Analysis Date2017-07-14 12:12:12
MD5ff067416ca3ba0bc2fbbf314b1874606
SHA1cd4e5c9263c68d503aaf188b5b85377ac07b34e4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 791799c54171a5ebfbf278a4f374a193 sha1: 5db23bfcf3c863d5a8eec76d0673bbf559effeec size: 2560
Section.data md5: d447e459653b50488035fa0eeb73205e sha1: 247a07d59dfdeacbc7632ff820aeb5d980df6839 size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: 41e0574f20f21f653aa920261dd7710c sha1: 63a97f03e700c27b1faeb452a2c26c9a4e22c0f2 size: 1536
Section.reloc md5: sha1: size:
Section.rsrc md5: 3a5ce84acf065afa8eb57ef1e71c0c7b sha1: adb7311758780baa7404f91a4a32e4f346138407 size: 7680
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash2882965f02737a1b501e426c9c6b57a3
AV360 SafeNo Virus
AVAd-AwareTrojan.GenericKD.1416345
AVAlwil (avast)Crypt-QFY [Trj]
AVArcabit (arcavir)Trojan.GenericKD.1416345
AVAuthentiumW32/Trojan.RULM-9121
AVAvira (antivir)TR/Rogue.AI.11221
AVBitDefenderTrojan.GenericKD.1416345
AVBullGuardTrojan.GenericKD.1416345
AVCA (E-Trust Ino)Trojan.GenericKD.1416345
AVCAT (quickheal)TrojanDownloader.Upatre.A5
AVClamAVWin.Trojan.Agent-1123801
AVDr. WebTrojan.DownLoad3.28161
AVEmsisoftTrojan.GenericKD.1416345
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVF-SecureTrojan.GenericKD.1416345
AVFortinetW32/Zbot.HFQ!tr
AVFrisk (f-prot)W32/Trojan3.GPA
AVGrisoft (avg)Crypt2.BXXF
AVIkarusTrojan-Spy.Win32.Zbot
AVK7Trojan-Downloader ( 0040f6bd1 )
AVKasperskyTrojan-Downloader.Win32.Agent.hdsz
AVMalwareBytesTrojan.FakeMS.ED
AVMcafeePWSZbot-FMO!FF067416CA3B
AVMicroWorld (escan)Trojan.GenericKD.1416345
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVNANOTrojan.Win32.Agent.cqixup
AVPadvishError Scanning File
AVRisingError Scanning File
AVSUPERAntiSpywareTrojan.Agent/Gen-MulDrop
AVSymantecDownloader
AVTrend MicroTROJ_UPATRE.SMJ8
AVTwisterTrojanDldr.Waski.A.rmgu
AVVirusBlokAda (vba32)TrojanDownloader.Agent
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Downloader.Agent.Win32.182483

Runtime Details:

Screenshot

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates FileC:\WINDOWS\system32\userenv.dll
Creates FileC:\WINDOWS\system32\userenv.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar6.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar8.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarA.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarC.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarE.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar10.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar12.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar14.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar16.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar18.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar20.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar22.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar24.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar26.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar28.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar30.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab31.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar32.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab31.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab31.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab31.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab33.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar34.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab33.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab33.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab33.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab35.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar36.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab35.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab35.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab35.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab37.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar38.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab37.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab37.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab37.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab39.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar3A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab39.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab39.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab39.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar3C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar3E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar40.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab41.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar42.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab41.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab41.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab41.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab43.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar44.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab43.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab43.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab43.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab45.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar46.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab45.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab45.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab45.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab47.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar48.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab47.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab47.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab47.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab49.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab49.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab49.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab49.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar50.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab4F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab51.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar52.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab51.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab51.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab51.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab53.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar54.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab53.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab53.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab53.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab55.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar56.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab55.tmp

Process
↳ C:\cd4e5c9263c68d503aaf188b5b85377ac07b34e4.exe

Creates Filemciwave.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\cd4e5c9263c68d503aaf188b5b85377ac07b34e4.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe ➝
budha\\x00

Network Details:


Raw Pcap
0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   f74a4a84 976b7ff1 44bb5e2a d10d824a   .JJ..k..D.^*...J
0x00000100 (00256)   57f590f0 8268513b 9a83cb5b 09aa42e1   W....hQ;...[..B.
0x00000110 (00272)   6becc66b 3059d0e5 2ee8c8dd f852ef25   k..k0Y.......R.%
0x00000120 (00288)   3e6a2a87 09a47cac c472466a 492c0587   >j*...|..rFjI,..
0x00000130 (00304)   f18dd5ca 8ba189ae 742cd7fa 45abd590   ........t,..E...
0x00000140 (00320)   316c7b0f 0f26                         1l{..&

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   f74a4a84 976b7ff1 44bb5e2a d10d824a   .JJ..k..D.^*...J
0x00000100 (00256)   57f590f0 8268513b 9a83cb5b 09aa42e1   W....hQ;...[..B.
0x00000110 (00272)   6becc66b 3059d0e5 2ee8c8dd f852ef25   k..k0Y.......R.%
0x00000120 (00288)   3e6a2a87 09a47cac c472466a 492c0587   >j*...|..rFjI,..
0x00000130 (00304)   f18dd5ca 8ba189ae 742cd7fa 45abd590   ........t,..E...
0x00000140 (00320)   316c7b0f 0f26                         1l{..&

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   3e660dcd b23d8877 b32c3cbf 620f46a7   >f...=.w.,<.b.F.
0x00000100 (00256)   75b806cb 740c844c 6369d3a2 2c9d7a13   u...t..Lci..,.z.
0x00000110 (00272)   c6eee998 42be6f3f 72b1b6dd 15285fbb   ....B.o?r....(_.
0x00000120 (00288)   efeb17e0 5387c24f 1a8901ab 48fed626   ....S..O....H..&
0x00000130 (00304)   07863de9 9267e15d 73e5e2c3 fad7cec8   ..=..g.]s.......
0x00000140 (00320)   be712f90 c1453617 d8924587 ccacd00c   .q/..E6...E.....
0x00000150 (00336)   b8f43c7c 8e011a2a f07f5f4a 19bf56c0   ..<|...*.._J..V.
0x00000160 (00352)   aa36371e f8a78e5a 646c9a7a 65824914   .67....Zdl.ze.I.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   3e660dcd b23d8877 b32c3cbf 620f46a7   >f...=.w.,<.b.F.
0x00000100 (00256)   75b806cb 740c844c 6369d3a2 2c9d7a13   u...t..Lci..,.z.
0x00000110 (00272)   c6eee998 42be6f3f 72b1b6dd 15285fbb   ....B.o?r....(_.
0x00000120 (00288)   efeb17e0 5387c24f 1a8901ab 48fed626   ....S..O....H..&
0x00000130 (00304)   07863de9 9267e15d 73e5e2c3 fad7cec8   ..=..g.]s.......
0x00000140 (00320)   be712f90 c1453617 d8924587 ccacd00c   .q/..E6...E.....
0x00000150 (00336)   b8f43c7c 8e011a2a f07f5f4a 19bf56c0   ..<|...*.._J..V.
0x00000160 (00352)   aa36371e f8a78e5a 646c9a7a 65824914   .67....Zdl.ze.I.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   f468678f 421b4c09 8b68b1bf a1b1df35   .hg.B.L..h.....5
0x00000100 (00256)   9f0d65d5 9da3b808 307d7e43 7af817af   ..e.....0}~Cz...
0x00000110 (00272)   30e260be 94c4fb5f 8cbfc1f5 ae2d       0.`...._.....-

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   f468678f 421b4c09 8b68b1bf a1b1df35   .hg.B.L..h.....5
0x00000100 (00256)   9f0d65d5 9da3b808 307d7e43 7af817af   ..e.....0}~Cz...
0x00000110 (00272)   30e260be 94c4fb5f 8cbfc1f5 ae2d       0.`...._.....-

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   9f27aa1f faa0d78a 748472f3 e374aaf5   .'......t.r..t..
0x00000100 (00256)   618849                                a.I

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   9f27aa1f faa0d78a 748472f3 e374aaf5   .'......t.r..t..
0x00000100 (00256)   618849                                a.I

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cafa1b0a d51d3e7f beb782c6 97060714   ......>.........
0x00000100 (00256)   9451cc31 197cb6fb ec5ae5df 88694826   .Q.1.|...Z...iH&
0x00000110 (00272)   80355a37 6245a5e5 a47153c5 31ef0e6b   .5Z7bE...qS.1..k
0x00000120 (00288)   8551b58f 8282d98d 6cfa1be2 c25fa23f   .Q......l...._.?
0x00000130 (00304)   2620fb81 951cf210 02b254e0 4155b721   & ........T.AU.!
0x00000140 (00320)   87a84771 abdf0b14 3f5f0d80 b1dc6841   ..Gq....?_....hA
0x00000150 (00336)   94d99649 6c2f9ea3 6e0544c1 722bebe2   ...Il/..n.D.r+..
0x00000160 (00352)                                         

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   5043065f ff7f                         PC._..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   c2199cc8 b6592dea 4d41fbc3 75964630   .....Y-.MA..u.F0
0x00000100 (00256)   fa70af03 35ba41ac 8f638659 e524d553   .p..5.A..c.Y.$.S
0x00000110 (00272)   b53b0cdc c6ec3bdb e4cfd302 20a5d4ce   .;....;..... ...
0x00000120 (00288)   86b0e1b7 d635ce5f 40d2a5b7 68a76486   .....5._@...h.d.
0x00000130 (00304)   185f95a2 9efd086b fd2c0486 4c3b4710   ._.....k.,..L;G.
0x00000140 (00320)   d3b02ac8 3c92c9b1 bfc3ba33 4c0fbbb6   ..*.<......3L...
0x00000150 (00336)   3aa9eeeb 67f02313 05befccc ce2d4e47   :...g.#......-NG
0x00000160 (00352)   ea83fe57 7abb5625 a075934f 4f37bd14   ...Wz.V%.u.OO7..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   c2199cc8 b6592dea 4d41fbc3 75964630   .....Y-.MA..u.F0
0x00000100 (00256)   fa70af03 35ba41ac 8f638659 e524d553   .p..5.A..c.Y.$.S
0x00000110 (00272)   b53b0cdc c6ec3bdb e4cfd302 20a5d4ce   .;....;..... ...
0x00000120 (00288)   86b0e1b7 d635ce5f 40d2a5b7 68a76486   .....5._@...h.d.
0x00000130 (00304)   185f95a2 9efd086b fd2c0486 4c3b4710   ._.....k.,..L;G.
0x00000140 (00320)   d3b02ac8 3c92c9b1 bfc3ba33 4c0fbbb6   ..*.<......3L...
0x00000150 (00336)   3aa9eeeb 67f02313 05befccc ce2d4e47   :...g.#......-NG
0x00000160 (00352)   ea83fe57 7abb5625 a075934f 4f37bd14   ...Wz.V%.u.OO7..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   5462b0f6 dc935d4e 1a4961f9 cff4c4b8   Tb....]N.Ia.....
0x00000100 (00256)   48fa178e 66aaa163 24eef5c5 feafef55   H...f..c$......U
0x00000110 (00272)   5d0e6e8f 8661a21f 8423b66c 2bfb837a   ].n..a...#.l+..z
0x00000120 (00288)   606a5752 315ea683 24434c01 c77bb2de   `jWR1^..$CL..{..
0x00000130 (00304)   e3f2a78b ab13bac5 a8d44523 49da05b7   ..........E#I...
0x00000140 (00320)   9cd9684a 820213bc 66570d8f 4c3acfb4   ..hJ....fW..L:..
0x00000150 (00336)   28e082a1 8d9e34db 28c10fab 75afe03b   (.....4.(...u..;
0x00000160 (00352)   12dbef2c c9a79fa7 9c35da25 1120e314   ...,.....5.%. ..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   5462b0f6 dc935d4e 1a4961f9 cff4c4b8   Tb....]N.Ia.....
0x00000100 (00256)   48fa178e 66aaa163 24eef5c5 feafef55   H...f..c$......U
0x00000110 (00272)   5d0e6e8f 8661a21f 8423b66c 2bfb837a   ].n..a...#.l+..z
0x00000120 (00288)   606a5752 315ea683 24434c01 c77bb2de   `jWR1^..$CL..{..
0x00000130 (00304)   e3f2a78b ab13bac5 a8d44523 49da05b7   ..........E#I...
0x00000140 (00320)   9cd9684a 820213bc 66570d8f 4c3acfb4   ..hJ....fW..L:..
0x00000150 (00336)   28e082a1 8d9e34db 28c10fab 75afe03b   (.....4.(...u..;
0x00000160 (00352)   12dbef2c c9a79fa7 9c35da25 1120e314   ...,.....5.%. ..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   6938fe06 ef525c58 e8e36e09 8c94a97c   i8...R\X..n....|
0x00000100 (00256)   cb844302 a87ea508 5a43ae20 8bb7fa7b   ..C..~..ZC. ...{
0x00000110 (00272)   aab5616b 377351d5 756b2fa5 049ca01c   ..ak7sQ.uk/.....
0x00000120 (00288)   748a4a68 0acbae94 f4c94658 8f549993   t.Jh......FX.T..
0x00000130 (00304)   2ff12a4c 0dc678de 5fa768b6 eed4       /.*L..x._.h...

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   6938fe06 ef525c58 e8e36e09 8c94a97c   i8...R\X..n....|
0x00000100 (00256)   cb844302 a87ea508 5a43ae20 8bb7fa7b   ..C..~..ZC. ...{
0x00000110 (00272)   aab5616b 377351d5 756b2fa5 049ca01c   ..ak7sQ.uk/.....
0x00000120 (00288)   748a4a68 0acbae94 f4c94658 8f549993   t.Jh......FX.T..
0x00000130 (00304)   2ff12a4c 0dc678de 5fa768b6 eed4       /.*L..x._.h...

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cb2f8146 bf968fb0 eca8e740 38242bed   ./.F.......@8$+.
0x00000100 (00256)   5a53855f 61d68b13 74755a77 82639ae0   ZS._a...tuZw.c..
0x00000110 (00272)   7cafcf86 c11a5f62 a4f33079 5a47d768   |....._b..0yZG.h
0x00000120 (00288)   a151d984 83ba6f35 4ffbb736 46e1a4c9   .Q....o5O..6F...
0x00000130 (00304)   4cf1b41f 37f76e17 c2a819d4 d924af4d   L...7.n......$.M
0x00000140 (00320)   485f2d97 d70f9461 26059023 f2613331   H_-....a&..#.a31
0x00000150 (00336)   c04050e9 69a3c581 235f17d0 f82262f9   .@P.i...#_..."b.
0x00000160 (00352)   717cda61 499cfb96 c717eec6 acba5614   q|.aI.........V.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cb2f8146 bf968fb0 eca8e740 38242bed   ./.F.......@8$+.
0x00000100 (00256)   5a53855f 61d68b13 74755a77 82639ae0   ZS._a...tuZw.c..
0x00000110 (00272)   7cafcf86 c11a5f62 a4f33079 5a47d768   |....._b..0yZG.h
0x00000120 (00288)   a151d984 83ba6f35 4ffbb736 46e1a4c9   .Q....o5O..6F...
0x00000130 (00304)   4cf1b41f 37f76e17 c2a819d4 d924af4d   L...7.n......$.M
0x00000140 (00320)   485f2d97 d70f9461 26059023 f2613331   H_-....a&..#.a31
0x00000150 (00336)   c04050e9 69a3c581 235f17d0 f82262f9   .@P.i...#_..."b.
0x00000160 (00352)   717cda61 499cfb96 c717eec6 acba5614   q|.aI.........V.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   f543f196 3c022e2a 30e46d1d d509a6cf   .C..<..*0.m.....
0x00000100 (00256)   6e20e750 a4331d61 4e97e07b f2994647   n .P.3.aN..{..FG
0x00000110 (00272)   05924a5a 9e38a129 ac32f46a f35ffd5a   ..JZ.8.).2.j._.Z
0x00000120 (00288)   bf844ade ed3b1611 14f11c56 bfbd89d9   ..J..;.....V....
0x00000130 (00304)   15d21e37 5db28535 98f06691 def936d4   ...7]..5..f...6.
0x00000140 (00320)   596b72eb eef2960b 7fc5a615 589b608d   Ykr.........X.`.
0x00000150 (00336)   506d57b7 a0adb1f7 12fa7f3a 57634547   PmW........:WcEG
0x00000160 (00352)   dee7998e cfe92769 9baecbb6 edfa9614   ......'i........
0x00000170 (00368)   03                                    .


Strings
 s`K
s<+K
@&+K
JRQQQ[
 7`K
 s`K
s.+K
sQ+K
 g`K
H%+K
#jif
 W^K
 ?^K
 /^K
 +^K
 O^K
 S^K
 +^K
 K^K
 [^K
 _^@
~H_:
|v,M
v'qn
(|"
5B @
Ph% @
PRFT
SSCL
CreateWindowExA
LoadCursorA
TranslateMessage
set waveaudio door open
LoadLibraryExA
user32.dll
mciSendStringA
Winmm.dll
r5Ht
user32.dll
GDI32.dll
Msacm32.dll
ADVAPI32.dll
IMM32.dll
kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
GetMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmStreamOpen
acmDriverPriority
####
#######
####
4,##########
#########
#####,
,######,
#####2
######2#
JC44K
xXMt7
#######2#J
########2,
2U{DY]]F
####
########2#CzzC2#
####
2222222222,R R
##,,,,######
2222222222#C%
,22#2222######
22222222222,
#2#############
22222222222<K
K#2#2###########
22222222222<
,222##2#########
22222222
,42222##2#######
i,42222222#######
i<22222222#######
222222222####
22222222222##
$$$$$$$$
222222222#
$$$$$$
$$$$,
dk<4
22222222
++$$
2222222
888888888&8&&
9=======))))))))))))))))pp)))
<$$$$$
9:::::::3>333W>>>33W>33333333>
******
m-------M
7-7M
o77on7-------E
*T11II11
:(((((-Mt
7-(-((-E
L((((((Z}
((((((E
1G;?????
-555555Zx
lZF5555F5XN
(555555Z}2
4DPKDP#4
F05550qN
5000000u~4Y
K~4YSKrRK
~0000060
4wjj
bg;T
0%%%%%%
`%%%%%
ubg^T
%%%%%%%%`ad
%Had
%%%%%%`
bg^T#
%%%%%%%%%BB%%%BB%HH%BB%HHHHH%H
H///////'''''''''''''''''''''/
.................f.
$&&&
&&&&&
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
%xn;
?I-3
(f;_
K!5m
[E3L
e( &
	=Z
;5Jj
*o0Z
-cJ,
jyjM
t	N