Analysis Date2017-07-12 15:58:22
MD5eaac65737bbbf18c6d921c6cee2633f2
SHA1cf3463b4b1e7e1460b2ef682f36e5c0992126b9c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 791799c54171a5ebfbf278a4f374a193 sha1: 5db23bfcf3c863d5a8eec76d0673bbf559effeec size: 2560
Section.data md5: d447e459653b50488035fa0eeb73205e sha1: 247a07d59dfdeacbc7632ff820aeb5d980df6839 size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: 41e0574f20f21f653aa920261dd7710c sha1: 63a97f03e700c27b1faeb452a2c26c9a4e22c0f2 size: 1536
Section.reloc md5: sha1: size:
Section.rsrc md5: 3a5ce84acf065afa8eb57ef1e71c0c7b sha1: adb7311758780baa7404f91a4a32e4f346138407 size: 7680
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash2882965f02737a1b501e426c9c6b57a3
AV360 SafeNo Virus
AVAd-AwareTrojan.GenericKD.1416345
AVAlwil (avast)Crypt-QFY [Trj]
AVArcabit (arcavir)Trojan.GenericKD.1416345
AVAuthentiumW32/Trojan.RULM-9121
AVAvira (antivir)TR/Rogue.AI.11221
AVBitDefenderTrojan.GenericKD.1416345
AVBullGuardTrojan.GenericKD.1416345
AVCA (E-Trust Ino)Trojan.GenericKD.1416345
AVCAT (quickheal)TrojanDownloader.Upatre.A5
AVClamAVWin.Trojan.Agent-1123801
AVDr. WebTrojan.DownLoad3.28161
AVEmsisoftTrojan.GenericKD.1416345
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVF-SecureTrojan.GenericKD.1416345
AVFortinetW32/Zbot.HFQ!tr
AVFrisk (f-prot)W32/Trojan3.GPA
AVGrisoft (avg)Crypt2.BXXF
AVIkarusTrojan-Spy.Win32.Zbot
AVK7Trojan-Downloader ( 0040f6bd1 )
AVKasperskyTrojan-Downloader.Win32.Agent.hdsz
AVMalwareBytesTrojan.FakeMS.ED
AVMcafeePWSZbot-FMO!EAAC65737BBB
AVMicroWorld (escan)Trojan.GenericKD.1416345
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Agent.cqixup
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Dropper
AVSymantecDownloader
AVTrend MicroTROJ_UPATRE.SMJ8
AVTwisterTrojanDldr.Waski.A.rmgu
AVVirusBlokAda (vba32)TrojanDownloader.Agent
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Downloader.Agent.Win32.182483

Runtime Details:

Screenshot

Process
↳ C:\cf3463b4b1e7e1460b2ef682f36e5c0992126b9c.exe

Creates Filemciwave.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\cf3463b4b1e7e1460b2ef682f36e5c0992126b9c.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe ➝
budha\\x00

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates FileC:\WINDOWS\system32\userenv.dll
Creates FileC:\WINDOWS\system32\userenv.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar6.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar8.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarA.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarC.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarE.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar10.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar12.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab11.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar14.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab13.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar16.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab15.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar18.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab17.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab19.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar1E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1D.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar20.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1F.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar22.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab21.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar24.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab23.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar26.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab25.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar28.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab27.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2A.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab29.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2C.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2B.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2E.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab2D.tmp

Network Details:


Raw Pcap
0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   0c07494e 65745369 6d311430 12060355   ..INetSim1.0...U
0x00000100 (00256)   040b0c0b 44657665 6c6f706d 656e7431   ....Development1
0x00000110 (00272)   14301206 03550403 0c0b696e 65747369   .0...U....inetsi
0x00000120 (00288)   6d2e6f72 67308201 22300d06 092a8648   m.org0.."0...*.H
0x00000130 (00304)   86f70d01 010105                       .......

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   3a853274 23fb6e6f 3cc82560 c423fbb3   :.2t#.no<.%`.#..
0x00000100 (00256)   4dffa88d ef49d4ec 9042537a deed713a   M....I...BSz..q:
0x00000110 (00272)   a20f6698 aac15357 9971d296 50cbfa60   ..f...SW.q..P..`
0x00000120 (00288)   978eb2b8 1db56dfb 40033464 726952c1   ......m.@.4driR.
0x00000130 (00304)   2b7dafb6 2b64c4fa 6de279ed 2ad6a379   +}..+d..m.y.*..y
0x00000140 (00320)   782c97e2 c303b13a d061244f ee3d7df2   x,.....:.a$O.=}.
0x00000150 (00336)   9350c9da dcfd14c0 9a1b0c08 4a799cff   .P..........Jy..
0x00000160 (00352)   eccef6b2 b0528e12 694134b0 edd16714   .....R..iA4...g.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   3a853274 23fb6e6f 3cc82560 c423fbb3   :.2t#.no<.%`.#..
0x00000100 (00256)   4dffa88d ef49d4ec 9042537a deed713a   M....I...BSz..q:
0x00000110 (00272)   a20f6698 aac15357 9971d296 50cbfa60   ..f...SW.q..P..`
0x00000120 (00288)   978eb2b8 1db56dfb 40033464 726952c1   ......m.@.4driR.
0x00000130 (00304)   2b7dafb6 2b64c4fa 6de279ed 2ad6a379   +}..+d..m.y.*..y
0x00000140 (00320)   782c97e2 c303b13a d061244f ee3d7df2   x,.....:.a$O.=}.
0x00000150 (00336)   9350c9da dcfd14c0 9a1b0c08 4a799cff   .P..........Jy..
0x00000160 (00352)   eccef6b2 b0528e12 694134b0 edd16714   .....R..iA4...g.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   a79b46ff a2648a89 c325266c 9604ff2c   ..F..d...%&l...,
0x00000100 (00256)   2871e3d6 750b3759 0e69bef9 9e4f6084   (q..u.7Y.i...O`.
0x00000110 (00272)   114b9f7b 50fa62de 08c81def 68853820   .K.{P.b.....h.8 
0x00000120 (00288)   4a91e7ec b6cf5837 2b575e9a ed19e345   J.....X7+W^....E
0x00000130 (00304)   017ac078 b26b03f7 b0b9e5bd ab4ec355   .z.x.k.......N.U
0x00000140 (00320)   6c5d975a c06d52e9 538b0744 9a963563   l].Z.mR.S..D..5c
0x00000150 (00336)   cd1cd8b6 9c9a9214 03                  .........

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   a79b46ff a2648a89 c325266c 9604ff2c   ..F..d...%&l...,
0x00000100 (00256)   2871e3d6 750b3759 0e69bef9 9e4f6084   (q..u.7Y.i...O`.
0x00000110 (00272)   114b9f7b 50fa62de 08c81def 68853820   .K.{P.b.....h.8 
0x00000120 (00288)   4a91e7ec b6cf5837 2b575e9a ed19e345   J.....X7+W^....E
0x00000130 (00304)   017ac078 b26b03f7 b0b9e5bd ab4ec355   .z.x.k.......N.U
0x00000140 (00320)   6c5d975a c06d52e9 538b0744 9a963563   l].Z.mR.S..D..5c
0x00000150 (00336)   cd1cd8b6 9c9a9214 03                  .........

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   67f4a42d 411002cb 230a0b4a 42e46fd4   g..-A...#..JB.o.
0x00000100 (00256)   b7954422 58de592a d5a7cab0 edea1cc2   ..D"X.Y*........
0x00000110 (00272)   b312e8a5 c892b2cc 92d6eb40 9f745b0a   ...........@.t[.
0x00000120 (00288)   665eded7 1fc33383 09a4abd5 dbd20917   f^....3.........
0x00000130 (00304)   3e542b32 f2a91ba9 1f97c6              >T+2.......

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   67f4a42d 411002cb 230a0b4a 42e46fd4   g..-A...#..JB.o.
0x00000100 (00256)   b7954422 58de592a d5a7cab0 edea1cc2   ..D"X.Y*........
0x00000110 (00272)   b312e8a5 c892b2cc 92d6eb40 9f745b0a   ...........@.t[.
0x00000120 (00288)   665eded7 1fc33383 09a4abd5 dbd20917   f^....3.........
0x00000130 (00304)   3e542b32 f2a91ba9 1f97c6              >T+2.......

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   7bf999e8 c7b26a60 0a08b26a 3be633c5   {.....j`...j;.3.
0x00000100 (00256)   eb7672d4 158e4ae9 55216364 66f4e504   .vr...J.U!cdf...
0x00000110 (00272)   a17253f6 429c82ff fe545c15 5a2b83fb   .rS.B....T\.Z+..
0x00000120 (00288)   02b0123c 2b4b2a96 6f3f2ba6 988fe915   ...<+K*.o?+.....
0x00000130 (00304)   6f183f3c dde39e0f 2bf217d5 75b109d3   o.?<....+...u...
0x00000140 (00320)   0164382b aa564dc2 35d1c32e 648eae94   .d8+.VM.5...d...
0x00000150 (00336)   3d6a503b d5d2dbf2 b67d42e5 91fb7fc7   =jP;.....}B.....
0x00000160 (00352)   806e31b8 b9d1b998 5e3a4663 ae0acd14   .n1.....^:Fc....
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   7bf999e8 c7b26a60 0a08b26a 3be633c5   {.....j`...j;.3.
0x00000100 (00256)   eb7672d4 158e4ae9 55216364 66f4e504   .vr...J.U!cdf...
0x00000110 (00272)   a17253f6 429c82ff fe545c15 5a2b83fb   .rS.B....T\.Z+..
0x00000120 (00288)   02b0123c 2b4b2a96 6f3f2ba6 988fe915   ...<+K*.o?+.....
0x00000130 (00304)   6f183f3c dde39e0f 2bf217d5 75b109d3   o.?<....+...u...
0x00000140 (00320)   0164382b aa564dc2 35d1c32e 648eae94   .d8+.VM.5...d...
0x00000150 (00336)   3d6a503b d5d2dbf2 b67d42e5 91fb7fc7   =jP;.....}B.....
0x00000160 (00352)   806e31b8 b9d1b998 5e3a4663 ae0acd14   .n1.....^:Fc....
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   a08fe4e5 5cbf753c 5c76b043 db065319   ....\.u<\v.C..S.
0x00000100 (00256)   e551ee08 53bf72c9 ad65c608 e2a70160   .Q..S.r..e.....`
0x00000110 (00272)   76f1574a 41276cfd 25b4cd82 5d3e9c61   v.WJA'l.%...]>.a
0x00000120 (00288)   cf479fd6 99aa73ca b7b41e93 f6a4e14e   .G....s........N
0x00000130 (00304)   039470b8 c73f93c6 336f917f 843e1ceb   ..p..?..3o...>..
0x00000140 (00320)   5ea4bdf8 db88efe7 c8e9af03 56e9c5f9   ^...........V...
0x00000150 (00336)   5b55e43d 9ace0d4f 271f7177 bb83fb49   [U.=...O'.qw...I
0x00000160 (00352)   4c832d58 5eb388a8 df2a4db2 41456414   L.-X^....*M.AEd.
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   30f60693 ff7f                         0.....

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cb988629 8c4055f1 b5bf6022 0c1b302d   ...).@U...`"..0-
0x00000100 (00256)   136b77ce 1f518220 24ec3eb7 82c0dcc6   .kw..Q. $.>.....
0x00000110 (00272)   28b03517 a69efdb5 4362f9c7 6bf1b633   (.5.....Cb..k..3
0x00000120 (00288)   c0e7f529 4bbf5730 2be2aef5 9945862e   ...)K.W0+....E..
0x00000130 (00304)   fae9d366 09813e5f b4c86a47 02644cce   ...f..>_..jG.dL.
0x00000140 (00320)   7ecba3f1 c7ba341d 8c8d2282 711caf61   ~.....4...".q..a
0x00000150 (00336)   c76c256e 0dd9ffd2 46c1a0cf 94452563   .l%n....F....E%c
0x00000160 (00352)   f5b1902c aaf1f24a 54afaab5 db85a114   ...,...JT.......
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   cb988629 8c4055f1 b5bf6022 0c1b302d   ...).@U...`"..0-
0x00000100 (00256)   136b77ce 1f518220 24ec3eb7 82c0dcc6   .kw..Q. $.>.....
0x00000110 (00272)   28b03517 a69efdb5 4362f9c7 6bf1b633   (.5.....Cb..k..3
0x00000120 (00288)   c0e7f529 4bbf5730 2be2aef5 9945862e   ...)K.W0+....E..
0x00000130 (00304)   fae9d366 09813e5f b4c86a47 02644cce   ...f..>_..jG.dL.
0x00000140 (00320)   7ecba3f1 c7ba341d 8c8d2282 711caf61   ~.....4...".q..a
0x00000150 (00336)   c76c256e 0dd9ffd2 46c1a0cf 94452563   .l%n....F....E%c
0x00000160 (00352)   f5b1902c aaf1f24a 54afaab5 db85a114   ...,...JT.......
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   da05388d 49b99036 2238ddba 1654c525   ..8.I..6"8...T.%
0x00000100 (00256)   19768d36 17f7da5f f8bd781f b1eabbcf   .v.6..._..x.....
0x00000110 (00272)   febbddbe 0f2df703 b890df08 7666c808   .....-......vf..
0x00000120 (00288)   9d6d6cf5 d5a75110 69995a9f 7f942d0f   .ml...Q.i.Z...-.
0x00000130 (00304)   43f89a59 c3c8c9a7 793fb91d a02bd794   C..Y....y?...+..
0x00000140 (00320)   2ff40e09 ddc47b8d 9cb8943a 43b258de   /.....{....:C.X.
0x00000150 (00336)   232b8c65 e5ac64d6 2fb75aaf cf3ba057   #+.e..d./.Z..;.W
0x00000160 (00352)   f53b                                  .;

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   da05388d 49b99036 2238ddba 1654c525   ..8.I..6"8...T.%
0x00000100 (00256)   19768d36 17f7da5f f8bd781f b1eabbcf   .v.6..._..x.....
0x00000110 (00272)   febbddbe 0f2df703 b890df08 7666c808   .....-......vf..
0x00000120 (00288)   9d6d6cf5 d5a75110 69995a9f 7f942d0f   .ml...Q.i.Z...-.
0x00000130 (00304)   43f89a59 c3c8c9a7 793fb91d a02bd794   C..Y....y?...+..
0x00000140 (00320)   2ff40e09 ddc47b8d 9cb8943a 43b258de   /.....{....:C.X.
0x00000150 (00336)   232b8c65 e5ac64d6 2fb75aaf cf3ba057   #+.e..d./.Z..;.W
0x00000160 (00352)   f53b                                  .;

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   05399e8f c593dd8e bb7f49dd c787a2b6   .9........I.....
0x00000100 (00256)   13724b52 9e4fc7b4 f55282b0 31ab0660   .rKR.O...R..1..`
0x00000110 (00272)   8c63dba0 14196ad4 f4b70ac6 daab76fa   .c....j.......v.
0x00000120 (00288)   a95ebd90 547b7220 f2fc5c95 5a471138   .^..T{r ..\.ZG.8
0x00000130 (00304)   581b888e 9269d426 ddfd25fe 63169598   X....i.&..%.c...
0x00000140 (00320)   699e9ce8 55fcc0a4 67e1a47b cfa252e4   i...U...g..{..R.
0x00000150 (00336)   25ce7ff0 4aa52044 57c15d48 b994faf5   %...J. DW.]H....
0x00000160 (00352)   4cdd97e2 b16979a6 2bdac38e 7c7bd514   L....iy.+...|{..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   05399e8f c593dd8e bb7f49dd c787a2b6   .9........I.....
0x00000100 (00256)   13724b52 9e4fc7b4 f55282b0 31ab0660   .rKR.O...R..1..`
0x00000110 (00272)   8c63dba0 14196ad4 f4b70ac6 daab76fa   .c....j.......v.
0x00000120 (00288)   a95ebd90 547b7220 f2fc5c95 5a471138   .^..T{r ..\.ZG.8
0x00000130 (00304)   581b888e 9269d426 ddfd25fe 63169598   X....i.&..%.c...
0x00000140 (00320)   699e9ce8 55fcc0a4 67e1a47b cfa252e4   i...U...g..{..R.
0x00000150 (00336)   25ce7ff0 4aa52044 57c15d48 b994faf5   %...J. DW.]H....
0x00000160 (00352)   4cdd97e2 b16979a6 2bdac38e 7c7bd514   L....iy.+...|{..
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   b7f84af4 3a94355c 29049f9e 84de2438   ..J.:.5\).....$8
0x00000100 (00256)   85b8d07e ef118598 b7e04204 beac22cf   ...~......B...".
0x00000110 (00272)   a46a2fe9 30279d65 62d03a16 29074aa1   .j/.0'.eb.:.).J.
0x00000120 (00288)   db3c0fb9 ede20af2 5c6b5c16 40727648   .<......\k\.@rvH
0x00000130 (00304)   58cb9130 35a9162f c17d590d 4cdef407   X..05../.}Y.L...
0x00000140 (00320)   7e69e210 ac0ba003 2d21a73d 45a2c189   ~i......-!.=E...
0x00000150 (00336)   a9da4fe2 cef17850 c10edade 825aee2f   ..O...xP.....Z./
0x00000160 (00352)   5d096672 2a5a6b77 cff7cc0d c9765d14   ].fr*Zkw.....v].
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   b7f84af4 3a94355c 29049f9e 84de2438   ..J.:.5\).....$8
0x00000100 (00256)   85b8d07e ef118598 b7e04204 beac22cf   ...~......B...".
0x00000110 (00272)   a46a2fe9 30279d65 62d03a16 29074aa1   .j/.0'.eb.:.).J.
0x00000120 (00288)   db3c0fb9 ede20af2 5c6b5c16 40727648   .<......\k\.@rvH
0x00000130 (00304)   58cb9130 35a9162f c17d590d 4cdef407   X..05../.}Y.L...
0x00000140 (00320)   7e69e210 ac0ba003 2d21a73d 45a2c189   ~i......-!.=E...
0x00000150 (00336)   a9da4fe2 cef17850 c10edade 825aee2f   ..O...xP.....Z./
0x00000160 (00352)   5d096672 2a5a6b77 cff7cc0d c9765d14   ].fr*Zkw.....v].
0x00000170 (00368)   03                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 74736571 2e747874 20485454   hrootseq.txt HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   38cd4046 e9c2f05f f304276d 5b4f751d   8.@F..._..'m[Ou.
0x00000100 (00256)   d71148fa e6e14bd4 066d8d89 435df26b   ..H...K..m..C].k
0x00000110 (00272)   f3abb922 586e72a1 8a9cccd5 821dfd7e   ..."Xnr........~
0x00000120 (00288)   ae9bb6fc 64ba6196 e0c5665a 7f9f32bc   ....d.a...fZ..2.
0x00000130 (00304)   d9590fec 6d895398 e5baa634 c210703f   .Y..m.S....4..p?
0x00000140 (00320)   acdba36c 37aa5b15 ed6fa820 6ccd33b6   ...l7.[..o. l.3.
0x00000150 (00336)   54ceb8bc 64cd44c8 6d894e1e 3996c2e0   T...d.D.m.N.9...
0x00000160 (00352)   12ff4dfa 70a3aa64 ca5f34f4 70e8b814   ..M.p..d._4.p...
0x00000170 (00368)   03                                    .

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 332f7374 61746963   update/v3/static
0x00000020 (00032)   2f747275 73746564 722f656e 2f617574   /trustedr/en/aut
0x00000030 (00048)   68726f6f 7473746c 2e636162 20485454   hrootstl.cab HTT
0x00000040 (00064)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000050 (00080)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000060 (00096)   4d696372 6f736f66 742d4372 7970746f   Microsoft-Crypto
0x00000070 (00112)   4150492f 352e3133 312e3236 30302e35   API/5.131.2600.5
0x00000080 (00128)   3531320d 0a486f73 743a2077 77772e64   512..Host: www.d
0x00000090 (00144)   6f776e6c 6f61642e 77696e64 6f777375   ownload.windowsu
0x000000a0 (00160)   70646174 652e636f 6d0d0a43 6f6e6e65   pdate.com..Conne
0x000000b0 (00176)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000c0 (00192)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000d0 (00208)   3a206e6f 2d636163 68650d0a 50726167   : no-cache..Prag
0x000000e0 (00224)   6d613a20 6e6f2d63 61636865 0d0a0d0a   ma: no-cache....
0x000000f0 (00240)   38cd4046 e9c2f05f f304276d 5b4f751d   8.@F..._..'m[Ou.
0x00000100 (00256)   d71148fa e6e14bd4 066d8d89 435df26b   ..H...K..m..C].k
0x00000110 (00272)   f3abb922 586e72a1 8a9cccd5 821dfd7e   ..."Xnr........~
0x00000120 (00288)   ae9bb6fc 64ba6196 e0c5665a 7f9f32bc   ....d.a...fZ..2.
0x00000130 (00304)   d9590fec 6d895398 e5baa634 c210703f   .Y..m.S....4..p?
0x00000140 (00320)   acdba36c 37aa5b15 ed6fa820 6ccd33b6   ...l7.[..o. l.3.
0x00000150 (00336)   54ceb8bc 64cd44c8 6d894e1e 3996c2e0   T...d.D.m.N.9...
0x00000160 (00352)   12ff4dfa 70a3aa64 ca5f34f4 70e8b814   ..M.p..d._4.p...
0x00000170 (00368)   03                                    .


Strings
 s`K
s<+K
@&+K
JRQQQ[
 7`K
 s`K
s.+K
sQ+K
 g`K
H%+K
#jif
 W^K
 ?^K
 /^K
 +^K
 O^K
 S^K
 +^K
 K^K
 [^K
 _^@
~H_:
|v,M
v'qn
(|"
5B @
Ph% @
PRFT
SSCL
CreateWindowExA
LoadCursorA
TranslateMessage
set waveaudio door open
LoadLibraryExA
user32.dll
mciSendStringA
Winmm.dll
r5Ht
user32.dll
GDI32.dll
Msacm32.dll
ADVAPI32.dll
IMM32.dll
kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
GetMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmStreamOpen
acmDriverPriority
####
#######
####
4,##########
#########
#####,
,######,
#####2
######2#
JC44K
xXMt7
#######2#J
########2,
2U{DY]]F
####
########2#CzzC2#
####
2222222222,R R
##,,,,######
2222222222#C%
,22#2222######
22222222222,
#2#############
22222222222<K
K#2#2###########
22222222222<
,222##2#########
22222222
,42222##2#######
i,42222222#######
i<22222222#######
222222222####
22222222222##
$$$$$$$$
222222222#
$$$$$$
$$$$,
dk<4
22222222
++$$
2222222
888888888&8&&
9=======))))))))))))))))pp)))
<$$$$$
9:::::::3>333W>>>33W>33333333>
******
m-------M
7-7M
o77on7-------E
*T11II11
:(((((-Mt
7-(-((-E
L((((((Z}
((((((E
1G;?????
-555555Zx
lZF5555F5XN
(555555Z}2
4DPKDP#4
F05550qN
5000000u~4Y
K~4YSKrRK
~0000060
4wjj
bg;T
0%%%%%%
`%%%%%
ubg^T
%%%%%%%%`ad
%Had
%%%%%%`
bg^T#
%%%%%%%%%BB%%%BB%HH%BB%HHHHH%H
H///////'''''''''''''''''''''/
.................f.
$&&&
&&&&&
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
%xn;
?I-3
(f;_
K!5m
[E3L
e( &
	=Z
;5Jj
*o0Z
-cJ,
jyjM
t	N