API tools faq
paste
Advertisement
paladin316

02m.json

paladin316
Jun 18th, 2019
1,446
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.40 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 2.3
  5.  
  6. [*] File Name: "02m"
  7. [*] File Size: 77824
  8. [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 09:56:09 2012, Create Time/Date: Fri Sep 21 09:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 11:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0"
  9. [*] SHA256: "780f9626deadfd727a536d19a6f007f1d0a6596b37d3ae5fe84058493f406b90"
  10. [*] MD5: "7b6fa7a319f4a061f99dc92e9a3c99f4"
  11. [*] SHA1: "8f719a045c05ba19c95363a28e140bd7dd1f3cf1"
  12. [*] SHA512: "a7aeec1301fb10825fefbc7abaeb5996d01cbe2de0363840102b4f186d6c2820767bb67f832b3a583031b1f59f13f5cc03d84db9d0d2e65e3ad8b467a4e51cc6"
  13. [*] CRC32: "30E3BDE6"
  14. [*] SSDEEP: "1536:NEVrMCKWIdOZ0g0nzpV9rGHq7v1x4Rca:NEVrMOI8Z0VnzpV8mv1xoc"
  15.  
  16. [*] Process Execution: [
  17. "cmd.exe",
  18. "rundll32.exe",
  19. "services.exe",
  20. "svchost.exe",
  21. "msiexec.exe",
  22. "GoogleUpdate.exe",
  23. "svchost.exe",
  24. "svchost.exe"
  25. ]
  26.  
  27. [*] Signatures Detected: [
  28. {
  29. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
  30. "Details": [
  31. {
  32. "IP": "172.217.164.195:443"
  33. }
  34. ]
  35. },
  36. {
  37. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
  38. "Details": [
  39. {
  40. "ioc": "http://crl.globalsign.net/root-r2.crl0"
  41. }
  42. ]
  43. },
  44. {
  45. "Description": "Performs some HTTP requests",
  46. "Details": [
  47. {
  48. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  49. },
  50. {
  51. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  52. },
  53. {
  54. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  55. },
  56. {
  57. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  58. },
  59. {
  60. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  61. },
  62. {
  63. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  64. },
  65. {
  66. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  67. },
  68. {
  69. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  70. },
  71. {
  72. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  73. },
  74. {
  75. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  76. },
  77. {
  78. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  79. },
  80. {
  81. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  82. },
  83. {
  84. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  85. },
  86. {
  87. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  88. },
  89. {
  90. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  91. },
  92. {
  93. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  94. },
  95. {
  96. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  97. },
  98. {
  99. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  100. },
  101. {
  102. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  103. },
  104. {
  105. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  106. },
  107. {
  108. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  109. },
  110. {
  111. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  112. },
  113. {
  114. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  115. }
  116. ]
  117. },
  118. {
  119. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  120. "Details": [
  121. {
  122. "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 4477871 times"
  123. }
  124. ]
  125. }
  126. ]
  127.  
  128. [*] Started Service: [
  129. "AppMgmt"
  130. ]
  131.  
  132. [*] Executed Commands: [
  133. "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Windows\\system32\\shell32.dll,OpenAs_RunDLL C:\\Users\\user\\AppData\\Local\\Temp\\02m",
  134. "C:\\Users\\user\\AppData\\Local\\Temp\\02m ",
  135. "C:\\Windows\\system32\\svchost.exe -k netsvcs",
  136. "C:\\Windows\\system32\\msiexec.exe /V",
  137. "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /svc",
  138. "C:\\Windows\\System32\\svchost.exe -k netsvcs"
  139. ]
  140.  
  141. [*] Mutexes: [
  142. "Local\\ZoneAttributeCacheCounterMutex",
  143. "Local\\ZonesCacheCounterMutex",
  144. "Local\\ZonesLockedCacheCounterMutex",
  145. "Global\\_MSIExecute",
  146. "Global\\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}",
  147. "Global\\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}",
  148. "Global\\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}",
  149. "Global\\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}"
  150. ]
  151.  
  152. [*] Modified Files: [
  153. "C:\\Windows\\Installer\\4ccbba.msi",
  154. "C:\\Windows\\Installer\\4ccbbb.msi",
  155. "\\??\\PIPE\\wkssvc",
  156. "\\??\\pipe\\GoogleCrashServices\\S-1-5-18",
  157. "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat",
  158. "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat",
  159. "\\??\\PIPE\\samr"
  160. ]
  161.  
  162. [*] Deleted Files: [
  163. "C:\\Windows\\Installer\\4ccbba.msi",
  164. "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}\\GoogleUpdateSetup.exe",
  165. "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}"
  166. ]
  167.  
  168. [*] Modified Registry Keys: [
  169. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
  170. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
  171. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
  172. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Type",
  173. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}",
  174. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}\\PersistedPingString",
  175. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}\\PersistedPingTime",
  176. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\pv",
  177. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\pv",
  178. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState",
  179. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue",
  180. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000_CLASSES\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
  181. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\proxy\\source",
  182. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\RollCallDayStartSec",
  183. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\DayOfLastRollCall",
  184. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\ping_freshness",
  185. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\(Default)",
  186. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\hint",
  187. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\name",
  188. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\LastCheckSuccess",
  189. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
  190. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ActivePingDayStartSec",
  191. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\RollCallDayStartSec",
  192. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastActivity",
  193. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastRollCall",
  194. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ping_freshness",
  195. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\(Default)",
  196. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\hint",
  197. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\name",
  198. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableCount",
  199. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableSince",
  200. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\LastChecked",
  201. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}",
  202. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}\\PersistedPingString",
  203. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}\\PersistedPingTime",
  204. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState",
  205. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadTimeRemainingMs",
  206. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadProgressPercent",
  207. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\StateValue",
  208. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Performance\\PerfMMFileName",
  209. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG",
  210. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK"
  211. ]
  212.  
  213. [*] Deleted Registry Keys: [
  214. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  215. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  216. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  217. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  218. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\uid",
  219. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\old-uid",
  220. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\tttoken",
  221. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableCount",
  222. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableSince",
  223. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
  224. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\tttoken"
  225. ]
  226.  
  227. [*] DNS Communications: []
  228.  
  229. [*] Domains: []
  230.  
  231. [*] Network Communication - ICMP: []
  232.  
  233. [*] Network Communication - HTTP: [
  234. {
  235. "count": 1,
  236. "body": "",
  237. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  238. "user-agent": "Microsoft-CryptoAPI/6.1",
  239. "method": "GET",
  240. "host": "ocsp.digicert.com",
  241. "version": "1.1",
  242. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  243. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  244. "port": 80
  245. },
  246. {
  247. "count": 1,
  248. "body": "",
  249. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  250. "user-agent": "Microsoft-CryptoAPI/6.1",
  251. "method": "GET",
  252. "host": "ocsp.digicert.com",
  253. "version": "1.1",
  254. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  255. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  256. "port": 80
  257. },
  258. {
  259. "count": 1,
  260. "body": "",
  261. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  262. "user-agent": "Microsoft-CryptoAPI/6.1",
  263. "method": "GET",
  264. "host": "ocsp.digicert.com",
  265. "version": "1.1",
  266. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  267. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  268. "port": 80
  269. },
  270. {
  271. "count": 1,
  272. "body": "",
  273. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  274. "user-agent": "Microsoft-CryptoAPI/6.1",
  275. "method": "GET",
  276. "host": "ocsp.pki.goog",
  277. "version": "1.1",
  278. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  279. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  280. "port": 80
  281. },
  282. {
  283. "count": 1,
  284. "body": "",
  285. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  286. "user-agent": "Microsoft-CryptoAPI/6.1",
  287. "method": "GET",
  288. "host": "ocsp.digicert.com",
  289. "version": "1.1",
  290. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  291. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  292. "port": 80
  293. },
  294. {
  295. "count": 1,
  296. "body": "",
  297. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  298. "user-agent": "Microsoft-CryptoAPI/6.1",
  299. "method": "GET",
  300. "host": "crl.microsoft.com",
  301. "version": "1.1",
  302. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  303. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  304. "port": 80
  305. },
  306. {
  307. "count": 1,
  308. "body": "",
  309. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  310. "user-agent": "Microsoft-CryptoAPI/6.1",
  311. "method": "GET",
  312. "host": "ocsp.comodoca.com",
  313. "version": "1.1",
  314. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  315. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  316. "port": 80
  317. },
  318. {
  319. "count": 1,
  320. "body": "",
  321. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  322. "user-agent": "Microsoft-CryptoAPI/6.1",
  323. "method": "GET",
  324. "host": "ocsp.pki.goog",
  325. "version": "1.1",
  326. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  327. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  328. "port": 80
  329. },
  330. {
  331. "count": 1,
  332. "body": "",
  333. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  334. "user-agent": "Microsoft-CryptoAPI/6.1",
  335. "method": "GET",
  336. "host": "ocsp.digicert.com",
  337. "version": "1.1",
  338. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  339. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  340. "port": 80
  341. },
  342. {
  343. "count": 1,
  344. "body": "",
  345. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  346. "user-agent": "Microsoft-CryptoAPI/6.1",
  347. "method": "GET",
  348. "host": "www.download.windowsupdate.com",
  349. "version": "1.1",
  350. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  351. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  352. "port": 80
  353. },
  354. {
  355. "count": 1,
  356. "body": "",
  357. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  358. "user-agent": "Microsoft-CryptoAPI/6.1",
  359. "method": "GET",
  360. "host": "crl.microsoft.com",
  361. "version": "1.1",
  362. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  363. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  364. "port": 80
  365. },
  366. {
  367. "count": 1,
  368. "body": "",
  369. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  370. "user-agent": "Microsoft-CryptoAPI/6.1",
  371. "method": "GET",
  372. "host": "ocsp.digicert.com",
  373. "version": "1.1",
  374. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  375. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  376. "port": 80
  377. },
  378. {
  379. "count": 1,
  380. "body": "",
  381. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  382. "user-agent": "Microsoft-CryptoAPI/6.1",
  383. "method": "GET",
  384. "host": "ocsp.digicert.com",
  385. "version": "1.1",
  386. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  387. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  388. "port": 80
  389. },
  390. {
  391. "count": 1,
  392. "body": "",
  393. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  394. "user-agent": "Microsoft-CryptoAPI/6.1",
  395. "method": "GET",
  396. "host": "ocsp.digicert.com",
  397. "version": "1.1",
  398. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  399. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  400. "port": 80
  401. },
  402. {
  403. "count": 1,
  404. "body": "",
  405. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  406. "user-agent": "Microsoft-CryptoAPI/6.1",
  407. "method": "GET",
  408. "host": "ocsp.pki.goog",
  409. "version": "1.1",
  410. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  411. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  412. "port": 80
  413. },
  414. {
  415. "count": 1,
  416. "body": "",
  417. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  418. "user-agent": "Microsoft-CryptoAPI/6.1",
  419. "method": "GET",
  420. "host": "ocsp.pki.goog",
  421. "version": "1.1",
  422. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  423. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  424. "port": 80
  425. },
  426. {
  427. "count": 1,
  428. "body": "",
  429. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  430. "user-agent": "Microsoft-CryptoAPI/6.1",
  431. "method": "GET",
  432. "host": "ocsp.digicert.com",
  433. "version": "1.1",
  434. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  435. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  436. "port": 80
  437. },
  438. {
  439. "count": 1,
  440. "body": "",
  441. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  442. "user-agent": "Microsoft-CryptoAPI/6.1",
  443. "method": "GET",
  444. "host": "ocsp.pki.goog",
  445. "version": "1.1",
  446. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  447. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  448. "port": 80
  449. },
  450. {
  451. "count": 1,
  452. "body": "",
  453. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  454. "user-agent": "Microsoft-CryptoAPI/6.1",
  455. "method": "GET",
  456. "host": "ocsp.msocsp.com",
  457. "version": "1.1",
  458. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  459. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  460. "port": 80
  461. },
  462. {
  463. "count": 1,
  464. "body": "",
  465. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  466. "user-agent": "Microsoft-CryptoAPI/6.1",
  467. "method": "GET",
  468. "host": "ocsp.thawte.com",
  469. "version": "1.1",
  470. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  471. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  472. "port": 80
  473. },
  474. {
  475. "count": 1,
  476. "body": "",
  477. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  478. "user-agent": "Microsoft-CryptoAPI/6.1",
  479. "method": "GET",
  480. "host": "ocsp.usertrust.com",
  481. "version": "1.1",
  482. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  483. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  484. "port": 80
  485. },
  486. {
  487. "count": 1,
  488. "body": "",
  489. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  490. "user-agent": "Microsoft-CryptoAPI/6.1",
  491. "method": "GET",
  492. "host": "th.symcd.com",
  493. "version": "1.1",
  494. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  495. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  496. "port": 80
  497. },
  498. {
  499. "count": 1,
  500. "body": "",
  501. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  502. "user-agent": "Microsoft-CryptoAPI/6.1",
  503. "method": "GET",
  504. "host": "ocsp.digicert.com",
  505. "version": "1.1",
  506. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  507. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  508. "port": 80
  509. },
  510. {
  511. "count": 1,
  512. "body": "",
  513. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  514. "user-agent": "Microsoft-CryptoAPI/6.1",
  515. "method": "GET",
  516. "host": "ocsp.digicert.com",
  517. "version": "1.1",
  518. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  519. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  520. "port": 80
  521. },
  522. {
  523. "count": 1,
  524. "body": "",
  525. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  526. "user-agent": "Microsoft-CryptoAPI/6.1",
  527. "method": "GET",
  528. "host": "ocsp.pki.goog",
  529. "version": "1.1",
  530. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  531. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  532. "port": 80
  533. },
  534. {
  535. "count": 1,
  536. "body": "",
  537. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  538. "user-agent": "Microsoft-CryptoAPI/6.1",
  539. "method": "GET",
  540. "host": "crl.microsoft.com",
  541. "version": "1.1",
  542. "path": "/pki/crl/products/microsoftrootcert.crl",
  543. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  544. "port": 80
  545. }
  546. ]
  547.  
  548. [*] Network Communication - SMTP: []
  549.  
  550. [*] Network Communication - Hosts: []
  551.  
  552. [*] Network Communication - IRC: []
  553.  
  554. [*] Static Analysis: {}
  555.  
  556. [*] Resolved APIs: [
  557. "shell32.dll.ShellExecuteExW",
  558. "ole32.dll.OleInitialize",
  559. "cryptbase.dll.SystemFunction036",
  560. "uxtheme.dll.ThemeInitApiHook",
  561. "user32.dll.IsProcessDPIAware",
  562. "ole32.dll.CreateBindCtx",
  563. "ole32.dll.CoTaskMemAlloc",
  564. "propsys.dll.PSCreateMemoryPropertyStore",
  565. "propsys.dll.PSPropertyBag_WriteDWORD",
  566. "ole32.dll.CoGetApartmentType",
  567. "ole32.dll.CoRegisterInitializeSpy",
  568. "ole32.dll.CoTaskMemFree",
  569. "comctl32.dll.#236",
  570. "oleaut32.dll.#6",
  571. "ole32.dll.CoGetMalloc",
  572. "propsys.dll.PSPropertyBag_ReadDWORD",
  573. "comctl32.dll.#320",
  574. "ole32.dll.StringFromGUID2",
  575. "comctl32.dll.#324",
  576. "comctl32.dll.#323",
  577. "advapi32.dll.RegEnumKeyW",
  578. "oleaut32.dll.#2",
  579. "propsys.dll.PSPropertyBag_ReadBSTR",
  580. "propsys.dll.PSPropertyBag_ReadStrAlloc",
  581. "shell32.dll.#102",
  582. "advapi32.dll.OpenThreadToken",
  583. "ole32.dll.CoInitializeEx",
  584. "ole32.dll.CoCreateInstance",
  585. "advapi32.dll.InitializeSecurityDescriptor",
  586. "advapi32.dll.SetEntriesInAclW",
  587. "ntmarta.dll.GetMartaExtensionInterface",
  588. "advapi32.dll.SetSecurityDescriptorDacl",
  589. "advapi32.dll.IsTextUnicode",
  590. "comctl32.dll.#328",
  591. "comctl32.dll.#334",
  592. "comctl32.dll.#332",
  593. "comctl32.dll.#338",
  594. "ole32.dll.CoUninitialize",
  595. "sechost.dll.ConvertSidToStringSidW",
  596. "profapi.dll.#104",
  597. "propsys.dll.#417",
  598. "ole32.dll.PropVariantClear",
  599. "oleaut32.dll.#9",
  600. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
  601. "comctl32.dll.#339",
  602. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
  603. "comctl32.dll.#386",
  604. "advapi32.dll.RegQueryValueW",
  605. "apphelp.dll.ApphelpCheckShellObject",
  606. "propsys.dll.#430",
  607. "advapi32.dll.RegOpenKeyExW",
  608. "advapi32.dll.RegGetValueW",
  609. "advapi32.dll.RegCloseKey",
  610. "ole32.dll.CoTaskMemRealloc",
  611. "ole32.dll.CoAllowSetForegroundWindow",
  612. "advapi32.dll.InstallApplication",
  613. "oleaut32.dll.#500",
  614. "kernel32.dll.InitializeSRWLock",
  615. "kernel32.dll.AcquireSRWLockExclusive",
  616. "kernel32.dll.AcquireSRWLockShared",
  617. "kernel32.dll.ReleaseSRWLockExclusive",
  618. "kernel32.dll.ReleaseSRWLockShared",
  619. "shell32.dll.SHGetFolderPathW",
  620. "advapi32.dll.SaferGetPolicyInformation",
  621. "sfc.dll.SfcIsFileProtected",
  622. "ntdll.dll.RtlDllShutdownInProgress",
  623. "comctl32.dll.#329",
  624. "ole32.dll.OleUninitialize",
  625. "ole32.dll.CoRevokeInitializeSpy",
  626. "comctl32.dll.#388",
  627. "kernelbase.dll.SetThreadStackGuarantee",
  628. "ole32.dll.CoInitializeSecurity",
  629. "sechost.dll.LookupAccountNameLocalW",
  630. "advapi32.dll.LookupAccountSidW",
  631. "sechost.dll.LookupAccountSidLocalW",
  632. "kernel32.dll.SortGetHandle",
  633. "kernel32.dll.SortCloseHandle",
  634. "appmgmts.dll.ServiceMain",
  635. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  636. "shell32.dll.OpenAs_RunDLLW",
  637. "dwmapi.dll.DwmIsCompositionEnabled",
  638. "comctl32.dll.InitCommonControlsEx",
  639. "uxtheme.dll.EnableThemeDialogTexture",
  640. "comctl32.dll.RegisterClassNameW",
  641. "uxtheme.dll.OpenThemeData",
  642. "uxtheme.dll.GetThemeBool",
  643. "uxtheme.dll.IsThemePartDefined",
  644. "uxtheme.dll.GetThemePartSize",
  645. "uxtheme.dll.GetThemeFont",
  646. "uxtheme.dll.GetThemeColor",
  647. "imm32.dll.ImmIsIME",
  648. "uxtheme.dll.CloseThemeData",
  649. "uxtheme.dll.GetThemeTextExtent",
  650. "gdi32.dll.GetLayout",
  651. "gdi32.dll.GdiRealizationInfo",
  652. "gdi32.dll.FontIsLinked",
  653. "advapi32.dll.RegQueryInfoKeyW",
  654. "gdi32.dll.GetTextFaceAliasW",
  655. "advapi32.dll.RegEnumValueW",
  656. "advapi32.dll.RegQueryValueExW",
  657. "gdi32.dll.GetFontAssocStatus",
  658. "advapi32.dll.RegQueryValueExA",
  659. "advapi32.dll.RegEnumKeyExW",
  660. "uxtheme.dll.GetThemeMargins",
  661. "gdi32.dll.GetTextExtentExPointWPri",
  662. "comctl32.dll.ImageList_CoCreateInstance",
  663. "windowscodecs.dll.WICCreateImagingFactory_Proxy",
  664. "shlwapi.dll.PathRemoveFileSpecW",
  665. "lpk.dll.LpkEditControl",
  666. "kernel32.dll.HeapSetInformation",
  667. "advapi32.dll.CheckTokenMembership",
  668. "kernel32.dll.GetSystemWindowsDirectoryW",
  669. "kernel32.dll.CreateWaitableTimerW",
  670. "kernel32.dll.SetWaitableTimer",
  671. "ole32.dll.CLSIDFromOle1Class",
  672. "clbcatq.dll.GetCatalogObject",
  673. "clbcatq.dll.GetCatalogObject2",
  674. "cryptsp.dll.CryptAcquireContextW",
  675. "cryptsp.dll.CryptGenRandom",
  676. "ole32.dll.NdrOleInitializeExtension",
  677. "ole32.dll.CoGetClassObject",
  678. "ole32.dll.CoGetMarshalSizeMax",
  679. "ole32.dll.CoMarshalInterface",
  680. "ole32.dll.CoUnmarshalInterface",
  681. "ole32.dll.StringFromIID",
  682. "ole32.dll.CoGetPSClsid",
  683. "ole32.dll.CoReleaseMarshalData",
  684. "ole32.dll.DcomChannelSetHResult",
  685. "msi.dll.QueryInstanceCount",
  686. "kernel32.dll.CancelWaitableTimer",
  687. "msi.dll.DllGetClassObject",
  688. "msi.dll.DllCanUnloadNow",
  689. "ole32.dll.CoGetCallContext",
  690. "rpcrt4.dll.I_RpcBindingInqLocalClientPID",
  691. "userenv.dll.CreateEnvironmentBlock",
  692. "userenv.dll.DestroyEnvironmentBlock",
  693. "kernel32.dll.GetThreadPreferredUILanguages",
  694. "ntdll.dll.WinSqmIsOptedIn",
  695. "kernel32.dll.WTSGetActiveConsoleSessionId",
  696. "ole32.dll.CoInitialize",
  697. "netapi32.dll.NetGetJoinInformation",
  698. "netapi32.dll.NetApiBufferFree",
  699. "shlwapi.dll.UrlIsW",
  700. "ole32.dll.StgOpenStorage",
  701. "kernel32.dll.GetFileAttributesExW",
  702. "advapi32.dll.CreateWellKnownSid",
  703. "advapi32.dll.SaferCreateLevel",
  704. "advapi32.dll.SaferCloseLevel",
  705. "apphelp.dll.SdbInitDatabase",
  706. "apphelp.dll.SdbFindFirstMsiPackage_Str",
  707. "apphelp.dll.SdbReleaseDatabase",
  708. "version.dll.GetFileVersionInfoSizeW",
  709. "version.dll.GetFileVersionInfoW",
  710. "version.dll.VerQueryValueW",
  711. "mscoree.dll.GetCORSystemDirectory",
  712. "kernel32.dll.SetThreadExecutionState",
  713. "sfc.dll.SfcIsKeyProtected",
  714. "kernel32.dll.FlsAlloc",
  715. "kernel32.dll.FlsSetValue",
  716. "kernel32.dll.FlsGetValue",
  717. "kernel32.dll.LCMapStringEx",
  718. "kernel32.dll.InitializeCriticalSectionEx",
  719. "kernel32.dll.FlsFree",
  720. "kernel32.dll.InitOnceExecuteOnce",
  721. "kernel32.dll.CreateEventExW",
  722. "kernel32.dll.CreateSemaphoreW",
  723. "kernel32.dll.CreateSemaphoreExW",
  724. "kernel32.dll.CreateThreadpoolTimer",
  725. "kernel32.dll.SetThreadpoolTimer",
  726. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
  727. "kernel32.dll.CloseThreadpoolTimer",
  728. "kernel32.dll.CreateThreadpoolWait",
  729. "kernel32.dll.SetThreadpoolWait",
  730. "kernel32.dll.CloseThreadpoolWait",
  731. "kernel32.dll.FlushProcessWriteBuffers",
  732. "kernel32.dll.FreeLibraryWhenCallbackReturns",
  733. "kernel32.dll.GetCurrentProcessorNumber",
  734. "kernel32.dll.CreateSymbolicLinkW",
  735. "kernel32.dll.GetTickCount64",
  736. "kernel32.dll.GetFileInformationByHandleEx",
  737. "kernel32.dll.SetFileInformationByHandle",
  738. "kernel32.dll.InitializeConditionVariable",
  739. "kernel32.dll.WakeConditionVariable",
  740. "kernel32.dll.WakeAllConditionVariable",
  741. "kernel32.dll.SleepConditionVariableCS",
  742. "kernel32.dll.TryAcquireSRWLockExclusive",
  743. "kernel32.dll.SleepConditionVariableSRW",
  744. "kernel32.dll.CreateThreadpoolWork",
  745. "kernel32.dll.SubmitThreadpoolWork",
  746. "kernel32.dll.CloseThreadpoolWork",
  747. "kernel32.dll.CompareStringEx",
  748. "kernel32.dll.GetLocaleInfoEx",
  749. "goopdate.dll.DllEntry",
  750. "kernel32.dll.RtlCaptureStackBackTrace",
  751. "wkscli.dll.NetWkstaGetInfo",
  752. "cscapi.dll.CscNetApiGetInterface",
  753. "kernel32.dll.CreateMutexExW",
  754. "dbghelp.dll.MiniDumpWriteDump",
  755. "rpcrt4.dll.UuidCreate",
  756. "psmachine.dll.DllGetClassObject",
  757. "psmachine.dll.DllCanUnloadNow",
  758. "advapi32.dll.RegOpenKeyW",
  759. "ntdll.dll.RtlGetVersion",
  760. "kernel32.dll.GetNativeSystemInfo",
  761. "winhttp.dll.WinHttpAddRequestHeaders",
  762. "winhttp.dll.WinHttpCheckPlatform",
  763. "winhttp.dll.WinHttpCloseHandle",
  764. "winhttp.dll.WinHttpConnect",
  765. "winhttp.dll.WinHttpCrackUrl",
  766. "winhttp.dll.WinHttpCreateUrl",
  767. "winhttp.dll.WinHttpDetectAutoProxyConfigUrl",
  768. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  769. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  770. "winhttp.dll.WinHttpGetProxyForUrl",
  771. "winhttp.dll.WinHttpOpen",
  772. "winhttp.dll.WinHttpOpenRequest",
  773. "winhttp.dll.WinHttpQueryAuthSchemes",
  774. "winhttp.dll.WinHttpQueryDataAvailable",
  775. "winhttp.dll.WinHttpQueryHeaders",
  776. "winhttp.dll.WinHttpQueryOption",
  777. "winhttp.dll.WinHttpReadData",
  778. "winhttp.dll.WinHttpReceiveResponse",
  779. "winhttp.dll.WinHttpSendRequest",
  780. "winhttp.dll.WinHttpSetDefaultProxyConfiguration",
  781. "winhttp.dll.WinHttpSetCredentials",
  782. "winhttp.dll.WinHttpSetOption",
  783. "winhttp.dll.WinHttpSetStatusCallback",
  784. "winhttp.dll.WinHttpSetTimeouts",
  785. "winhttp.dll.WinHttpWriteData",
  786. "shlwapi.dll.StrCmpNW",
  787. "shlwapi.dll.#153",
  788. "ws2_32.dll.GetAddrInfoW",
  789. "ws2_32.dll.WSASocketW",
  790. "ws2_32.dll.#2",
  791. "ws2_32.dll.#21",
  792. "ws2_32.dll.#9",
  793. "ws2_32.dll.WSAIoctl",
  794. "ws2_32.dll.FreeAddrInfoW",
  795. "ws2_32.dll.#6",
  796. "ws2_32.dll.#5",
  797. "schannel.dll.SpUserModeInitialize",
  798. "advapi32.dll.RegCreateKeyExW",
  799. "ws2_32.dll.WSASend",
  800. "ws2_32.dll.WSARecv",
  801. "advapi32.dll.RevertToSelf",
  802. "secur32.dll.FreeContextBuffer",
  803. "ncrypt.dll.SslOpenProvider",
  804. "ncrypt.dll.GetSChannelInterface",
  805. "bcryptprimitives.dll.GetHashInterface",
  806. "ncrypt.dll.SslIncrementProviderReferenceCount",
  807. "ncrypt.dll.SslImportKey",
  808. "bcryptprimitives.dll.GetCipherInterface",
  809. "ncrypt.dll.SslLookupCipherSuiteInfo",
  810. "user32.dll.LoadStringW",
  811. "ncrypt.dll.BCryptOpenAlgorithmProvider",
  812. "ncrypt.dll.BCryptGetProperty",
  813. "ncrypt.dll.BCryptCreateHash",
  814. "ncrypt.dll.BCryptHashData",
  815. "ncrypt.dll.BCryptFinishHash",
  816. "ncrypt.dll.BCryptDestroyHash",
  817. "crypt32.dll.CertGetCertificateChain",
  818. "userenv.dll.GetUserProfileDirectoryW",
  819. "sechost.dll.ConvertStringSidToSidW",
  820. "userenv.dll.RegisterGPNotification",
  821. "gpapi.dll.RegisterGPNotificationInternal",
  822. "sechost.dll.OpenSCManagerW",
  823. "sechost.dll.OpenServiceW",
  824. "sechost.dll.CloseServiceHandle",
  825. "sechost.dll.QueryServiceConfigW",
  826. "winsta.dll.WinStationRegisterNotificationEvent",
  827. "rpcrt4.dll.RpcStringBindingComposeW",
  828. "rpcrt4.dll.RpcBindingFromStringBindingW",
  829. "rpcrt4.dll.RpcStringFreeW",
  830. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
  831. "rpcrt4.dll.RpcAsyncInitializeHandle",
  832. "rpcrt4.dll.NdrClientCall2",
  833. "rpcrt4.dll.NdrAsyncClientCall",
  834. "cryptsp.dll.CryptAcquireContextA",
  835. "cryptsp.dll.CryptCreateHash",
  836. "cryptsp.dll.CryptHashData",
  837. "cryptsp.dll.CryptVerifySignatureA",
  838. "cryptsp.dll.CryptDestroyKey",
  839. "cryptsp.dll.CryptDestroyHash",
  840. "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
  841. "ncrypt.dll.BCryptImportKeyPair",
  842. "ncrypt.dll.BCryptVerifySignature",
  843. "ncrypt.dll.BCryptDestroyKey",
  844. "crypt32.dll.CertVerifyCertificateChainPolicy",
  845. "crypt32.dll.CertFreeCertificateChain",
  846. "crypt32.dll.CertDuplicateCertificateContext",
  847. "ncrypt.dll.SslEncryptPacket",
  848. "ncrypt.dll.SslDecryptPacket",
  849. "winsta.dll.WinStationEnumerateW",
  850. "rpcrt4.dll.I_RpcExceptionFilter",
  851. "rpcrt4.dll.RpcBindingFree",
  852. "winsta.dll.WinStationFreeMemory",
  853. "winsta.dll.WinStationQueryInformationW",
  854. "qmgr.dll.ServiceMain",
  855. "ws2_32.dll.#115",
  856. "ws2_32.dll.#111",
  857. "bitsigd.dll.InitializeEx",
  858. "upnp.dll.DllGetClassObject",
  859. "upnp.dll.DllCanUnloadNow",
  860. "rpcrt4.dll.RpcStringBindingComposeA",
  861. "rpcrt4.dll.RpcBindingFromStringBindingA",
  862. "rpcrt4.dll.RpcStringFreeA",
  863. "rpcrt4.dll.NdrClientCall3",
  864. "oleaut32.dll.DllGetClassObject",
  865. "oleaut32.dll.DllCanUnloadNow",
  866. "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
  867. "oleaut32.dll.BSTR_UserSize",
  868. "oleaut32.dll.BSTR_UserMarshal",
  869. "oleaut32.dll.BSTR_UserUnmarshal",
  870. "oleaut32.dll.BSTR_UserFree",
  871. "oleaut32.dll.VARIANT_UserSize",
  872. "oleaut32.dll.VARIANT_UserMarshal",
  873. "oleaut32.dll.VARIANT_UserUnmarshal",
  874. "oleaut32.dll.VARIANT_UserFree",
  875. "oleaut32.dll.LPSAFEARRAY_UserSize",
  876. "oleaut32.dll.LPSAFEARRAY_UserMarshal",
  877. "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
  878. "oleaut32.dll.LPSAFEARRAY_UserFree",
  879. "advapi32.dll.LogonUserW",
  880. "sspicli.dll.LogonUserExExW",
  881. "wtsapi32.dll.WTSQueryUserToken",
  882. "wtsapi32.dll.WTSEnumerateSessionsW",
  883. "wtsapi32.dll.WTSFreeMemory",
  884. "advapi32.dll.QueryAllTracesW",
  885. "vssapi.dll.CreateWriter",
  886. "advapi32.dll.LookupAccountNameW",
  887. "samcli.dll.NetLocalGroupGetMembers",
  888. "samlib.dll.SamConnect",
  889. "samlib.dll.SamOpenDomain",
  890. "samlib.dll.SamLookupNamesInDomain",
  891. "samlib.dll.SamOpenAlias",
  892. "samlib.dll.SamFreeMemory",
  893. "samlib.dll.SamCloseHandle",
  894. "samlib.dll.SamGetMembersInAlias",
  895. "netutils.dll.NetApiBufferFree",
  896. "samlib.dll.SamEnumerateDomainsInSamServer",
  897. "samlib.dll.SamLookupDomainInSamServer",
  898. "ole32.dll.CoCreateGuid",
  899. "ole32.dll.StringFromCLSID",
  900. "oleaut32.dll.#4",
  901. "oleaut32.dll.#7",
  902. "propsys.dll.VariantToPropVariant",
  903. "ole32.dll.CoRegisterClassObject",
  904. "iphlpapi.dll.GetAdaptersAddresses"
  905. ]
  906.  
  907. [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!