmStreamOpen
acmDriverPriority
####
#######
####
4,##########
#########
#####,
,######,
#####2
######2#
JC44K
xXMt7
#######2#J
########2,
2U{DY]]F
####
########2#CzzC2#
####
2222222222,R R
##,,,,######
2222222222#C%
,22#2222######
22222222222,
#2#############
22222222222<K
K#2#2###########
22222222222<
,222##2#########
22222222
,42222##2#######
i,42222222#######
i<22222222#######
222222222####
22222222222##
$$$$$$$$
222222222#
$$$$$$
$$$$,
dk<4
22222222
++$$
2222222
888888888&8&&
9=======))))))))))))))))pp)))
<$$$$$
9:::::::3>333W>>>33W>33333333>
******
m-------M
7-7M
o77on7-------E
*T11II11
:(((((-Mt
7-(-((-E
L((((((Z}
((((((E
1G;?????
-555555Zx
lZF5555F5XN
(555555Z}2
4DPKDP#4
F05550qN
5000000u~4Y
K~4YSKrRK
~0000060
4wjj
bg;T
0%%%%%%
`%%%%%
ubg^T
%%%%%%%%`ad
%Had
%%%%%%`
bg^T#
%%%%%%%%%BB%%%BB%HH%BB%HHHHH%H
H///////'''''''''''''''''''''/
.................f.
$&&&
&&&&&
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
%xn;
?I-3
(f;_
K!5m
[E3L
e( &
	=Z
;5Jj
*o0Z
-cJ,
jyjM
t	N