SHARE
TWEET

02m.json

paladin316 Jun 18th, 2019 64 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 2.3
  5.  
  6. [*] File Name: "02m"
  7. [*] File Size: 77824
  8. [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 09:56:09 2012, Create Time/Date: Fri Sep 21 09:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 11:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0"
  9. [*] SHA256: "780f9626deadfd727a536d19a6f007f1d0a6596b37d3ae5fe84058493f406b90"
  10. [*] MD5: "7b6fa7a319f4a061f99dc92e9a3c99f4"
  11. [*] SHA1: "8f719a045c05ba19c95363a28e140bd7dd1f3cf1"
  12. [*] SHA512: "a7aeec1301fb10825fefbc7abaeb5996d01cbe2de0363840102b4f186d6c2820767bb67f832b3a583031b1f59f13f5cc03d84db9d0d2e65e3ad8b467a4e51cc6"
  13. [*] CRC32: "30E3BDE6"
  14. [*] SSDEEP: "1536:NEVrMCKWIdOZ0g0nzpV9rGHq7v1x4Rca:NEVrMOI8Z0VnzpV8mv1xoc"
  15.  
  16. [*] Process Execution: [
  17.     "cmd.exe",
  18.     "rundll32.exe",
  19.     "services.exe",
  20.     "svchost.exe",
  21.     "msiexec.exe",
  22.     "GoogleUpdate.exe",
  23.     "svchost.exe",
  24.     "svchost.exe"
  25. ]
  26.  
  27. [*] Signatures Detected: [
  28.     {
  29.         "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
  30.         "Details": [
  31.             {
  32.                 "IP": "172.217.164.195:443"
  33.             }
  34.         ]
  35.     },
  36.     {
  37.         "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
  38.         "Details": [
  39.             {
  40.                 "ioc": "http://crl.globalsign.net/root-r2.crl0"
  41.             }
  42.         ]
  43.     },
  44.     {
  45.         "Description": "Performs some HTTP requests",
  46.         "Details": [
  47.             {
  48.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  49.             },
  50.             {
  51.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  52.             },
  53.             {
  54.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  55.             },
  56.             {
  57.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  58.             },
  59.             {
  60.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  61.             },
  62.             {
  63.                 "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  64.             },
  65.             {
  66.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  67.             },
  68.             {
  69.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  70.             },
  71.             {
  72.                 "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  73.             },
  74.             {
  75.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  76.             },
  77.             {
  78.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  79.             },
  80.             {
  81.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  82.             },
  83.             {
  84.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  85.             },
  86.             {
  87.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  88.             },
  89.             {
  90.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  91.             },
  92.             {
  93.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  94.             },
  95.             {
  96.                 "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  97.             },
  98.             {
  99.                 "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  100.             },
  101.             {
  102.                 "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  103.             },
  104.             {
  105.                 "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  106.             },
  107.             {
  108.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  109.             },
  110.             {
  111.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  112.             },
  113.             {
  114.                 "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  115.             }
  116.         ]
  117.     },
  118.     {
  119.         "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  120.         "Details": [
  121.             {
  122.                 "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 4477871 times"
  123.             }
  124.         ]
  125.     }
  126. ]
  127.  
  128. [*] Started Service: [
  129.     "AppMgmt"
  130. ]
  131.  
  132. [*] Executed Commands: [
  133.     "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Windows\\system32\\shell32.dll,OpenAs_RunDLL C:\\Users\\user\\AppData\\Local\\Temp\\02m",
  134.     "C:\\Users\\user\\AppData\\Local\\Temp\\02m ",
  135.     "C:\\Windows\\system32\\svchost.exe -k netsvcs",
  136.     "C:\\Windows\\system32\\msiexec.exe /V",
  137.     "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /svc",
  138.     "C:\\Windows\\System32\\svchost.exe -k netsvcs"
  139. ]
  140.  
  141. [*] Mutexes: [
  142.     "Local\\ZoneAttributeCacheCounterMutex",
  143.     "Local\\ZonesCacheCounterMutex",
  144.     "Local\\ZonesLockedCacheCounterMutex",
  145.     "Global\\_MSIExecute",
  146.     "Global\\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}",
  147.     "Global\\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}",
  148.     "Global\\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}",
  149.     "Global\\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}"
  150. ]
  151.  
  152. [*] Modified Files: [
  153.     "C:\\Windows\\Installer\\4ccbba.msi",
  154.     "C:\\Windows\\Installer\\4ccbbb.msi",
  155.     "\\??\\PIPE\\wkssvc",
  156.     "\\??\\pipe\\GoogleCrashServices\\S-1-5-18",
  157.     "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat",
  158.     "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat",
  159.     "\\??\\PIPE\\samr"
  160. ]
  161.  
  162. [*] Deleted Files: [
  163.     "C:\\Windows\\Installer\\4ccbba.msi",
  164.     "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}\\GoogleUpdateSetup.exe",
  165.     "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}"
  166. ]
  167.  
  168. [*] Modified Registry Keys: [
  169.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
  170.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
  171.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
  172.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Type",
  173.     "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}",
  174.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}\\PersistedPingString",
  175.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{F6876FF4-890B-460F-ABA5-373BF3F7C431}\\PersistedPingTime",
  176.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\pv",
  177.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\pv",
  178.     "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState",
  179.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue",
  180.     "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000_CLASSES\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
  181.     "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\proxy\\source",
  182.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\RollCallDayStartSec",
  183.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\DayOfLastRollCall",
  184.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\ping_freshness",
  185.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\(Default)",
  186.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\hint",
  187.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\name",
  188.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\LastCheckSuccess",
  189.     "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
  190.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ActivePingDayStartSec",
  191.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\RollCallDayStartSec",
  192.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastActivity",
  193.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastRollCall",
  194.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ping_freshness",
  195.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\(Default)",
  196.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\hint",
  197.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\name",
  198.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableCount",
  199.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableSince",
  200.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\LastChecked",
  201.     "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}",
  202.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}\\PersistedPingString",
  203.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{EBD5EBAD-B617-4D66-B4FD-674E998319F9}\\PersistedPingTime",
  204.     "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState",
  205.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadTimeRemainingMs",
  206.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadProgressPercent",
  207.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\StateValue",
  208.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Performance\\PerfMMFileName",
  209.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG",
  210.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK"
  211. ]
  212.  
  213. [*] Deleted Registry Keys: [
  214.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  215.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  216.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  217.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  218.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\uid",
  219.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\old-uid",
  220.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\tttoken",
  221.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableCount",
  222.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableSince",
  223.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
  224.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\tttoken"
  225. ]
  226.  
  227. [*] DNS Communications: []
  228.  
  229. [*] Domains: []
  230.  
  231. [*] Network Communication - ICMP: []
  232.  
  233. [*] Network Communication - HTTP: [
  234.     {
  235.         "count": 1,
  236.         "body": "",
  237.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  238.         "user-agent": "Microsoft-CryptoAPI/6.1",
  239.         "method": "GET",
  240.         "host": "ocsp.digicert.com",
  241.         "version": "1.1",
  242.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  243.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  244.         "port": 80
  245.     },
  246.     {
  247.         "count": 1,
  248.         "body": "",
  249.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  250.         "user-agent": "Microsoft-CryptoAPI/6.1",
  251.         "method": "GET",
  252.         "host": "ocsp.digicert.com",
  253.         "version": "1.1",
  254.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  255.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  256.         "port": 80
  257.     },
  258.     {
  259.         "count": 1,
  260.         "body": "",
  261.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  262.         "user-agent": "Microsoft-CryptoAPI/6.1",
  263.         "method": "GET",
  264.         "host": "ocsp.digicert.com",
  265.         "version": "1.1",
  266.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  267.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  268.         "port": 80
  269.     },
  270.     {
  271.         "count": 1,
  272.         "body": "",
  273.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  274.         "user-agent": "Microsoft-CryptoAPI/6.1",
  275.         "method": "GET",
  276.         "host": "ocsp.pki.goog",
  277.         "version": "1.1",
  278.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  279.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  280.         "port": 80
  281.     },
  282.     {
  283.         "count": 1,
  284.         "body": "",
  285.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  286.         "user-agent": "Microsoft-CryptoAPI/6.1",
  287.         "method": "GET",
  288.         "host": "ocsp.digicert.com",
  289.         "version": "1.1",
  290.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  291.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  292.         "port": 80
  293.     },
  294.     {
  295.         "count": 1,
  296.         "body": "",
  297.         "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  298.         "user-agent": "Microsoft-CryptoAPI/6.1",
  299.         "method": "GET",
  300.         "host": "crl.microsoft.com",
  301.         "version": "1.1",
  302.         "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  303.         "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  304.         "port": 80
  305.     },
  306.     {
  307.         "count": 1,
  308.         "body": "",
  309.         "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  310.         "user-agent": "Microsoft-CryptoAPI/6.1",
  311.         "method": "GET",
  312.         "host": "ocsp.comodoca.com",
  313.         "version": "1.1",
  314.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  315.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  316.         "port": 80
  317.     },
  318.     {
  319.         "count": 1,
  320.         "body": "",
  321.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  322.         "user-agent": "Microsoft-CryptoAPI/6.1",
  323.         "method": "GET",
  324.         "host": "ocsp.pki.goog",
  325.         "version": "1.1",
  326.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  327.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  328.         "port": 80
  329.     },
  330.     {
  331.         "count": 1,
  332.         "body": "",
  333.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  334.         "user-agent": "Microsoft-CryptoAPI/6.1",
  335.         "method": "GET",
  336.         "host": "ocsp.digicert.com",
  337.         "version": "1.1",
  338.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  339.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  340.         "port": 80
  341.     },
  342.     {
  343.         "count": 1,
  344.         "body": "",
  345.         "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  346.         "user-agent": "Microsoft-CryptoAPI/6.1",
  347.         "method": "GET",
  348.         "host": "www.download.windowsupdate.com",
  349.         "version": "1.1",
  350.         "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  351.         "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  352.         "port": 80
  353.     },
  354.     {
  355.         "count": 1,
  356.         "body": "",
  357.         "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  358.         "user-agent": "Microsoft-CryptoAPI/6.1",
  359.         "method": "GET",
  360.         "host": "crl.microsoft.com",
  361.         "version": "1.1",
  362.         "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  363.         "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  364.         "port": 80
  365.     },
  366.     {
  367.         "count": 1,
  368.         "body": "",
  369.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  370.         "user-agent": "Microsoft-CryptoAPI/6.1",
  371.         "method": "GET",
  372.         "host": "ocsp.digicert.com",
  373.         "version": "1.1",
  374.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  375.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  376.         "port": 80
  377.     },
  378.     {
  379.         "count": 1,
  380.         "body": "",
  381.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  382.         "user-agent": "Microsoft-CryptoAPI/6.1",
  383.         "method": "GET",
  384.         "host": "ocsp.digicert.com",
  385.         "version": "1.1",
  386.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  387.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  388.         "port": 80
  389.     },
  390.     {
  391.         "count": 1,
  392.         "body": "",
  393.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  394.         "user-agent": "Microsoft-CryptoAPI/6.1",
  395.         "method": "GET",
  396.         "host": "ocsp.digicert.com",
  397.         "version": "1.1",
  398.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  399.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  400.         "port": 80
  401.     },
  402.     {
  403.         "count": 1,
  404.         "body": "",
  405.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  406.         "user-agent": "Microsoft-CryptoAPI/6.1",
  407.         "method": "GET",
  408.         "host": "ocsp.pki.goog",
  409.         "version": "1.1",
  410.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  411.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  412.         "port": 80
  413.     },
  414.     {
  415.         "count": 1,
  416.         "body": "",
  417.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  418.         "user-agent": "Microsoft-CryptoAPI/6.1",
  419.         "method": "GET",
  420.         "host": "ocsp.pki.goog",
  421.         "version": "1.1",
  422.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  423.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  424.         "port": 80
  425.     },
  426.     {
  427.         "count": 1,
  428.         "body": "",
  429.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  430.         "user-agent": "Microsoft-CryptoAPI/6.1",
  431.         "method": "GET",
  432.         "host": "ocsp.digicert.com",
  433.         "version": "1.1",
  434.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  435.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  436.         "port": 80
  437.     },
  438.     {
  439.         "count": 1,
  440.         "body": "",
  441.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  442.         "user-agent": "Microsoft-CryptoAPI/6.1",
  443.         "method": "GET",
  444.         "host": "ocsp.pki.goog",
  445.         "version": "1.1",
  446.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  447.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  448.         "port": 80
  449.     },
  450.     {
  451.         "count": 1,
  452.         "body": "",
  453.         "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  454.         "user-agent": "Microsoft-CryptoAPI/6.1",
  455.         "method": "GET",
  456.         "host": "ocsp.msocsp.com",
  457.         "version": "1.1",
  458.         "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  459.         "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  460.         "port": 80
  461.     },
  462.     {
  463.         "count": 1,
  464.         "body": "",
  465.         "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  466.         "user-agent": "Microsoft-CryptoAPI/6.1",
  467.         "method": "GET",
  468.         "host": "ocsp.thawte.com",
  469.         "version": "1.1",
  470.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  471.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  472.         "port": 80
  473.     },
  474.     {
  475.         "count": 1,
  476.         "body": "",
  477.         "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  478.         "user-agent": "Microsoft-CryptoAPI/6.1",
  479.         "method": "GET",
  480.         "host": "ocsp.usertrust.com",
  481.         "version": "1.1",
  482.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  483.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  484.         "port": 80
  485.     },
  486.     {
  487.         "count": 1,
  488.         "body": "",
  489.         "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  490.         "user-agent": "Microsoft-CryptoAPI/6.1",
  491.         "method": "GET",
  492.         "host": "th.symcd.com",
  493.         "version": "1.1",
  494.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  495.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  496.         "port": 80
  497.     },
  498.     {
  499.         "count": 1,
  500.         "body": "",
  501.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  502.         "user-agent": "Microsoft-CryptoAPI/6.1",
  503.         "method": "GET",
  504.         "host": "ocsp.digicert.com",
  505.         "version": "1.1",
  506.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  507.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  508.         "port": 80
  509.     },
  510.     {
  511.         "count": 1,
  512.         "body": "",
  513.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  514.         "user-agent": "Microsoft-CryptoAPI/6.1",
  515.         "method": "GET",
  516.         "host": "ocsp.digicert.com",
  517.         "version": "1.1",
  518.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  519.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  520.         "port": 80
  521.     },
  522.     {
  523.         "count": 1,
  524.         "body": "",
  525.         "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  526.         "user-agent": "Microsoft-CryptoAPI/6.1",
  527.         "method": "GET",
  528.         "host": "ocsp.pki.goog",
  529.         "version": "1.1",
  530.         "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  531.         "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  532.         "port": 80
  533.     },
  534.     {
  535.         "count": 1,
  536.         "body": "",
  537.         "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  538.         "user-agent": "Microsoft-CryptoAPI/6.1",
  539.         "method": "GET",
  540.         "host": "crl.microsoft.com",
  541.         "version": "1.1",
  542.         "path": "/pki/crl/products/microsoftrootcert.crl",
  543.         "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  544.         "port": 80
  545.     }
  546. ]
  547.  
  548. [*] Network Communication - SMTP: []
  549.  
  550. [*] Network Communication - Hosts: []
  551.  
  552. [*] Network Communication - IRC: []
  553.  
  554. [*] Static Analysis: {}
  555.  
  556. [*] Resolved APIs: [
  557.     "shell32.dll.ShellExecuteExW",
  558.     "ole32.dll.OleInitialize",
  559.     "cryptbase.dll.SystemFunction036",
  560.     "uxtheme.dll.ThemeInitApiHook",
  561.     "user32.dll.IsProcessDPIAware",
  562.     "ole32.dll.CreateBindCtx",
  563.     "ole32.dll.CoTaskMemAlloc",
  564.     "propsys.dll.PSCreateMemoryPropertyStore",
  565.     "propsys.dll.PSPropertyBag_WriteDWORD",
  566.     "ole32.dll.CoGetApartmentType",
  567.     "ole32.dll.CoRegisterInitializeSpy",
  568.     "ole32.dll.CoTaskMemFree",
  569.     "comctl32.dll.#236",
  570.     "oleaut32.dll.#6",
  571.     "ole32.dll.CoGetMalloc",
  572.     "propsys.dll.PSPropertyBag_ReadDWORD",
  573.     "comctl32.dll.#320",
  574.     "ole32.dll.StringFromGUID2",
  575.     "comctl32.dll.#324",
  576.     "comctl32.dll.#323",
  577.     "advapi32.dll.RegEnumKeyW",
  578.     "oleaut32.dll.#2",
  579.     "propsys.dll.PSPropertyBag_ReadBSTR",
  580.     "propsys.dll.PSPropertyBag_ReadStrAlloc",
  581.     "shell32.dll.#102",
  582.     "advapi32.dll.OpenThreadToken",
  583.     "ole32.dll.CoInitializeEx",
  584.     "ole32.dll.CoCreateInstance",
  585.     "advapi32.dll.InitializeSecurityDescriptor",
  586.     "advapi32.dll.SetEntriesInAclW",
  587.     "ntmarta.dll.GetMartaExtensionInterface",
  588.     "advapi32.dll.SetSecurityDescriptorDacl",
  589.     "advapi32.dll.IsTextUnicode",
  590.     "comctl32.dll.#328",
  591.     "comctl32.dll.#334",
  592.     "comctl32.dll.#332",
  593.     "comctl32.dll.#338",
  594.     "ole32.dll.CoUninitialize",
  595.     "sechost.dll.ConvertSidToStringSidW",
  596.     "profapi.dll.#104",
  597.     "propsys.dll.#417",
  598.     "ole32.dll.PropVariantClear",
  599.     "oleaut32.dll.#9",
  600.     "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
  601.     "comctl32.dll.#339",
  602.     "setupapi.dll.CM_Get_Device_Interface_List_ExW",
  603.     "comctl32.dll.#386",
  604.     "advapi32.dll.RegQueryValueW",
  605.     "apphelp.dll.ApphelpCheckShellObject",
  606.     "propsys.dll.#430",
  607.     "advapi32.dll.RegOpenKeyExW",
  608.     "advapi32.dll.RegGetValueW",
  609.     "advapi32.dll.RegCloseKey",
  610.     "ole32.dll.CoTaskMemRealloc",
  611.     "ole32.dll.CoAllowSetForegroundWindow",
  612.     "advapi32.dll.InstallApplication",
  613.     "oleaut32.dll.#500",
  614.     "kernel32.dll.InitializeSRWLock",
  615.     "kernel32.dll.AcquireSRWLockExclusive",
  616.     "kernel32.dll.AcquireSRWLockShared",
  617.     "kernel32.dll.ReleaseSRWLockExclusive",
  618.     "kernel32.dll.ReleaseSRWLockShared",
  619.     "shell32.dll.SHGetFolderPathW",
  620.     "advapi32.dll.SaferGetPolicyInformation",
  621.     "sfc.dll.SfcIsFileProtected",
  622.     "ntdll.dll.RtlDllShutdownInProgress",
  623.     "comctl32.dll.#329",
  624.     "ole32.dll.OleUninitialize",
  625.     "ole32.dll.CoRevokeInitializeSpy",
  626.     "comctl32.dll.#388",
  627.     "kernelbase.dll.SetThreadStackGuarantee",
  628.     "ole32.dll.CoInitializeSecurity",
  629.     "sechost.dll.LookupAccountNameLocalW",
  630.     "advapi32.dll.LookupAccountSidW",
  631.     "sechost.dll.LookupAccountSidLocalW",
  632.     "kernel32.dll.SortGetHandle",
  633.     "kernel32.dll.SortCloseHandle",
  634.     "appmgmts.dll.ServiceMain",
  635.     "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  636.     "shell32.dll.OpenAs_RunDLLW",
  637.     "dwmapi.dll.DwmIsCompositionEnabled",
  638.     "comctl32.dll.InitCommonControlsEx",
  639.     "uxtheme.dll.EnableThemeDialogTexture",
  640.     "comctl32.dll.RegisterClassNameW",
  641.     "uxtheme.dll.OpenThemeData",
  642.     "uxtheme.dll.GetThemeBool",
  643.     "uxtheme.dll.IsThemePartDefined",
  644.     "uxtheme.dll.GetThemePartSize",
  645.     "uxtheme.dll.GetThemeFont",
  646.     "uxtheme.dll.GetThemeColor",
  647.     "imm32.dll.ImmIsIME",
  648.     "uxtheme.dll.CloseThemeData",
  649.     "uxtheme.dll.GetThemeTextExtent",
  650.     "gdi32.dll.GetLayout",
  651.     "gdi32.dll.GdiRealizationInfo",
  652.     "gdi32.dll.FontIsLinked",
  653.     "advapi32.dll.RegQueryInfoKeyW",
  654.     "gdi32.dll.GetTextFaceAliasW",
  655.     "advapi32.dll.RegEnumValueW",
  656.     "advapi32.dll.RegQueryValueExW",
  657.     "gdi32.dll.GetFontAssocStatus",
  658.     "advapi32.dll.RegQueryValueExA",
  659.     "advapi32.dll.RegEnumKeyExW",
  660.     "uxtheme.dll.GetThemeMargins",
  661.     "gdi32.dll.GetTextExtentExPointWPri",
  662.     "comctl32.dll.ImageList_CoCreateInstance",
  663.     "windowscodecs.dll.WICCreateImagingFactory_Proxy",
  664.     "shlwapi.dll.PathRemoveFileSpecW",
  665.     "lpk.dll.LpkEditControl",
  666.     "kernel32.dll.HeapSetInformation",
  667.     "advapi32.dll.CheckTokenMembership",
  668.     "kernel32.dll.GetSystemWindowsDirectoryW",
  669.     "kernel32.dll.CreateWaitableTimerW",
  670.     "kernel32.dll.SetWaitableTimer",
  671.     "ole32.dll.CLSIDFromOle1Class",
  672.     "clbcatq.dll.GetCatalogObject",
  673.     "clbcatq.dll.GetCatalogObject2",
  674.     "cryptsp.dll.CryptAcquireContextW",
  675.     "cryptsp.dll.CryptGenRandom",
  676.     "ole32.dll.NdrOleInitializeExtension",
  677.     "ole32.dll.CoGetClassObject",
  678.     "ole32.dll.CoGetMarshalSizeMax",
  679.     "ole32.dll.CoMarshalInterface",
  680.     "ole32.dll.CoUnmarshalInterface",
  681.     "ole32.dll.StringFromIID",
  682.     "ole32.dll.CoGetPSClsid",
  683.     "ole32.dll.CoReleaseMarshalData",
  684.     "ole32.dll.DcomChannelSetHResult",
  685.     "msi.dll.QueryInstanceCount",
  686.     "kernel32.dll.CancelWaitableTimer",
  687.     "msi.dll.DllGetClassObject",
  688.     "msi.dll.DllCanUnloadNow",
  689.     "ole32.dll.CoGetCallContext",
  690.     "rpcrt4.dll.I_RpcBindingInqLocalClientPID",
  691.     "userenv.dll.CreateEnvironmentBlock",
  692.     "userenv.dll.DestroyEnvironmentBlock",
  693.     "kernel32.dll.GetThreadPreferredUILanguages",
  694.     "ntdll.dll.WinSqmIsOptedIn",
  695.     "kernel32.dll.WTSGetActiveConsoleSessionId",
  696.     "ole32.dll.CoInitialize",
  697.     "netapi32.dll.NetGetJoinInformation",
  698.     "netapi32.dll.NetApiBufferFree",
  699.     "shlwapi.dll.UrlIsW",
  700.     "ole32.dll.StgOpenStorage",
  701.     "kernel32.dll.GetFileAttributesExW",
  702.     "advapi32.dll.CreateWellKnownSid",
  703.     "advapi32.dll.SaferCreateLevel",
  704.     "advapi32.dll.SaferCloseLevel",
  705.     "apphelp.dll.SdbInitDatabase",
  706.     "apphelp.dll.SdbFindFirstMsiPackage_Str",
  707.     "apphelp.dll.SdbReleaseDatabase",
  708.     "version.dll.GetFileVersionInfoSizeW",
  709.     "version.dll.GetFileVersionInfoW",
  710.     "version.dll.VerQueryValueW",
  711.     "mscoree.dll.GetCORSystemDirectory",
  712.     "kernel32.dll.SetThreadExecutionState",
  713.     "sfc.dll.SfcIsKeyProtected",
  714.     "kernel32.dll.FlsAlloc",
  715.     "kernel32.dll.FlsSetValue",
  716.     "kernel32.dll.FlsGetValue",
  717.     "kernel32.dll.LCMapStringEx",
  718.     "kernel32.dll.InitializeCriticalSectionEx",
  719.     "kernel32.dll.FlsFree",
  720.     "kernel32.dll.InitOnceExecuteOnce",
  721.     "kernel32.dll.CreateEventExW",
  722.     "kernel32.dll.CreateSemaphoreW",
  723.     "kernel32.dll.CreateSemaphoreExW",
  724.     "kernel32.dll.CreateThreadpoolTimer",
  725.     "kernel32.dll.SetThreadpoolTimer",
  726.     "kernel32.dll.WaitForThreadpoolTimerCallbacks",
  727.     "kernel32.dll.CloseThreadpoolTimer",
  728.     "kernel32.dll.CreateThreadpoolWait",
  729.     "kernel32.dll.SetThreadpoolWait",
  730.     "kernel32.dll.CloseThreadpoolWait",
  731.     "kernel32.dll.FlushProcessWriteBuffers",
  732.     "kernel32.dll.FreeLibraryWhenCallbackReturns",
  733.     "kernel32.dll.GetCurrentProcessorNumber",
  734.     "kernel32.dll.CreateSymbolicLinkW",
  735.     "kernel32.dll.GetTickCount64",
  736.     "kernel32.dll.GetFileInformationByHandleEx",
  737.     "kernel32.dll.SetFileInformationByHandle",
  738.     "kernel32.dll.InitializeConditionVariable",
  739.     "kernel32.dll.WakeConditionVariable",
  740.     "kernel32.dll.WakeAllConditionVariable",
  741.     "kernel32.dll.SleepConditionVariableCS",
  742.     "kernel32.dll.TryAcquireSRWLockExclusive",
  743.     "kernel32.dll.SleepConditionVariableSRW",
  744.     "kernel32.dll.CreateThreadpoolWork",
  745.     "kernel32.dll.SubmitThreadpoolWork",
  746.     "kernel32.dll.CloseThreadpoolWork",
  747.     "kernel32.dll.CompareStringEx",
  748.     "kernel32.dll.GetLocaleInfoEx",
  749.     "goopdate.dll.DllEntry",
  750.     "kernel32.dll.RtlCaptureStackBackTrace",
  751.     "wkscli.dll.NetWkstaGetInfo",
  752.     "cscapi.dll.CscNetApiGetInterface",
  753.     "kernel32.dll.CreateMutexExW",
  754.     "dbghelp.dll.MiniDumpWriteDump",
  755.     "rpcrt4.dll.UuidCreate",
  756.     "psmachine.dll.DllGetClassObject",
  757.     "psmachine.dll.DllCanUnloadNow",
  758.     "advapi32.dll.RegOpenKeyW",
  759.     "ntdll.dll.RtlGetVersion",
  760.     "kernel32.dll.GetNativeSystemInfo",
  761.     "winhttp.dll.WinHttpAddRequestHeaders",
  762.     "winhttp.dll.WinHttpCheckPlatform",
  763.     "winhttp.dll.WinHttpCloseHandle",
  764.     "winhttp.dll.WinHttpConnect",
  765.     "winhttp.dll.WinHttpCrackUrl",
  766.     "winhttp.dll.WinHttpCreateUrl",
  767.     "winhttp.dll.WinHttpDetectAutoProxyConfigUrl",
  768.     "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  769.     "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  770.     "winhttp.dll.WinHttpGetProxyForUrl",
  771.     "winhttp.dll.WinHttpOpen",
  772.     "winhttp.dll.WinHttpOpenRequest",
  773.     "winhttp.dll.WinHttpQueryAuthSchemes",
  774.     "winhttp.dll.WinHttpQueryDataAvailable",
  775.     "winhttp.dll.WinHttpQueryHeaders",
  776.     "winhttp.dll.WinHttpQueryOption",
  777.     "winhttp.dll.WinHttpReadData",
  778.     "winhttp.dll.WinHttpReceiveResponse",
  779.     "winhttp.dll.WinHttpSendRequest",
  780.     "winhttp.dll.WinHttpSetDefaultProxyConfiguration",
  781.     "winhttp.dll.WinHttpSetCredentials",
  782.     "winhttp.dll.WinHttpSetOption",
  783.     "winhttp.dll.WinHttpSetStatusCallback",
  784.     "winhttp.dll.WinHttpSetTimeouts",
  785.     "winhttp.dll.WinHttpWriteData",
  786.     "shlwapi.dll.StrCmpNW",
  787.     "shlwapi.dll.#153",
  788.     "ws2_32.dll.GetAddrInfoW",
  789.     "ws2_32.dll.WSASocketW",
  790.     "ws2_32.dll.#2",
  791.     "ws2_32.dll.#21",
  792.     "ws2_32.dll.#9",
  793.     "ws2_32.dll.WSAIoctl",
  794.     "ws2_32.dll.FreeAddrInfoW",
  795.     "ws2_32.dll.#6",
  796.     "ws2_32.dll.#5",
  797.     "schannel.dll.SpUserModeInitialize",
  798.     "advapi32.dll.RegCreateKeyExW",
  799.     "ws2_32.dll.WSASend",
  800.     "ws2_32.dll.WSARecv",
  801.     "advapi32.dll.RevertToSelf",
  802.     "secur32.dll.FreeContextBuffer",
  803.     "ncrypt.dll.SslOpenProvider",
  804.     "ncrypt.dll.GetSChannelInterface",
  805.     "bcryptprimitives.dll.GetHashInterface",
  806.     "ncrypt.dll.SslIncrementProviderReferenceCount",
  807.     "ncrypt.dll.SslImportKey",
  808.     "bcryptprimitives.dll.GetCipherInterface",
  809.     "ncrypt.dll.SslLookupCipherSuiteInfo",
  810.     "user32.dll.LoadStringW",
  811.     "ncrypt.dll.BCryptOpenAlgorithmProvider",
  812.     "ncrypt.dll.BCryptGetProperty",
  813.     "ncrypt.dll.BCryptCreateHash",
  814.     "ncrypt.dll.BCryptHashData",
  815.     "ncrypt.dll.BCryptFinishHash",
  816.     "ncrypt.dll.BCryptDestroyHash",
  817.     "crypt32.dll.CertGetCertificateChain",
  818.     "userenv.dll.GetUserProfileDirectoryW",
  819.     "sechost.dll.ConvertStringSidToSidW",
  820.     "userenv.dll.RegisterGPNotification",
  821.     "gpapi.dll.RegisterGPNotificationInternal",
  822.     "sechost.dll.OpenSCManagerW",
  823.     "sechost.dll.OpenServiceW",
  824.     "sechost.dll.CloseServiceHandle",
  825.     "sechost.dll.QueryServiceConfigW",
  826.     "winsta.dll.WinStationRegisterNotificationEvent",
  827.     "rpcrt4.dll.RpcStringBindingComposeW",
  828.     "rpcrt4.dll.RpcBindingFromStringBindingW",
  829.     "rpcrt4.dll.RpcStringFreeW",
  830.     "rpcrt4.dll.RpcBindingSetAuthInfoExW",
  831.     "rpcrt4.dll.RpcAsyncInitializeHandle",
  832.     "rpcrt4.dll.NdrClientCall2",
  833.     "rpcrt4.dll.NdrAsyncClientCall",
  834.     "cryptsp.dll.CryptAcquireContextA",
  835.     "cryptsp.dll.CryptCreateHash",
  836.     "cryptsp.dll.CryptHashData",
  837.     "cryptsp.dll.CryptVerifySignatureA",
  838.     "cryptsp.dll.CryptDestroyKey",
  839.     "cryptsp.dll.CryptDestroyHash",
  840.     "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
  841.     "ncrypt.dll.BCryptImportKeyPair",
  842.     "ncrypt.dll.BCryptVerifySignature",
  843.     "ncrypt.dll.BCryptDestroyKey",
  844.     "crypt32.dll.CertVerifyCertificateChainPolicy",
  845.     "crypt32.dll.CertFreeCertificateChain",
  846.     "crypt32.dll.CertDuplicateCertificateContext",
  847.     "ncrypt.dll.SslEncryptPacket",
  848.     "ncrypt.dll.SslDecryptPacket",
  849.     "winsta.dll.WinStationEnumerateW",
  850.     "rpcrt4.dll.I_RpcExceptionFilter",
  851.     "rpcrt4.dll.RpcBindingFree",
  852.     "winsta.dll.WinStationFreeMemory",
  853.     "winsta.dll.WinStationQueryInformationW",
  854.     "qmgr.dll.ServiceMain",
  855.     "ws2_32.dll.#115",
  856.     "ws2_32.dll.#111",
  857.     "bitsigd.dll.InitializeEx",
  858.     "upnp.dll.DllGetClassObject",
  859.     "upnp.dll.DllCanUnloadNow",
  860.     "rpcrt4.dll.RpcStringBindingComposeA",
  861.     "rpcrt4.dll.RpcBindingFromStringBindingA",
  862.     "rpcrt4.dll.RpcStringFreeA",
  863.     "rpcrt4.dll.NdrClientCall3",
  864.     "oleaut32.dll.DllGetClassObject",
  865.     "oleaut32.dll.DllCanUnloadNow",
  866.     "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
  867.     "oleaut32.dll.BSTR_UserSize",
  868.     "oleaut32.dll.BSTR_UserMarshal",
  869.     "oleaut32.dll.BSTR_UserUnmarshal",
  870.     "oleaut32.dll.BSTR_UserFree",
  871.     "oleaut32.dll.VARIANT_UserSize",
  872.     "oleaut32.dll.VARIANT_UserMarshal",
  873.     "oleaut32.dll.VARIANT_UserUnmarshal",
  874.     "oleaut32.dll.VARIANT_UserFree",
  875.     "oleaut32.dll.LPSAFEARRAY_UserSize",
  876.     "oleaut32.dll.LPSAFEARRAY_UserMarshal",
  877.     "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
  878.     "oleaut32.dll.LPSAFEARRAY_UserFree",
  879.     "advapi32.dll.LogonUserW",
  880.     "sspicli.dll.LogonUserExExW",
  881.     "wtsapi32.dll.WTSQueryUserToken",
  882.     "wtsapi32.dll.WTSEnumerateSessionsW",
  883.     "wtsapi32.dll.WTSFreeMemory",
  884.     "advapi32.dll.QueryAllTracesW",
  885.     "vssapi.dll.CreateWriter",
  886.     "advapi32.dll.LookupAccountNameW",
  887.     "samcli.dll.NetLocalGroupGetMembers",
  888.     "samlib.dll.SamConnect",
  889.     "samlib.dll.SamOpenDomain",
  890.     "samlib.dll.SamLookupNamesInDomain",
  891.     "samlib.dll.SamOpenAlias",
  892.     "samlib.dll.SamFreeMemory",
  893.     "samlib.dll.SamCloseHandle",
  894.     "samlib.dll.SamGetMembersInAlias",
  895.     "netutils.dll.NetApiBufferFree",
  896.     "samlib.dll.SamEnumerateDomainsInSamServer",
  897.     "samlib.dll.SamLookupDomainInSamServer",
  898.     "ole32.dll.CoCreateGuid",
  899.     "ole32.dll.StringFromCLSID",
  900.     "oleaut32.dll.#4",
  901.     "oleaut32.dll.#7",
  902.     "propsys.dll.VariantToPropVariant",
  903.     "ole32.dll.CoRegisterClassObject",
  904.     "iphlpapi.dll.GetAdaptersAddresses"
  905. ]
  906.  
  907. [*] Static Analysis: {}
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top