Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Volatility Foundation Volatility Framework 2.6
- Rule: Cobalt_functions
- Owner: Process svchost.exe Pid 3296
- 0x0101590d 58 a4 53 e5 ff d5 93 53 6a 00 56 53 57 68 02 d9 X.S....Sj.VSWh..
- 0x0101591d c8 5f ff d5 01 c3 29 c6 85 f6 75 ec c3 51 73 d8 ._....)...u..Qs.
- 0x0101592d 5c 9f be 9d 4d c2 e3 d2 fe 2b 59 77 47 16 e4 b1 \...M....+YwG...
- 0x0101593d 7d 48 12 25 5c 95 cf 0a 46 83 c1 20 45 12 da 06 }H.%\...F...E...
- 0x0101594d 4a 8f d5 1c 64 ad f7 42 8e db 29 78 cc 19 6b bf J...d..B..)x..k.
- 0x0101595d ee 98 42 21 6c c5 1f 71 d6 33 91 b0 50 b1 13 89 ..B!l..q.3..P...
- 0x0101596d d9 3f a5 8c 74 dd 47 33 e1 74 06 70 d8 49 bb 26 .?..t.G3.t.p.I.&
- 0x0101597d a2 17 8d 24 7c f5 6f 95 66 e3 61 e0 60 e1 63 e6 ...$|.o.f.a.`.c.
- 0x0101598d 6a ef 75 fc 24 0f d7 22 ae 3b c9 58 e8 79 0b 9e j.u.$..".;.X.y..
- 0x0101599d fa c2 1d f4 8c 25 bf 5a f6 93 31 d0 8a 19 f3 56 .....%.Z..1....V
- 0x010159ad fa 9f 45 ec 94 3d e7 d2 a2 e7 d9 48 f8 a9 5b 0e ..E..=.....H..[.
- 0x010159bd c2 77 2d b4 5f 5a 4f ca 86 43 01 c0 80 41 03 e2 .w-._ZO..C...A..
- 0x010159cd 7e 5d 55 dc a4 6d 37 02 ce 9b e9 ae 90 cf eb 7e ~]U..m7........~
- 0x010159dd 52 27 fd d4 ac 85 7f 86 a8 ea 91 b0 90 71 53 36 R'...........qS6
- 0x010159ed 1e 40 2c d7 3a a9 c7 72 5e 4b 98 c5 d4 c7 e0 2c .@,.:..r^K.....,
- 0x010159fd 31 99 8d e4 4c 2b 1a da 8d 0b 0c 65 3d c8 e3 76 1...L+.....e=..v
- Rule: Cobalt_functions
- Owner: Process svchost.exe Pid 3296
- 0x010158a4 4c 77 26 07 ff d5 b8 90 01 00 00 29 c4 54 50 68 Lw&........).TPh
- 0x010158b4 29 80 6b 00 ff d5 50 50 50 50 40 50 40 50 68 ea ).k...PPPP@P@Ph.
- 0x010158c4 0f df e0 ff d5 97 6a 05 68 7f 00 00 01 68 02 00 ......j.h....h..
- 0x010158d4 16 2e 89 e6 6a 10 56 57 68 99 a5 74 61 ff d5 85 ....j.VWh..ta...
- 0x010158e4 c0 74 0c ff 4e 08 75 ec 68 f0 b5 a2 56 ff d5 6a .t..N.u.h...V..j
- 0x010158f4 00 6a 04 56 57 68 02 d9 c8 5f ff d5 8b 36 6a 40 .j.VWh..._...6j@
- 0x01015904 68 00 10 00 00 56 6a 00 68 58 a4 53 e5 ff d5 93 h....Vj.hX.S....
- 0x01015914 53 6a 00 56 53 57 68 02 d9 c8 5f ff d5 01 c3 29 Sj.VSWh..._....)
- 0x01015924 c6 85 f6 75 ec c3 51 73 d8 5c 9f be 9d 4d c2 e3 ...u..Qs.\...M..
- 0x01015934 d2 fe 2b 59 77 47 16 e4 b1 7d 48 12 25 5c 95 cf ..+YwG...}H.%\..
- 0x01015944 0a 46 83 c1 20 45 12 da 06 4a 8f d5 1c 64 ad f7 .F...E...J...d..
- 0x01015954 42 8e db 29 78 cc 19 6b bf ee 98 42 21 6c c5 1f B..)x..k...B!l..
- 0x01015964 71 d6 33 91 b0 50 b1 13 89 d9 3f a5 8c 74 dd 47 q.3..P....?..t.G
- 0x01015974 33 e1 74 06 70 d8 49 bb 26 a2 17 8d 24 7c f5 6f 3.t.p.I.&...$|.o
- 0x01015984 95 66 e3 61 e0 60 e1 63 e6 6a ef 75 fc 24 0f d7 .f.a.`.c.j.u.$..
- 0x01015994 22 ae 3b c9 58 e8 79 0b 9e fa c2 1d f4 8c 25 bf ".;.X.y.......%.
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x01013c1c 57 53 32 5f 33 32 2e 64 6c 6c 00 00 69 00 49 6e WS2_32.dll..i.In
- 0x01013c2c 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e 64 6c ternetCloseHandl
- 0x01013c3c 65 00 a7 00 49 6e 74 65 72 6e 65 74 53 65 74 4f e...InternetSetO
- 0x01013c4c 70 74 69 6f 6e 41 00 00 6f 00 49 6e 74 65 72 6e ptionA..o.Intern
- 0x01013c5c 65 74 43 6f 6e 6e 65 63 74 41 00 00 92 00 49 6e etConnectA....In
- 0x01013c6c 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 48 74 ternetOpenA.W.Ht
- 0x01013c7c 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 9a 00 tpQueryInfoA....
- 0x01013c8c 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x01013c9c 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
- 0x01013cac 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
- 0x01013cbc 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 Y.HttpSendReques
- 0x01013ccc 74 41 00 00 50 00 48 74 74 70 41 64 64 52 65 71 tA..P.HttpAddReq
- 0x01013cdc 75 65 73 74 48 65 61 64 65 72 73 41 00 00 98 00 uestHeadersA....
- 0x01013cec 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 InternetQueryOpt
- 0x01013cfc 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 ionA....Internet
- 0x01013d0c 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 SetStatusCallbac
- Rule: Str_Win32_Wininet_Library
- Owner: Process svchost.exe Pid 3296
- 0x01013d32 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 20 02 49 6e WININET.dll...In
- 0x01013d42 74 65 72 6c 6f 63 6b 65 64 49 6e 63 72 65 6d 65 terlockedIncreme
- 0x01013d52 6e 74 00 00 1c 02 49 6e 74 65 72 6c 6f 63 6b 65 nt....Interlocke
- 0x01013d62 64 44 65 63 72 65 6d 65 6e 74 00 00 1d 02 49 6e dDecrement....In
- 0x01013d72 74 65 72 6c 6f 63 6b 65 64 45 78 63 68 61 6e 67 terlockedExchang
- 0x01013d82 65 00 18 02 49 6e 69 74 69 61 6c 69 7a 65 43 72 e...InitializeCr
- 0x01013d92 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 7f 00 iticalSection...
- 0x01013da2 44 65 6c 65 74 65 43 72 69 74 69 63 61 6c 53 65 DeleteCriticalSe
- 0x01013db2 63 74 69 6f 6e 00 96 00 45 6e 74 65 72 43 72 69 ction...EnterCri
- 0x01013dc2 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 43 02 ticalSection..C.
- 0x01013dd2 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 65 63 LeaveCriticalSec
- 0x01013de2 74 69 6f 6e 00 00 1b 02 49 6e 74 65 72 6c 6f 63 tion....Interloc
- 0x01013df2 6b 65 64 43 6f 6d 70 61 72 65 45 78 63 68 61 6e kedCompareExchan
- 0x01013e02 67 65 00 00 7e 02 4f 75 74 70 75 74 44 65 62 75 ge..~.OutputDebu
- 0x01013e12 67 53 74 72 69 6e 67 41 00 00 c7 02 52 74 6c 55 gStringA....RtlU
- 0x01013e22 6e 77 69 6e 64 00 36 03 53 65 74 55 6e 68 61 6e nwind.6.SetUnhan
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01013c2a 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
- 0x01013c3a 64 6c 65 00 a7 00 49 6e 74 65 72 6e 65 74 53 65 dle...InternetSe
- 0x01013c4a 74 4f 70 74 69 6f 6e 41 00 00 6f 00 49 6e 74 65 tOptionA..o.Inte
- 0x01013c5a 72 6e 65 74 43 6f 6e 6e 65 63 74 41 00 00 92 00 rnetConnectA....
- 0x01013c6a 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 InternetOpenA.W.
- 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
- 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
- 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
- 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
- 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
- 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
- 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
- 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
- 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
- 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
- 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01001dd0 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x01001de0 00 00 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
- 0x01001df0 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
- 0x01001e00 44 61 74 61 20 73 65 6e 74 2e 2e 2e 00 00 00 00 Data.sent.......
- 0x01001e10 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 00 HttpSendRequest.
- 0x01001e20 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type:.te
- 0x01001e30 78 74 2f 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d xt/xml..Content-
- 0x01001e40 6c 65 6e 67 74 68 3a 20 25 64 00 00 48 74 74 70 length:.%d..Http
- 0x01001e50 4f 70 65 6e 52 65 71 75 65 73 74 00 50 4f 53 54 OpenRequest.POST
- 0x01001e60 00 00 00 00 48 54 54 50 2f 31 2e 30 00 00 00 00 ....HTTP/1.0....
- 0x01001e70 74 65 78 74 2f 2a 00 00 4e 6f 20 63 6f 6e 6e 65 text/*..No.conne
- 0x01001e80 63 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 ction...........
- 0x01001e90 0e b1 00 01 2a 00 00 00 00 00 00 00 00 00 00 00 ....*...........
- 0x01001ea0 73 74 72 69 6e 67 20 74 6f 6f 20 6c 6f 6e 67 00 string.too.long.
- 0x01001eb0 69 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 20 70 invalid.string.p
- 0x01001ec0 6f 73 69 74 69 6f 6e 00 00 00 00 00 00 00 00 00 osition.........
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01013c8c 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x01013c9c 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
- 0x01013cac 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
- 0x01013cbc 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 Y.HttpSendReques
- 0x01013ccc 74 41 00 00 50 00 48 74 74 70 41 64 64 52 65 71 tA..P.HttpAddReq
- 0x01013cdc 75 65 73 74 48 65 61 64 65 72 73 41 00 00 98 00 uestHeadersA....
- 0x01013cec 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 InternetQueryOpt
- 0x01013cfc 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 ionA....Internet
- 0x01013d0c 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 SetStatusCallbac
- 0x01013d1c 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 71 75 k.U.HttpOpenRequ
- 0x01013d2c 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e 64 6c estA..WININET.dl
- 0x01013d3c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 64 49 l...InterlockedI
- 0x01013d4c 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e 74 65 ncrement....Inte
- 0x01013d5c 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 6e 74 rlockedDecrement
- 0x01013d6c 00 00 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 64 45 ....InterlockedE
- 0x01013d7c 78 63 68 61 6e 67 65 00 18 02 49 6e 69 74 69 61 xchange...Initia
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01001a90 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 00 InternetConnect.
- 0x01001aa0 49 6e 74 65 72 6e 65 74 4f 70 65 6e 00 00 00 00 InternetOpen....
- 0x01001ab0 58 6d 6c 52 70 63 00 00 00 00 00 00 04 00 00 00 XmlRpc..........
- 0x01001ac0 54 68 65 20 55 52 49 20 6d 75 73 74 20 62 65 67 The.URI.must.beg
- 0x01001ad0 69 6e 20 77 69 74 68 20 22 68 74 74 70 73 3a 2f in.with."https:/
- 0x01001ae0 2f 22 20 7c 7c 20 22 68 74 74 70 3a 2f 2f 22 2e /".||."http://".
- 0x01001af0 00 00 00 00 68 74 74 70 3a 2f 2f 00 68 74 74 70 ....http://.http
- 0x01001b00 73 3a 2f 2f 00 00 00 00 00 00 00 00 4c 00 00 00 s://........L...
- 0x01001b10 30 00 00 00 31 00 00 00 3c 6e 69 6c 2f 3e 00 00 0...1...<nil/>..
- 0x01001b20 25 34 64 25 30 32 64 25 30 32 64 54 25 30 32 64 %4d%02d%02dT%02d
- 0x01001b30 3a 25 30 32 64 3a 25 30 32 64 00 00 74 79 70 65 :%02d:%02d..type
- 0x01001b40 20 65 72 72 6f 72 3a 20 65 78 70 65 63 74 65 64 .error:.expected
- 0x01001b50 20 61 20 73 74 72 75 63 74 00 00 00 3c 73 74 72 .a.struct...<str
- 0x01001b60 69 6e 67 2f 3e 00 00 00 42 61 64 20 62 61 73 65 ing/>...Bad.base
- 0x01001b70 36 34 00 00 55 6e 64 65 66 69 6e 65 64 20 58 6d 64..Undefined.Xm
- 0x01001b80 6c 52 70 63 20 76 61 6c 75 65 00 00 3c 2f 70 61 lRpc.value..</pa
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01013c56 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 41 InternetConnectA
- 0x01013c66 00 00 92 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e ....InternetOpen
- 0x01013c76 41 00 57 00 48 74 74 70 51 75 65 72 79 49 6e 66 A.W.HttpQueryInf
- 0x01013c86 6f 41 00 00 9a 00 49 6e 74 65 72 6e 65 74 52 65 oA....InternetRe
- 0x01013c96 61 64 46 69 6c 65 00 00 96 00 49 6e 74 65 72 6e adFile....Intern
- 0x01013ca6 65 74 51 75 65 72 79 44 61 74 61 41 76 61 69 6c etQueryDataAvail
- 0x01013cb6 61 62 6c 65 00 00 59 00 48 74 74 70 53 65 6e 64 able..Y.HttpSend
- 0x01013cc6 52 65 71 75 65 73 74 41 00 00 50 00 48 74 74 70 RequestA..P.Http
- 0x01013cd6 41 64 64 52 65 71 75 65 73 74 48 65 61 64 65 72 AddRequestHeader
- 0x01013ce6 73 41 00 00 98 00 49 6e 74 65 72 6e 65 74 51 75 sA....InternetQu
- 0x01013cf6 65 72 79 4f 70 74 69 6f 6e 41 00 00 ad 00 49 6e eryOptionA....In
- 0x01013d06 74 65 72 6e 65 74 53 65 74 53 74 61 74 75 73 43 ternetSetStatusC
- 0x01013d16 61 6c 6c 62 61 63 6b 00 55 00 48 74 74 70 4f 70 allback.U.HttpOp
- 0x01013d26 65 6e 52 65 71 75 65 73 74 41 00 00 57 49 4e 49 enRequestA..WINI
- 0x01013d36 4e 45 54 2e 64 6c 6c 00 20 02 49 6e 74 65 72 6c NET.dll...Interl
- 0x01013d46 6f 63 6b 65 64 49 6e 63 72 65 6d 65 6e 74 00 00 ockedIncrement..
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01001aa0 49 6e 74 65 72 6e 65 74 4f 70 65 6e 00 00 00 00 InternetOpen....
- 0x01001ab0 58 6d 6c 52 70 63 00 00 00 00 00 00 04 00 00 00 XmlRpc..........
- 0x01001ac0 54 68 65 20 55 52 49 20 6d 75 73 74 20 62 65 67 The.URI.must.beg
- 0x01001ad0 69 6e 20 77 69 74 68 20 22 68 74 74 70 73 3a 2f in.with."https:/
- 0x01001ae0 2f 22 20 7c 7c 20 22 68 74 74 70 3a 2f 2f 22 2e /".||."http://".
- 0x01001af0 00 00 00 00 68 74 74 70 3a 2f 2f 00 68 74 74 70 ....http://.http
- 0x01001b00 73 3a 2f 2f 00 00 00 00 00 00 00 00 4c 00 00 00 s://........L...
- 0x01001b10 30 00 00 00 31 00 00 00 3c 6e 69 6c 2f 3e 00 00 0...1...<nil/>..
- 0x01001b20 25 34 64 25 30 32 64 25 30 32 64 54 25 30 32 64 %4d%02d%02dT%02d
- 0x01001b30 3a 25 30 32 64 3a 25 30 32 64 00 00 74 79 70 65 :%02d:%02d..type
- 0x01001b40 20 65 72 72 6f 72 3a 20 65 78 70 65 63 74 65 64 .error:.expected
- 0x01001b50 20 61 20 73 74 72 75 63 74 00 00 00 3c 73 74 72 .a.struct...<str
- 0x01001b60 69 6e 67 2f 3e 00 00 00 42 61 64 20 62 61 73 65 ing/>...Bad.base
- 0x01001b70 36 34 00 00 55 6e 64 65 66 69 6e 65 64 20 58 6d 64..Undefined.Xm
- 0x01001b80 6c 52 70 63 20 76 61 6c 75 65 00 00 3c 2f 70 61 lRpc.value..</pa
- 0x01001b90 72 61 6d 73 3e 3c 2f 6d 65 74 68 6f 64 43 61 6c rams></methodCal
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x01013c6a 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 InternetOpenA.W.
- 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
- 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
- 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
- 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
- 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
- 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
- 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
- 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
- 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
- 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
- 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
- 0x01013d2a 71 75 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e questA..WININET.
- 0x01013d3a 64 6c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 dll...Interlocke
- 0x01013d4a 64 49 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e dIncrement....In
- 0x01013d5a 74 65 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 terlockedDecreme
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x01001e10 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 00 HttpSendRequest.
- 0x01001e20 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type:.te
- 0x01001e30 78 74 2f 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d xt/xml..Content-
- 0x01001e40 6c 65 6e 67 74 68 3a 20 25 64 00 00 48 74 74 70 length:.%d..Http
- 0x01001e50 4f 70 65 6e 52 65 71 75 65 73 74 00 50 4f 53 54 OpenRequest.POST
- 0x01001e60 00 00 00 00 48 54 54 50 2f 31 2e 30 00 00 00 00 ....HTTP/1.0....
- 0x01001e70 74 65 78 74 2f 2a 00 00 4e 6f 20 63 6f 6e 6e 65 text/*..No.conne
- 0x01001e80 63 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 ction...........
- 0x01001e90 0e b1 00 01 2a 00 00 00 00 00 00 00 00 00 00 00 ....*...........
- 0x01001ea0 73 74 72 69 6e 67 20 74 6f 6f 20 6c 6f 6e 67 00 string.too.long.
- 0x01001eb0 69 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 20 70 invalid.string.p
- 0x01001ec0 6f 73 69 74 69 6f 6e 00 00 00 00 00 00 00 00 00 osition.........
- 0x01001ed0 e1 be 00 01 71 ba 00 01 49 b5 00 01 84 d1 00 01 ....q...I.......
- 0x01001ee0 d9 b5 00 01 84 b7 00 01 18 6f 00 01 c6 6b 00 01 .........o...k..
- 0x01001ef0 17 bc 00 01 da bc 00 01 4e b6 00 01 16 b5 00 01 ........N.......
- 0x01001f00 be be 00 01 52 24 00 01 92 b4 00 01 9a b4 00 01 ....R$..........
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x01013cbe 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
- 0x01013cce 00 00 50 00 48 74 74 70 41 64 64 52 65 71 75 65 ..P.HttpAddReque
- 0x01013cde 73 74 48 65 61 64 65 72 73 41 00 00 98 00 49 6e stHeadersA....In
- 0x01013cee 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 69 6f ternetQueryOptio
- 0x01013cfe 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 53 65 nA....InternetSe
- 0x01013d0e 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 00 tStatusCallback.
- 0x01013d1e 55 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 U.HttpOpenReques
- 0x01013d2e 74 41 00 00 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 tA..WININET.dll.
- 0x01013d3e 20 02 49 6e 74 65 72 6c 6f 63 6b 65 64 49 6e 63 ..InterlockedInc
- 0x01013d4e 72 65 6d 65 6e 74 00 00 1c 02 49 6e 74 65 72 6c rement....Interl
- 0x01013d5e 6f 63 6b 65 64 44 65 63 72 65 6d 65 6e 74 00 00 ockedDecrement..
- 0x01013d6e 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 64 45 78 63 ..InterlockedExc
- 0x01013d7e 68 61 6e 67 65 00 18 02 49 6e 69 74 69 61 6c 69 hange...Initiali
- 0x01013d8e 7a 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f zeCriticalSectio
- 0x01013d9e 6e 00 7f 00 44 65 6c 65 74 65 43 72 69 74 69 63 n...DeleteCritic
- 0x01013dae 61 6c 53 65 63 74 69 6f 6e 00 96 00 45 6e 74 65 alSection...Ente
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
- 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
- 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
- 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
- 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
- 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
- 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
- 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
- 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
- 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
- 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
- 0x01013d2a 71 75 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e questA..WININET.
- 0x01013d3a 64 6c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 dll...Interlocke
- 0x01013d4a 64 49 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e dIncrement....In
- 0x01013d5a 74 65 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 terlockedDecreme
- 0x01013d6a 6e 74 00 00 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 nt....Interlocke
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x01001e4c 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 00 HttpOpenRequest.
- 0x01001e5c 50 4f 53 54 00 00 00 00 48 54 54 50 2f 31 2e 30 POST....HTTP/1.0
- 0x01001e6c 00 00 00 00 74 65 78 74 2f 2a 00 00 4e 6f 20 63 ....text/*..No.c
- 0x01001e7c 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 00 00 00 00 onnection.......
- 0x01001e8c 00 00 00 00 0e b1 00 01 2a 00 00 00 00 00 00 00 ........*.......
- 0x01001e9c 00 00 00 00 73 74 72 69 6e 67 20 74 6f 6f 20 6c ....string.too.l
- 0x01001eac 6f 6e 67 00 69 6e 76 61 6c 69 64 20 73 74 72 69 ong.invalid.stri
- 0x01001ebc 6e 67 20 70 6f 73 69 74 69 6f 6e 00 00 00 00 00 ng.position.....
- 0x01001ecc 00 00 00 00 e1 be 00 01 71 ba 00 01 49 b5 00 01 ........q...I...
- 0x01001edc 84 d1 00 01 d9 b5 00 01 84 b7 00 01 18 6f 00 01 .............o..
- 0x01001eec c6 6b 00 01 17 bc 00 01 da bc 00 01 4e b6 00 01 .k..........N...
- 0x01001efc 16 b5 00 01 be be 00 01 52 24 00 01 92 b4 00 01 ........R$......
- 0x01001f0c 9a b4 00 01 9a b4 00 01 2e b7 00 01 2e b7 00 01 ................
- 0x01001f1c 4f b7 00 01 68 b7 00 01 00 00 00 00 00 00 00 00 O...h...........
- 0x01001f2c 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ................
- 0x01001f3c ff ff ff ff 00 00 00 00 00 00 00 00 55 c6 00 01 ............U...
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x01013d20 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 41 HttpOpenRequestA
- 0x01013d30 00 00 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 20 02 ..WININET.dll...
- 0x01013d40 49 6e 74 65 72 6c 6f 63 6b 65 64 49 6e 63 72 65 InterlockedIncre
- 0x01013d50 6d 65 6e 74 00 00 1c 02 49 6e 74 65 72 6c 6f 63 ment....Interloc
- 0x01013d60 6b 65 64 44 65 63 72 65 6d 65 6e 74 00 00 1d 02 kedDecrement....
- 0x01013d70 49 6e 74 65 72 6c 6f 63 6b 65 64 45 78 63 68 61 InterlockedExcha
- 0x01013d80 6e 67 65 00 18 02 49 6e 69 74 69 61 6c 69 7a 65 nge...Initialize
- 0x01013d90 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 CriticalSection.
- 0x01013da0 7f 00 44 65 6c 65 74 65 43 72 69 74 69 63 61 6c ..DeleteCritical
- 0x01013db0 53 65 63 74 69 6f 6e 00 96 00 45 6e 74 65 72 43 Section...EnterC
- 0x01013dc0 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 riticalSection..
- 0x01013dd0 43 02 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 C.LeaveCriticalS
- 0x01013de0 65 63 74 69 6f 6e 00 00 1b 02 49 6e 74 65 72 6c ection....Interl
- 0x01013df0 6f 63 6b 65 64 43 6f 6d 70 61 72 65 45 78 63 68 ockedCompareExch
- 0x01013e00 61 6e 67 65 00 00 7e 02 4f 75 74 70 75 74 44 65 ange..~.OutputDe
- 0x01013e10 62 75 67 53 74 72 69 6e 67 41 00 00 c7 02 52 74 bugStringA....Rt
- Rule: Str_Win32_Wininet_Library
- Owner: Process svchost.exe Pid 3296
- 0x3d93233e 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 43 6f 6d 6d WININET.dll.Comm
- 0x3d93234e 69 74 55 72 6c 43 61 63 68 65 45 6e 74 72 79 41 itUrlCacheEntryA
- 0x3d93235e 00 43 6f 6d 6d 69 74 55 72 6c 43 61 63 68 65 45 .CommitUrlCacheE
- 0x3d93236e 6e 74 72 79 57 00 43 72 65 61 74 65 4d 44 35 53 ntryW.CreateMD5S
- 0x3d93237e 53 4f 48 61 73 68 00 43 72 65 61 74 65 55 72 6c SOHash.CreateUrl
- 0x3d93238e 43 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 41 00 CacheContainerA.
- 0x3d93239e 43 72 65 61 74 65 55 72 6c 43 61 63 68 65 43 6f CreateUrlCacheCo
- 0x3d9323ae 6e 74 61 69 6e 65 72 57 00 43 72 65 61 74 65 55 ntainerW.CreateU
- 0x3d9323be 72 6c 43 61 63 68 65 45 6e 74 72 79 41 00 43 72 rlCacheEntryA.Cr
- 0x3d9323ce 65 61 74 65 55 72 6c 43 61 63 68 65 45 6e 74 72 eateUrlCacheEntr
- 0x3d9323de 79 57 00 43 72 65 61 74 65 55 72 6c 43 61 63 68 yW.CreateUrlCach
- 0x3d9323ee 65 47 72 6f 75 70 00 44 65 6c 65 74 65 49 45 33 eGroup.DeleteIE3
- 0x3d9323fe 43 61 63 68 65 00 44 65 6c 65 74 65 55 72 6c 43 Cache.DeleteUrlC
- 0x3d93240e 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 41 00 44 acheContainerA.D
- 0x3d93241e 65 6c 65 74 65 55 72 6c 43 61 63 68 65 43 6f 6e eleteUrlCacheCon
- 0x3d93242e 74 61 69 6e 65 72 57 00 44 65 6c 65 74 65 55 72 tainerW.DeleteUr
- Rule: Str_Win32_Wininet_Library
- Owner: Process svchost.exe Pid 3296
- 0x3d983be0 77 69 6e 69 6e 65 74 2e 64 6c 6c 00 3b f3 0f 84 wininet.dll.;...
- 0x3d983bf0 d0 d4 fb ff 39 1e 0f 85 85 82 fb ff e9 c3 d4 fb ....9...........
- 0x3d983c00 ff 8b 07 83 60 08 00 e9 d3 ce fb ff 56 ff 15 c8 ....`.......V...
- 0x3d983c10 14 93 3d eb 70 6a 57 5e eb 67 33 c9 e9 68 80 fb ..=.pjW^.g3..h..
- 0x3d983c20 ff 90 90 90 90 90 8b ff 55 8b ec 56 57 33 ff 39 ........U..VW3.9
- 0x3d983c30 7d 08 74 e1 39 7d 0c 8b 75 10 74 08 3b f7 74 d5 }.t.9}..u.t.;.t.
- 0x3d983c40 39 3e 74 d1 39 7d 14 75 cc 39 7d 18 75 c7 39 7d 9>t.9}.u.9}.u.9}
- 0x3d983c50 1c 75 c2 e8 c2 11 fb ff 85 c0 0f 84 30 30 01 00 .u..........00..
- 0x3d983c60 8b 45 20 8b 0d e4 12 9e 3d 50 25 00 01 00 00 83 .E......=P%.....
- 0x3d983c70 c8 01 50 56 ff 75 0c ff 75 08 e8 85 1d fb ff 8b ..PV.u..u.......
- 0x3d983c80 f0 3b f7 75 87 33 c0 3b f7 5f 0f 94 c0 5e 5d c2 .;.u.3.;._...^].
- 0x3d983c90 1c 00 90 90 90 90 90 8b ff 55 8b ec 56 8b 75 08 .........U..V.u.
- 0x3d983ca0 85 f6 75 22 39 75 0c 74 16 8b 45 10 ff 75 0c f7 ..u"9u.t..E..u..
- 0x3d983cb0 d8 1b c0 83 e0 02 50 ff 15 fc 14 93 3d 8b f0 8b ......P.....=...
- 0x3d983cc0 c6 5e 5d c2 0c 00 83 7d 0c 00 0f 85 1d 39 fc ff .^]....}.....9..
- 0x3d983cd0 56 ff 15 f8 14 93 3d eb e4 53 57 ff 36 e8 b5 ff V.....=..SW.6...
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932be0 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
- 0x3d932bf0 64 6c 65 00 49 6e 74 65 72 6e 65 74 43 6f 6d 62 dle.InternetComb
- 0x3d932c00 69 6e 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 ineUrlA.Internet
- 0x3d932c10 43 6f 6d 62 69 6e 65 55 72 6c 57 00 49 6e 74 65 CombineUrlW.Inte
- 0x3d932c20 72 6e 65 74 43 6f 6e 66 69 72 6d 5a 6f 6e 65 43 rnetConfirmZoneC
- 0x3d932c30 72 6f 73 73 69 6e 67 00 49 6e 74 65 72 6e 65 74 rossing.Internet
- 0x3d932c40 43 6f 6e 66 69 72 6d 5a 6f 6e 65 43 72 6f 73 73 ConfirmZoneCross
- 0x3d932c50 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 43 6f 6e ingA.InternetCon
- 0x3d932c60 66 69 72 6d 5a 6f 6e 65 43 72 6f 73 73 69 6e 67 firmZoneCrossing
- 0x3d932c70 57 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 W.InternetConnec
- 0x3d932c80 74 41 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 tA.InternetConne
- 0x3d932c90 63 74 57 00 49 6e 74 65 72 6e 65 74 43 72 61 63 ctW.InternetCrac
- 0x3d932ca0 6b 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 kUrlA.InternetCr
- 0x3d932cb0 61 63 6b 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 ackUrlW.Internet
- 0x3d932cc0 43 72 65 61 74 65 55 72 6c 41 00 49 6e 74 65 72 CreateUrlA.Inter
- 0x3d932cd0 6e 65 74 43 72 65 61 74 65 55 72 6c 57 00 49 6e netCreateUrlW.In
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d93307e 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d93308e 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
- 0x3d93309e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 eExA.InternetRea
- 0x3d9330ae 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 dFileExW.Interne
- 0x3d9330be 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f tSecurityProtoco
- 0x3d9330ce 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 lToStringA.Inter
- 0x3d9330de 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f netSecurityProto
- 0x3d9330ee 63 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 colToStringW.Int
- 0x3d9330fe 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 ernetSetCookieA.
- 0x3d93310e 49 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 InternetSetCooki
- 0x3d93311e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 53 65 74 eExA.InternetSet
- 0x3d93312e 43 6f 6f 6b 69 65 45 78 57 00 49 6e 74 65 72 6e CookieExW.Intern
- 0x3d93313e 65 74 53 65 74 43 6f 6f 6b 69 65 57 00 49 6e 74 etSetCookieW.Int
- 0x3d93314e 65 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 ernetSetDialStat
- 0x3d93315e 65 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 61 e.InternetSetDia
- 0x3d93316e 6c 53 74 61 74 65 41 00 49 6e 74 65 72 6e 65 74 lStateA.Internet
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
- 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
- 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
- 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- 0x3d9330df 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
- 0x3d9330ef 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 olToStringW.Inte
- 0x3d9330ff 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 49 rnetSetCookieA.I
- 0x3d93310f 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 nternetSetCookie
- 0x3d93311f 45 78 41 00 49 6e 74 65 72 6e 65 74 53 65 74 43 ExA.InternetSetC
- 0x3d93312f 6f 6f 6b 69 65 45 78 57 00 49 6e 74 65 72 6e 65 ookieExW.Interne
- 0x3d93313f 74 53 65 74 43 6f 6f 6b 69 65 57 00 49 6e 74 65 tSetCookieW.Inte
- 0x3d93314f 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 65 rnetSetDialState
- 0x3d93315f 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 61 6c .InternetSetDial
- 0x3d93316f 53 74 61 74 65 41 00 49 6e 74 65 72 6e 65 74 53 StateA.InternetS
- 0x3d93317f 65 74 44 69 61 6c 53 74 61 74 65 57 00 49 6e 74 etDialStateW.Int
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d9330a3 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d9330b3 45 78 57 00 49 6e 74 65 72 6e 65 74 53 65 63 75 ExW.InternetSecu
- 0x3d9330c3 72 69 74 79 50 72 6f 74 6f 63 6f 6c 54 6f 53 74 rityProtocolToSt
- 0x3d9330d3 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 53 65 ringA.InternetSe
- 0x3d9330e3 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c 54 6f curityProtocolTo
- 0x3d9330f3 53 74 72 69 6e 67 57 00 49 6e 74 65 72 6e 65 74 StringW.Internet
- 0x3d933103 53 65 74 43 6f 6f 6b 69 65 41 00 49 6e 74 65 72 SetCookieA.Inter
- 0x3d933113 6e 65 74 53 65 74 43 6f 6f 6b 69 65 45 78 41 00 netSetCookieExA.
- 0x3d933123 49 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 InternetSetCooki
- 0x3d933133 65 45 78 57 00 49 6e 74 65 72 6e 65 74 53 65 74 eExW.InternetSet
- 0x3d933143 43 6f 6f 6b 69 65 57 00 49 6e 74 65 72 6e 65 74 CookieW.Internet
- 0x3d933153 53 65 74 44 69 61 6c 53 74 61 74 65 00 49 6e 74 SetDialState.Int
- 0x3d933163 65 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 ernetSetDialStat
- 0x3d933173 65 41 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 eA.InternetSetDi
- 0x3d933183 61 6c 53 74 61 74 65 57 00 49 6e 74 65 72 6e 65 alStateW.Interne
- 0x3d933193 74 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 tSetFilePointer.
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932c72 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 41 InternetConnectA
- 0x3d932c82 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 .InternetConnect
- 0x3d932c92 57 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b 55 W.InternetCrackU
- 0x3d932ca2 72 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 61 63 rlA.InternetCrac
- 0x3d932cb2 6b 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 72 kUrlW.InternetCr
- 0x3d932cc2 65 61 74 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 eateUrlA.Interne
- 0x3d932cd2 74 43 72 65 61 74 65 55 72 6c 57 00 49 6e 74 65 tCreateUrlW.Inte
- 0x3d932ce2 72 6e 65 74 44 69 61 6c 00 49 6e 74 65 72 6e 65 rnetDial.Interne
- 0x3d932cf2 74 44 69 61 6c 41 00 49 6e 74 65 72 6e 65 74 44 tDialA.InternetD
- 0x3d932d02 69 61 6c 57 00 49 6e 74 65 72 6e 65 74 45 6e 75 ialW.InternetEnu
- 0x3d932d12 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 44 65 mPerSiteCookieDe
- 0x3d932d22 63 69 73 69 6f 6e 41 00 49 6e 74 65 72 6e 65 74 cisionA.Internet
- 0x3d932d32 45 6e 75 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 EnumPerSiteCooki
- 0x3d932d42 65 44 65 63 69 73 69 6f 6e 57 00 49 6e 74 65 72 eDecisionW.Inter
- 0x3d932d52 6e 65 74 45 72 72 6f 72 44 6c 67 00 49 6e 74 65 netErrorDlg.Inte
- 0x3d932d62 72 6e 65 74 46 69 6e 64 4e 65 78 74 46 69 6c 65 rnetFindNextFile
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932c83 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 57 InternetConnectW
- 0x3d932c93 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b 55 72 .InternetCrackUr
- 0x3d932ca3 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b lA.InternetCrack
- 0x3d932cb3 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 72 65 UrlW.InternetCre
- 0x3d932cc3 61 74 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 ateUrlA.Internet
- 0x3d932cd3 43 72 65 61 74 65 55 72 6c 57 00 49 6e 74 65 72 CreateUrlW.Inter
- 0x3d932ce3 6e 65 74 44 69 61 6c 00 49 6e 74 65 72 6e 65 74 netDial.Internet
- 0x3d932cf3 44 69 61 6c 41 00 49 6e 74 65 72 6e 65 74 44 69 DialA.InternetDi
- 0x3d932d03 61 6c 57 00 49 6e 74 65 72 6e 65 74 45 6e 75 6d alW.InternetEnum
- 0x3d932d13 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 44 65 63 PerSiteCookieDec
- 0x3d932d23 69 73 69 6f 6e 41 00 49 6e 74 65 72 6e 65 74 45 isionA.InternetE
- 0x3d932d33 6e 75 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 numPerSiteCookie
- 0x3d932d43 44 65 63 69 73 69 6f 6e 57 00 49 6e 74 65 72 6e DecisionW.Intern
- 0x3d932d53 65 74 45 72 72 6f 72 44 6c 67 00 49 6e 74 65 72 etErrorDlg.Inter
- 0x3d932d63 6e 65 74 46 69 6e 64 4e 65 78 74 46 69 6c 65 41 netFindNextFileA
- 0x3d932d73 00 49 6e 74 65 72 6e 65 74 46 69 6e 64 4e 65 78 .InternetFindNex
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932fdf 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 49 6e InternetOpenA.In
- 0x3d932fef 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 41 00 49 ternetOpenUrlA.I
- 0x3d932fff 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 00 nternetOpenUrlW.
- 0x3d93300f 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 6e InternetOpenW.In
- 0x3d93301f 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 41 ternetQueryDataA
- 0x3d93302f 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e 65 vailable.Interne
- 0x3d93303f 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 74 tQueryFortezzaSt
- 0x3d93304f 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 65 atus.InternetQue
- 0x3d93305f 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 6e ryOptionA.Intern
- 0x3d93306f 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
- 0x3d93307f 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 00 nternetReadFile.
- 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
- 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
- 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
- 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932fed 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 41 InternetOpenUrlA
- 0x3d932ffd 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c .InternetOpenUrl
- 0x3d93300d 57 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 W.InternetOpenW.
- 0x3d93301d 49 6e 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 InternetQueryDat
- 0x3d93302d 61 41 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 aAvailable.Inter
- 0x3d93303d 6e 65 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 netQueryFortezza
- 0x3d93304d 53 74 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 Status.InternetQ
- 0x3d93305d 75 65 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 ueryOptionA.Inte
- 0x3d93306d 72 6e 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 rnetQueryOptionW
- 0x3d93307d 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
- 0x3d93308d 65 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 e.InternetReadFi
- 0x3d93309d 6c 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 leExA.InternetRe
- 0x3d9330ad 61 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e adFileExW.Intern
- 0x3d9330bd 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
- 0x3d9330cd 6f 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 olToStringA.Inte
- 0x3d9330dd 72 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 rnetSecurityProt
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932ffe 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 InternetOpenUrlW
- 0x3d93300e 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 .InternetOpenW.I
- 0x3d93301e 6e 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 nternetQueryData
- 0x3d93302e 41 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e Available.Intern
- 0x3d93303e 65 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 etQueryFortezzaS
- 0x3d93304e 74 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 tatus.InternetQu
- 0x3d93305e 65 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 eryOptionA.Inter
- 0x3d93306e 6e 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 netQueryOptionW.
- 0x3d93307e 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d93308e 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
- 0x3d93309e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 eExA.InternetRea
- 0x3d9330ae 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 dFileExW.Interne
- 0x3d9330be 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f tSecurityProtoco
- 0x3d9330ce 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 lToStringA.Inter
- 0x3d9330de 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f netSecurityProto
- 0x3d9330ee 63 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 colToStringW.Int
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x3d93300f 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 6e InternetOpenW.In
- 0x3d93301f 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 41 ternetQueryDataA
- 0x3d93302f 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e 65 vailable.Interne
- 0x3d93303f 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 74 tQueryFortezzaSt
- 0x3d93304f 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 65 atus.InternetQue
- 0x3d93305f 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 6e ryOptionA.Intern
- 0x3d93306f 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
- 0x3d93307f 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 00 nternetReadFile.
- 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
- 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
- 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
- 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- 0x3d9330df 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
- 0x3d9330ef 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 olToStringW.Inte
- 0x3d9330ff 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 49 rnetSetCookieA.I
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a6b 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
- 0x3d932a7b 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 .HttpSendRequest
- 0x3d932a8b 45 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 ExA.HttpSendRequ
- 0x3d932a9b 65 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 estExW.HttpSendR
- 0x3d932aab 65 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e equestW.Incremen
- 0x3d932abb 74 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 tUrlCacheHeaderD
- 0x3d932acb 61 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ata.InternetAlgI
- 0x3d932adb 64 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 dToStringA.Inter
- 0x3d932aeb 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 netAlgIdToString
- 0x3d932afb 57 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 W.InternetAttemp
- 0x3d932b0b 74 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 tConnect.Interne
- 0x3d932b1b 74 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e tAutodial.Intern
- 0x3d932b2b 65 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 etAutodialCallba
- 0x3d932b3b 63 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 ck.InternetAutod
- 0x3d932b4b 69 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e ialHangup.Intern
- 0x3d932b5b 65 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 etCanonicalizeUr
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
- 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
- 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
- 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
- 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
- 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
- 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
- 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
- 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
- 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
- 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
- 0x3d932b3c 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 k.InternetAutodi
- 0x3d932b4c 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 alHangup.Interne
- 0x3d932b5c 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 6c tCanonicalizeUrl
- 0x3d932b6c 41 00 49 6e 74 65 72 6e 65 74 43 61 6e 6f 6e 69 A.InternetCanoni
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a8f 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
- 0x3d932a9f 78 57 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xW.HttpSendReque
- 0x3d932aaf 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 55 72 6c stW.IncrementUrl
- 0x3d932abf 43 61 63 68 65 48 65 61 64 65 72 44 61 74 61 00 CacheHeaderData.
- 0x3d932acf 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 54 6f 53 InternetAlgIdToS
- 0x3d932adf 74 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 41 tringA.InternetA
- 0x3d932aef 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 00 49 6e lgIdToStringW.In
- 0x3d932aff 74 65 72 6e 65 74 41 74 74 65 6d 70 74 43 6f 6e ternetAttemptCon
- 0x3d932b0f 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 41 75 74 nect.InternetAut
- 0x3d932b1f 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 74 41 75 odial.InternetAu
- 0x3d932b2f 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 6b 00 49 todialCallback.I
- 0x3d932b3f 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 61 6c 48 nternetAutodialH
- 0x3d932b4f 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 74 43 61 angup.InternetCa
- 0x3d932b5f 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 6c 41 00 49 nonicalizeUrlA.I
- 0x3d932b6f 6e 74 65 72 6e 65 74 43 61 6e 6f 6e 69 63 61 6c nternetCanonical
- 0x3d932b7f 69 7a 65 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 izeUrlW.Internet
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932aa2 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 57 HttpSendRequestW
- 0x3d932ab2 00 49 6e 63 72 65 6d 65 6e 74 55 72 6c 43 61 63 .IncrementUrlCac
- 0x3d932ac2 68 65 48 65 61 64 65 72 44 61 74 61 00 49 6e 74 heHeaderData.Int
- 0x3d932ad2 65 72 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 ernetAlgIdToStri
- 0x3d932ae2 6e 67 41 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ngA.InternetAlgI
- 0x3d932af2 64 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 72 dToStringW.Inter
- 0x3d932b02 6e 65 74 41 74 74 65 6d 70 74 43 6f 6e 6e 65 63 netAttemptConnec
- 0x3d932b12 74 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 t.InternetAutodi
- 0x3d932b22 61 6c 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 al.InternetAutod
- 0x3d932b32 69 61 6c 43 61 6c 6c 62 61 63 6b 00 49 6e 74 65 ialCallback.Inte
- 0x3d932b42 72 6e 65 74 41 75 74 6f 64 69 61 6c 48 61 6e 67 rnetAutodialHang
- 0x3d932b52 75 70 00 49 6e 74 65 72 6e 65 74 43 61 6e 6f 6e up.InternetCanon
- 0x3d932b62 69 63 61 6c 69 7a 65 55 72 6c 41 00 49 6e 74 65 icalizeUrlA.Inte
- 0x3d932b72 72 6e 65 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 rnetCanonicalize
- 0x3d932b82 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 68 65 UrlW.InternetChe
- 0x3d932b92 63 6b 43 6f 6e 6e 65 63 74 69 6f 6e 41 00 49 6e ckConnectionA.In
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a4d 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 48 HttpQueryInfoA.H
- 0x3d932a5d 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 74 ttpQueryInfoW.Ht
- 0x3d932a6d 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 48 tpSendRequestA.H
- 0x3d932a7d 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 78 ttpSendRequestEx
- 0x3d932a8d 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 A.HttpSendReques
- 0x3d932a9d 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 71 tExW.HttpSendReq
- 0x3d932aad 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 55 uestW.IncrementU
- 0x3d932abd 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 74 rlCacheHeaderDat
- 0x3d932acd 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 54 a.InternetAlgIdT
- 0x3d932add 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 oStringA.Interne
- 0x3d932aed 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 00 tAlgIdToStringW.
- 0x3d932afd 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 43 InternetAttemptC
- 0x3d932b0d 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 41 onnect.InternetA
- 0x3d932b1d 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 74 utodial.Internet
- 0x3d932b2d 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 6b AutodialCallback
- 0x3d932b3d 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 61 .InternetAutodia
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a5c 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 HttpQueryInfoW.H
- 0x3d932a6c 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 ttpSendRequestA.
- 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
- 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
- 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
- 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
- 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
- 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
- 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
- 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
- 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
- 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
- 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
- 0x3d932b3c 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 k.InternetAutodi
- 0x3d932b4c 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 alHangup.Interne
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a2b 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 41 HttpOpenRequestA
- 0x3d932a3b 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 .HttpOpenRequest
- 0x3d932a4b 57 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 W.HttpQueryInfoA
- 0x3d932a5b 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 .HttpQueryInfoW.
- 0x3d932a6b 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
- 0x3d932a7b 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 .HttpSendRequest
- 0x3d932a8b 45 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 ExA.HttpSendRequ
- 0x3d932a9b 65 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 estExW.HttpSendR
- 0x3d932aab 65 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e equestW.Incremen
- 0x3d932abb 74 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 tUrlCacheHeaderD
- 0x3d932acb 61 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ata.InternetAlgI
- 0x3d932adb 64 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 dToStringA.Inter
- 0x3d932aeb 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 netAlgIdToString
- 0x3d932afb 57 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 W.InternetAttemp
- 0x3d932b0b 74 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 tConnect.Interne
- 0x3d932b1b 74 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e tAutodial.Intern
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x3d932a3c 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 HttpOpenRequestW
- 0x3d932a4c 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 .HttpQueryInfoA.
- 0x3d932a5c 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 HttpQueryInfoW.H
- 0x3d932a6c 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 ttpSendRequestA.
- 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
- 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
- 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
- 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
- 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
- 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
- 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
- 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
- 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
- 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
- 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
- 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76f157d0 57 53 32 5f 33 32 2e 64 6c 6c 00 ff 90 90 90 90 WS2_32.dll......
- 0x76f157e0 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 18 58 03 00 SHELL32.dll..X..
- 0x76f157f0 2e 58 03 00 52 58 03 00 66 58 03 00 00 00 00 00 .X..RX..fX......
- 0x76f15800 7a 58 03 00 00 00 00 00 0b 00 00 80 0c 00 00 80 zX..............
- 0x76f15810 6f 00 00 80 00 00 00 00 00 00 4e 65 74 57 6b 73 o.........NetWks
- 0x76f15820 74 61 55 73 65 72 47 65 74 49 6e 66 6f 00 00 00 taUserGetInfo...
- 0x76f15830 44 73 52 6f 6c 65 47 65 74 50 72 69 6d 61 72 79 DsRoleGetPrimary
- 0x76f15840 44 6f 6d 61 69 6e 49 6e 66 6f 72 6d 61 74 69 6f DomainInformatio
- 0x76f15850 6e 00 00 00 44 73 52 6f 6c 65 46 72 65 65 4d 65 n...DsRoleFreeMe
- 0x76f15860 6d 6f 72 79 00 33 00 00 4e 65 74 41 70 69 42 75 mory.3..NetApiBu
- 0x76f15870 66 66 65 72 46 72 65 65 00 33 00 00 53 48 47 65 fferFree.3..SHGe
- 0x76f15880 74 46 6f 6c 64 65 72 50 61 74 68 57 00 32 90 90 tFolderPathW.2..
- 0x76f15890 a8 59 03 00 ff ff ff ff ff ff ff ff 44 59 03 00 .Y..........DY..
- 0x76f158a0 00 10 00 00 30 5a 03 00 ff ff ff ff ff ff ff ff ....0Z..........
- 0x76f158b0 52 59 03 00 88 10 00 00 9c 5b 03 00 ff ff ff ff RY.......[......
- 0x76f158c0 ff ff ff ff 60 59 03 00 f4 11 00 00 28 5c 03 00 ....`Y......(\..
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x71a78e32 57 53 32 5f 33 32 2e 64 6c 6c 00 00 57 53 32 48 WS2_32.dll..WS2H
- 0x71a78e42 45 4c 50 2e 64 6c 6c 00 90 90 70 92 02 00 80 92 ELP.dll...p.....
- 0x71a78e52 02 00 8e 92 02 00 a2 92 02 00 b2 92 02 00 c6 92 ................
- 0x71a78e62 02 00 d6 92 02 00 e6 92 02 00 f6 92 02 00 08 93 ................
- 0x71a78e72 02 00 1a 93 02 00 2c 93 02 00 40 93 02 00 58 93 ......,...@...X.
- 0x71a78e82 02 00 72 93 02 00 84 93 02 00 a0 93 02 00 c0 93 ..r.............
- 0x71a78e92 02 00 d6 93 02 00 e6 93 02 00 f6 93 02 00 0e 94 ................
- 0x71a78ea2 02 00 1e 94 02 00 30 94 02 00 46 94 02 00 5a 94 ......0...F...Z.
- 0x71a78eb2 02 00 6a 94 02 00 7c 94 02 00 8c 94 02 00 9c 94 ..j...|.........
- 0x71a78ec2 02 00 b2 94 02 00 c8 94 02 00 e6 94 02 00 00 00 ................
- 0x71a78ed2 00 00 f6 94 02 00 04 95 02 00 10 95 02 00 22 95 ..............".
- 0x71a78ee2 02 00 2e 95 02 00 3a 95 02 00 4c 95 02 00 5e 95 ......:...L...^.
- 0x71a78ef2 02 00 6c 95 02 00 88 95 02 00 a2 95 02 00 bc 95 ..l.............
- 0x71a78f02 02 00 d0 95 02 00 ec 95 02 00 0a 96 02 00 22 96 ..............".
- 0x71a78f12 02 00 38 96 02 00 4e 96 02 00 64 96 02 00 74 96 ..8...N...d...t.
- 0x71a78f22 02 00 84 96 02 00 92 96 02 00 a4 96 02 00 b2 96 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x662b9820 57 53 32 5f 33 32 2e 64 6c 6c 00 fe 00 00 00 00 WS2_32.dll......
- 0x662b9830 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 5c 00 5c 00 SHELL32.dll.\.\.
- 0x662b9840 2e 00 5c 00 4e 00 44 00 49 00 53 00 00 00 00 00 ..\.N.D.I.S.....
- 0x662b9850 6e 65 74 73 68 65 6c 6c 2e 64 6c 6c 00 5a 00 00 netshell.dll.Z..
- 0x662b9860 cc 84 d3 fd c6 78 6d 4e 86 94 1d ac be e5 7f 96 .....xmN........
- 0x662b9870 f1 fb 1b b7 f2 2a 20 48 81 0c 4f 8e ff 83 8e 60 .....*.H..O....`
- 0x662b9880 99 d0 d1 b6 35 e2 99 4b ba 98 7c 62 4f d8 75 db ....5..K..|bO.u.
- 0x662b9890 c3 5e 01 d6 16 fa 13 48 9c a1 da 20 45 74 f5 da .^.....H....Et..
- 0x662b98a0 d2 7f 03 7c 42 2b 0f 4a b8 a2 61 1d 10 e0 31 17 ...|B+.J..a...1.
- 0x662b98b0 03 f1 51 d8 90 8c 21 43 af f0 58 ba 5b d4 21 c2 ..Q...!C..X.[.!.
- 0x662b98c0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 H...............
- 0x662b98d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x662b98e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x662b98f0 00 00 00 00 00 00 00 00 00 00 00 00 6c 15 2f 66 ............l./f
- 0x662b9900 30 99 2b 66 d3 00 00 00 52 53 44 53 2b 2c 33 87 0.+f....RSDS+,3.
- 0x662b9910 6e ff fc 42 b8 97 84 a1 d2 4e c2 71 01 00 00 00 n..B.....N.q....
- Rule: Str_Win32_Wininet_Library
- Owner: Process svchost.exe Pid 3296
- 0x662b9810 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 00 00 00 00 WININET.dll.....
- 0x662b9820 57 53 32 5f 33 32 2e 64 6c 6c 00 fe 00 00 00 00 WS2_32.dll......
- 0x662b9830 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 5c 00 5c 00 SHELL32.dll.\.\.
- 0x662b9840 2e 00 5c 00 4e 00 44 00 49 00 53 00 00 00 00 00 ..\.N.D.I.S.....
- 0x662b9850 6e 65 74 73 68 65 6c 6c 2e 64 6c 6c 00 5a 00 00 netshell.dll.Z..
- 0x662b9860 cc 84 d3 fd c6 78 6d 4e 86 94 1d ac be e5 7f 96 .....xmN........
- 0x662b9870 f1 fb 1b b7 f2 2a 20 48 81 0c 4f 8e ff 83 8e 60 .....*.H..O....`
- 0x662b9880 99 d0 d1 b6 35 e2 99 4b ba 98 7c 62 4f d8 75 db ....5..K..|bO.u.
- 0x662b9890 c3 5e 01 d6 16 fa 13 48 9c a1 da 20 45 74 f5 da .^.....H....Et..
- 0x662b98a0 d2 7f 03 7c 42 2b 0f 4a b8 a2 61 1d 10 e0 31 17 ...|B+.J..a...1.
- 0x662b98b0 03 f1 51 d8 90 8c 21 43 af f0 58 ba 5b d4 21 c2 ..Q...!C..X.[.!.
- 0x662b98c0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 H...............
- 0x662b98d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x662b98e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x662b98f0 00 00 00 00 00 00 00 00 00 00 00 00 6c 15 2f 66 ............l./f
- 0x662b9900 30 99 2b 66 d3 00 00 00 52 53 44 53 2b 2c 33 87 0.+f....RSDS+,3.
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x5b8ab680 57 53 32 5f 33 32 2e 64 6c 6c 00 fc 90 90 90 90 WS2_32.dll......
- 0x5b8ab690 57 4c 44 41 50 33 32 2e 64 6c 6c 00 90 90 90 90 WLDAP32.dll.....
- 0x5b8ab6a0 44 4e 53 41 50 49 2e 64 6c 6c 00 fc 90 90 90 90 DNSAPI.dll......
- 0x5b8ab6b0 55 53 45 52 33 32 2e 64 6c 6c 00 fc b0 b8 04 00 USER32.dll......
- 0x5b8ab6c0 be b8 04 00 d2 b8 04 00 e8 b8 04 00 fc b8 04 00 ................
- 0x5b8ab6d0 10 b9 04 00 00 00 00 00 20 b9 04 00 3a b9 04 00 ............:...
- 0x5b8ab6e0 52 b9 04 00 62 b9 04 00 74 b9 04 00 8c b9 04 00 R...b...t.......
- 0x5b8ab6f0 9e b9 04 00 b0 b9 04 00 c8 b9 04 00 dc b9 04 00 ................
- 0x5b8ab700 f4 b9 04 00 00 00 00 00 08 ba 04 00 16 ba 04 00 ................
- 0x5b8ab710 34 ba 04 00 46 ba 04 00 5a ba 04 00 6a ba 04 00 4...F...Z...j...
- 0x5b8ab720 76 ba 04 00 00 00 00 00 92 ba 04 00 a4 ba 04 00 v...............
- 0x5b8ab730 bc ba 04 00 d6 ba 04 00 e4 ba 04 00 f4 ba 04 00 ................
- 0x5b8ab740 0e bb 04 00 1e bb 04 00 2c bb 04 00 4a bb 04 00 ........,...J...
- 0x5b8ab750 64 bb 04 00 84 bb 04 00 96 bb 04 00 b0 bb 04 00 d...............
- 0x5b8ab760 ca bb 04 00 e8 bb 04 00 04 bc 04 00 1c bc 04 00 ................
- 0x5b8ab770 34 bc 04 00 50 bc 04 00 62 bc 04 00 7c bc 04 00 4...P...b...|...
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x71a902af 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
- 0x71a902bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a902cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a902df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a902ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a902ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9030f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9031f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9032f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9033f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9034f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9035f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9036f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9037f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9038f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x71a9039f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x71a945a0 57 53 32 5f 33 32 2e 64 6c 6c 00 00 2c 46 00 00 WS2_32.dll..,F..
- 0x71a945b0 40 46 00 00 5a 46 00 00 78 46 00 00 94 46 00 00 @F..ZF..xF...F..
- 0x71a945c0 a8 46 00 00 c4 46 00 00 de 46 00 00 f4 46 00 00 .F...F...F...F..
- 0x71a945d0 0a 47 00 00 00 00 00 00 1a 47 00 00 2e 47 00 00 .G.......G...G..
- 0x71a945e0 50 47 00 00 5c 47 00 00 74 47 00 00 90 47 00 00 PG..\G..tG...G..
- 0x71a945f0 a8 47 00 00 b8 47 00 00 d0 47 00 00 e2 47 00 00 .G...G...G...G..
- 0x71a94600 ec 47 00 00 08 48 00 00 24 48 00 00 30 48 00 00 .G...H..$H..0H..
- 0x71a94610 3e 48 00 00 48 48 00 00 52 48 00 00 00 00 00 00 >H..HH..RH......
- 0x71a94620 0f 00 00 80 08 00 00 80 00 00 00 00 4a 03 54 65 ............J.Te
- 0x71a94630 72 6d 69 6e 61 74 65 50 72 6f 63 65 73 73 00 00 rminateProcess..
- 0x71a94640 94 02 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e ..QueryPerforman
- 0x71a94650 63 65 43 6f 75 6e 74 65 72 00 36 03 53 65 74 55 ceCounter.6.SetU
- 0x71a94660 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f nhandledExceptio
- 0x71a94670 6e 46 69 6c 74 65 72 00 5b 03 55 6e 68 61 6e 64 nFilter.[.Unhand
- 0x71a94680 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 ledExceptionFilt
- 0x71a94690 65 72 00 00 3b 01 47 65 74 43 75 72 72 65 6e 74 er..;.GetCurrent
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x71ab1eba 57 53 32 5f 33 32 2e 64 6c 6c 00 46 72 65 65 41 WS2_32.dll.FreeA
- 0x71ab1eca 64 64 72 49 6e 66 6f 57 00 47 65 74 41 64 64 72 ddrInfoW.GetAddr
- 0x71ab1eda 49 6e 66 6f 57 00 47 65 74 4e 61 6d 65 49 6e 66 InfoW.GetNameInf
- 0x71ab1eea 6f 57 00 57 45 50 00 57 50 55 43 6f 6d 70 6c 65 oW.WEP.WPUComple
- 0x71ab1efa 74 65 4f 76 65 72 6c 61 70 70 65 64 52 65 71 75 teOverlappedRequ
- 0x71ab1f0a 65 73 74 00 57 53 41 41 63 63 65 70 74 00 57 53 est.WSAAccept.WS
- 0x71ab1f1a 41 41 64 64 72 65 73 73 54 6f 53 74 72 69 6e 67 AAddressToString
- 0x71ab1f2a 41 00 57 53 41 41 64 64 72 65 73 73 54 6f 53 74 A.WSAAddressToSt
- 0x71ab1f3a 72 69 6e 67 57 00 57 53 41 41 73 79 6e 63 47 65 ringW.WSAAsyncGe
- 0x71ab1f4a 74 48 6f 73 74 42 79 41 64 64 72 00 57 53 41 41 tHostByAddr.WSAA
- 0x71ab1f5a 73 79 6e 63 47 65 74 48 6f 73 74 42 79 4e 61 6d syncGetHostByNam
- 0x71ab1f6a 65 00 57 53 41 41 73 79 6e 63 47 65 74 50 72 6f e.WSAAsyncGetPro
- 0x71ab1f7a 74 6f 42 79 4e 61 6d 65 00 57 53 41 41 73 79 6e toByName.WSAAsyn
- 0x71ab1f8a 63 47 65 74 50 72 6f 74 6f 42 79 4e 75 6d 62 65 cGetProtoByNumbe
- 0x71ab1f9a 72 00 57 53 41 41 73 79 6e 63 47 65 74 53 65 72 r.WSAAsyncGetSer
- 0x71ab1faa 76 42 79 4e 61 6d 65 00 57 53 41 41 73 79 6e 63 vByName.WSAAsync
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x76362ddf 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 6f InternetConnecto
- 0x76362def 72 53 74 61 74 75 73 00 53 65 72 76 65 72 4c 69 rStatus.ServerLi
- 0x76362dff 63 65 6e 73 69 6e 67 43 6c 6f 73 65 00 53 65 72 censingClose.Ser
- 0x76362e0f 76 65 72 4c 69 63 65 6e 73 69 6e 67 44 65 61 63 verLicensingDeac
- 0x76362e1f 74 69 76 61 74 65 43 75 72 72 65 6e 74 50 6f 6c tivateCurrentPol
- 0x76362e2f 69 63 79 00 53 65 72 76 65 72 4c 69 63 65 6e 73 icy.ServerLicens
- 0x76362e3f 69 6e 67 46 72 65 65 50 6f 6c 69 63 79 49 6e 66 ingFreePolicyInf
- 0x76362e4f 6f 72 6d 61 74 69 6f 6e 00 53 65 72 76 65 72 4c ormation.ServerL
- 0x76362e5f 69 63 65 6e 73 69 6e 67 47 65 74 41 76 61 69 6c icensingGetAvail
- 0x76362e6f 61 62 6c 65 50 6f 6c 69 63 79 49 64 73 00 53 65 ablePolicyIds.Se
- 0x76362e7f 72 76 65 72 4c 69 63 65 6e 73 69 6e 67 47 65 74 rverLicensingGet
- 0x76362e8f 50 6f 6c 69 63 79 00 53 65 72 76 65 72 4c 69 63 Policy.ServerLic
- 0x76362e9f 65 6e 73 69 6e 67 47 65 74 50 6f 6c 69 63 79 49 ensingGetPolicyI
- 0x76362eaf 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 53 65 72 76 nformationA.Serv
- 0x76362ebf 65 72 4c 69 63 65 6e 73 69 6e 67 47 65 74 50 6f erLicensingGetPo
- 0x76362ecf 6c 69 63 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 57 licyInformationW
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x76362fac 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 6f InternetConnecto
- 0x76362fbc 72 53 74 61 74 75 73 00 57 69 6e 53 74 61 74 69 rStatus.WinStati
- 0x76362fcc 6f 6e 41 63 74 69 76 61 74 65 4c 69 63 65 6e 73 onActivateLicens
- 0x76362fdc 65 00 57 69 6e 53 74 61 74 69 6f 6e 41 75 74 6f e.WinStationAuto
- 0x76362fec 52 65 63 6f 6e 6e 65 63 74 00 57 69 6e 53 74 61 Reconnect.WinSta
- 0x76362ffc 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 00 tion............
- 0x7636300c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636301c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636302c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636303c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636304c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636305c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636306c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636307c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636308c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x7636309c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76d602f2 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
- 0x76d60302 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60312 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60322 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60332 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60342 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60352 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60362 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60372 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60382 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d60392 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d603a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d603b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d603c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d603d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76d603e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76d733d6 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 d8 35 WS2_32.dll.....5
- 0x76d733e6 01 00 e8 35 01 00 f8 35 01 00 06 36 01 00 1a 36 ...5...5...6...6
- 0x76d733f6 01 00 2c 36 01 00 42 36 01 00 56 36 01 00 6e 36 ..,6..B6..V6..n6
- 0x76d73406 01 00 86 36 01 00 98 36 01 00 a8 36 01 00 b8 36 ...6...6...6...6
- 0x76d73416 01 00 00 00 00 00 cc 36 01 00 d8 36 01 00 e4 36 .......6...6...6
- 0x76d73426 01 00 fa 36 01 00 10 37 01 00 22 37 01 00 40 37 ...6...7.."7..@7
- 0x76d73436 01 00 5c 37 01 00 70 37 01 00 86 37 01 00 9c 37 ..\7..p7...7...7
- 0x76d73446 01 00 b6 37 01 00 d4 37 01 00 e2 37 01 00 fa 37 ...7...7...7...7
- 0x76d73456 01 00 12 38 01 00 2c 38 01 00 3a 38 01 00 48 38 ...8..,8..:8..H8
- 0x76d73466 01 00 58 38 01 00 6e 38 01 00 80 38 01 00 90 38 ..X8..n8...8...8
- 0x76d73476 01 00 ac 38 01 00 ba 38 01 00 c8 38 01 00 da 38 ...8...8...8...8
- 0x76d73486 01 00 e6 38 01 00 f6 38 01 00 12 39 01 00 2a 39 ...8...8...9..*9
- 0x76d73496 01 00 38 39 01 00 48 39 01 00 58 39 01 00 6a 39 ..89..H9..X9..j9
- 0x76d734a6 01 00 78 39 01 00 84 39 01 00 94 39 01 00 a4 39 ..x9...9...9...9
- 0x76d734b6 01 00 b0 39 01 00 bc 39 01 00 c8 39 01 00 e0 39 ...9...9...9...9
- 0x76d734c6 01 00 f8 39 01 00 06 3a 01 00 1a 3a 01 00 2a 3a ...9...:...:..*:
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76e9031a 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
- 0x76e9032a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9033a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9034a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9035a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9036a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9037a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9038a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9039a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903da 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e903fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76e9040a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76e9e108 57 53 32 5f 33 32 2e 64 6c 6c 00 00 bc e2 00 00 WS2_32.dll......
- 0x76e9e118 ce e2 00 00 de e2 00 00 ee e2 00 00 00 e3 00 00 ................
- 0x76e9e128 12 e3 00 00 24 e3 00 00 32 e3 00 00 46 e3 00 00 ....$...2...F...
- 0x76e9e138 58 e3 00 00 68 e3 00 00 76 e3 00 00 8a e3 00 00 X...h...v.......
- 0x76e9e148 a0 e3 00 00 b0 e3 00 00 c6 e3 00 00 d6 e3 00 00 ................
- 0x76e9e158 e8 e3 00 00 fe e3 00 00 12 e4 00 00 24 e4 00 00 ............$...
- 0x76e9e168 00 00 00 00 36 e4 00 00 42 e4 00 00 52 e4 00 00 ....6...B...R...
- 0x76e9e178 64 e4 00 00 7c e4 00 00 8c e4 00 00 a8 e4 00 00 d...|...........
- 0x76e9e188 d0 e4 00 00 d8 e4 00 00 e8 e4 00 00 fa e4 00 00 ................
- 0x76e9e198 0a e5 00 00 20 e5 00 00 2c e5 00 00 3a e5 00 00 ........,...:...
- 0x76e9e1a8 48 e5 00 00 5e e5 00 00 6e e5 00 00 7e e5 00 00 H...^...n...~...
- 0x76e9e1b8 90 e5 00 00 a4 e5 00 00 bc e5 00 00 d4 e5 00 00 ................
- 0x76e9e1c8 e2 e5 00 00 f0 e5 00 00 06 e6 00 00 1a e6 00 00 ................
- 0x76e9e1d8 2e e6 00 00 48 e6 00 00 58 e6 00 00 6e e6 00 00 ....H...X...n...
- 0x76e9e1e8 88 e6 00 00 9c e6 00 00 b8 e6 00 00 d6 e6 00 00 ................
- 0x76e9e1f8 ec e6 00 00 f8 e6 00 00 06 e7 00 00 14 e7 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76fc02d7 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
- 0x76fc02e7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc02f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0307 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0317 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0327 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0337 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0347 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0357 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0367 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0377 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0387 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc0397 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc03a7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc03b7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- 0x76fc03c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x76fc1d06 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 ac 1d WS2_32.dll......
- 0x76fc1d16 00 00 bc 1d 00 00 d0 1d 00 00 00 00 00 00 de 1d ................
- 0x76fc1d26 00 00 fa 1d 00 00 0e 1e 00 00 22 1e 00 00 3c 1e .........."...<.
- 0x76fc1d36 00 00 5a 1e 00 00 70 1e 00 00 80 1e 00 00 9a 1e ..Z...p.........
- 0x76fc1d46 00 00 a2 1e 00 00 b0 1e 00 00 c6 1e 00 00 dc 1e ................
- 0x76fc1d56 00 00 ea 1e 00 00 fa 1e 00 00 06 1f 00 00 16 1f ................
- 0x76fc1d66 00 00 2c 1f 00 00 3a 1f 00 00 4a 1f 00 00 5c 1f ..,...:...J...\.
- 0x76fc1d76 00 00 00 00 00 00 78 1f 00 00 80 1f 00 00 8c 1f ......x.........
- 0x76fc1d86 00 00 96 1f 00 00 a0 1f 00 00 00 00 00 00 b0 1f ................
- 0x76fc1d96 00 00 c0 1f 00 00 d8 1f 00 00 00 00 00 00 0b 00 ................
- 0x76fc1da6 00 80 00 00 00 00 e5 01 52 65 67 4f 70 65 6e 4b ........RegOpenK
- 0x76fc1db6 65 79 45 78 57 00 ef 01 52 65 67 51 75 65 72 79 eyExW...RegQuery
- 0x76fc1dc6 56 61 6c 75 65 45 78 57 00 00 ca 01 52 65 67 43 ValueExW....RegC
- 0x76fc1dd6 6c 6f 73 65 4b 65 79 00 5b 03 55 6e 68 61 6e 64 loseKey.[.Unhand
- 0x76fc1de6 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 ledExceptionFilt
- 0x76fc1df6 65 72 00 00 3b 01 47 65 74 43 75 72 72 65 6e 74 er..;.GetCurrent
- Rule: Str_Win32_Winsock2_Library
- Owner: Process svchost.exe Pid 3296
- 0x77c8d4fe 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 14 d8 WS2_32.dll......
- 0x77c8d50e 01 00 2a d8 01 00 34 d8 01 00 4c d8 01 00 68 d8 ..*...4...L...h.
- 0x77c8d51e 01 00 84 d8 01 00 9a d8 01 00 b2 d8 01 00 c6 d8 ................
- 0x77c8d52e 01 00 d6 d8 01 00 f2 d8 01 00 fe d8 01 00 16 d9 ................
- 0x77c8d53e 01 00 28 d9 01 00 3e d9 01 00 58 d9 01 00 6a d9 ..(...>...X...j.
- 0x77c8d54e 01 00 76 d9 01 00 84 d9 01 00 92 d9 01 00 a4 d9 ..v.............
- 0x77c8d55e 01 00 b4 d9 01 00 c4 d9 01 00 da d9 01 00 f0 d9 ................
- 0x77c8d56e 01 00 00 da 01 00 14 da 01 00 24 da 01 00 38 da ..........$...8.
- 0x77c8d57e 01 00 46 da 01 00 54 da 01 00 68 da 01 00 7c da ..F...T...h...|.
- 0x77c8d58e 01 00 90 da 01 00 a4 da 01 00 b8 da 01 00 c8 da ................
- 0x77c8d59e 01 00 e4 da 01 00 f0 da 01 00 00 00 00 00 00 db ................
- 0x77c8d5ae 01 00 0a db 01 00 16 db 01 00 00 00 00 00 22 db ..............".
- 0x77c8d5be 01 00 00 00 00 00 3a db 01 00 50 db 01 00 60 db ......:...P...`.
- 0x77c8d5ce 01 00 7e db 01 00 9a db 01 00 ae db 01 00 c2 db ..~.............
- 0x77c8d5de 01 00 dc db 01 00 f2 db 01 00 08 dc 01 00 18 dc ................
- 0x77c8d5ee 01 00 32 dc 01 00 4e dc 01 00 62 dc 01 00 78 dc ..2...N...b...x.
- Rule: Str_Win32_Wininet_Library
- Owner: Process svchost.exe Pid 3296
- 0x781f43a0 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 90 90 90 90 WININET.dll.....
- 0x781f43b0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
- 0x781f43c0 47 44 49 33 32 2e 64 6c 6c 00 90 90 90 90 90 90 GDI32.dll.......
- 0x781f43d0 4e 45 54 41 50 49 33 32 2e 64 6c 6c 00 90 90 90 NETAPI32.dll....
- 0x781f43e0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
- 0x781f43f0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
- 0x781f4400 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 90 90 90 90 SHELL32.dll.....
- 0x781f4410 56 45 52 53 49 4f 4e 2e 64 6c 6c 00 90 90 90 90 VERSION.dll.....
- 0x781f4420 4d 50 52 2e 64 6c 6c 00 90 90 90 90 90 90 90 90 MPR.dll.........
- 0x781f4430 61 70 70 68 65 6c 70 2e 64 6c 6c 00 c8 45 0c 00 apphelp.dll..E..
- 0x781f4440 e2 45 0c 00 fc 45 0c 00 16 46 0c 00 34 46 0c 00 .E...E...F..4F..
- 0x781f4450 52 46 0c 00 66 46 0c 00 82 46 0c 00 9a 46 0c 00 RF..fF...F...F..
- 0x781f4460 b8 46 0c 00 cc 46 0c 00 e8 46 0c 00 00 47 0c 00 .F...F...F...G..
- 0x781f4470 18 47 0c 00 30 47 0c 00 44 47 0c 00 56 47 0c 00 .G..0G..DG..VG..
- 0x781f4480 6c 47 0c 00 80 47 0c 00 94 47 0c 00 ae 47 0c 00 lG...G...G...G..
- 0x781f4490 c4 47 0c 00 de 47 0c 00 f2 47 0c 00 02 48 0c 00 .G...G...G...H..
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4ade 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
- 0x781f4aee 64 6c 65 00 00 00 47 65 74 54 65 78 74 45 78 74 dle...GetTextExt
- 0x781f4afe 65 6e 74 50 6f 69 6e 74 33 32 57 00 00 00 43 72 entPoint32W...Cr
- 0x781f4b0e 65 61 74 65 46 6f 6e 74 49 6e 64 69 72 65 63 74 eateFontIndirect
- 0x781f4b1e 57 00 00 00 47 65 74 53 74 6f 63 6b 4f 62 6a 65 W...GetStockObje
- 0x781f4b2e 63 74 00 00 00 00 44 65 6c 65 74 65 4f 62 6a 65 ct....DeleteObje
- 0x781f4b3e 63 74 00 11 00 00 47 65 74 4f 62 6a 65 63 74 41 ct....GetObjectA
- 0x781f4b4e 00 00 00 00 43 72 65 61 74 65 46 6f 6e 74 49 6e ....CreateFontIn
- 0x781f4b5e 64 69 72 65 63 74 41 00 00 00 53 65 6c 65 63 74 directA...Select
- 0x781f4b6e 4f 62 6a 65 63 74 00 11 00 00 47 65 74 4f 62 6a Object....GetObj
- 0x781f4b7e 65 63 74 57 00 00 00 00 47 65 74 4d 65 74 61 46 ectW....GetMetaF
- 0x781f4b8e 69 6c 65 42 69 74 73 45 78 00 00 00 53 65 74 4d ileBitsEx...SetM
- 0x781f4b9e 65 74 61 46 69 6c 65 42 69 74 73 45 78 00 00 00 etaFileBitsEx...
- 0x781f4bae 47 65 74 42 69 74 6d 61 70 42 69 74 73 00 00 00 GetBitmapBits...
- 0x781f4bbe 43 72 65 61 74 65 42 69 74 6d 61 70 00 11 00 00 CreateBitmap....
- 0x781f4bce 47 65 74 45 6e 68 4d 65 74 61 46 69 6c 65 42 69 GetEnhMetaFileBi
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4822 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x781f4832 45 78 57 00 00 00 49 6e 74 65 72 6e 65 74 45 72 ExW...InternetEr
- 0x781f4842 72 6f 72 44 6c 67 00 00 00 00 52 65 73 75 6d 65 rorDlg....Resume
- 0x781f4852 53 75 73 70 65 6e 64 65 64 44 6f 77 6e 6c 6f 61 SuspendedDownloa
- 0x781f4862 64 00 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 d...InternetQuer
- 0x781f4872 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 6c yDataAvailable.l
- 0x781f4882 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
- 0x781f4892 6c 65 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e le....InternetIn
- 0x781f48a2 69 74 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 itializeAutoProx
- 0x781f48b2 79 44 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 yDll....HttpQuer
- 0x781f48c2 79 49 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e yInfoW....Intern
- 0x781f48d2 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 etGetConnectedSt
- 0x781f48e2 61 74 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 ate...InternetSe
- 0x781f48f2 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 45 00 00 tFilePointer.E..
- 0x781f4902 55 6e 6c 6f 63 6b 55 72 6c 43 61 63 68 65 45 6e UnlockUrlCacheEn
- 0x781f4912 74 72 79 46 69 6c 65 57 00 2e 00 00 49 6e 74 65 tryFileW....Inte
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4884 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x781f4894 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e 69 74 ....InternetInit
- 0x781f48a4 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 79 44 ializeAutoProxyD
- 0x781f48b4 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 79 49 ll....HttpQueryI
- 0x781f48c4 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e 65 74 nfoW....Internet
- 0x781f48d4 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 GetConnectedStat
- 0x781f48e4 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 46 e...InternetSetF
- 0x781f48f4 69 6c 65 50 6f 69 6e 74 65 72 00 45 00 00 55 6e ilePointer.E..Un
- 0x781f4904 6c 6f 63 6b 55 72 6c 43 61 63 68 65 45 6e 74 72 lockUrlCacheEntr
- 0x781f4914 79 46 69 6c 65 57 00 2e 00 00 49 6e 74 65 72 6e yFileW....Intern
- 0x781f4924 65 74 55 6e 6c 6f 63 6b 52 65 71 75 65 73 74 46 etUnlockRequestF
- 0x781f4934 69 6c 65 00 00 00 52 65 74 72 69 65 76 65 55 72 ile...RetrieveUr
- 0x781f4944 6c 43 61 63 68 65 45 6e 74 72 79 46 69 6c 65 57 lCacheEntryFileW
- 0x781f4954 00 6c 00 00 49 6e 74 65 72 6e 65 74 43 72 65 61 .l..InternetCrea
- 0x781f4964 74 65 55 72 6c 41 00 49 00 00 49 6e 74 65 72 6e teUrlA.I..Intern
- 0x781f4974 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4a56 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 57 InternetConnectW
- 0x781f4a66 00 00 00 00 48 74 74 70 51 75 65 72 79 49 6e 66 ....HttpQueryInf
- 0x781f4a76 6f 41 00 00 00 00 47 65 74 55 72 6c 43 61 63 68 oA....GetUrlCach
- 0x781f4a86 65 45 6e 74 72 79 49 6e 66 6f 45 78 57 00 00 00 eEntryInfoExW...
- 0x781f4a96 49 6e 74 65 72 6e 65 74 4c 6f 63 6b 52 65 71 75 InternetLockRequ
- 0x781f4aa6 65 73 74 46 69 6c 65 00 00 00 49 6e 74 65 72 6e estFile...Intern
- 0x781f4ab6 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 41 00 49 etQueryOptionA.I
- 0x781f4ac6 00 00 49 6e 74 65 72 6e 65 74 53 65 74 4f 70 74 ..InternetSetOpt
- 0x781f4ad6 69 6f 6e 41 00 49 00 00 49 6e 74 65 72 6e 65 74 ionA.I..Internet
- 0x781f4ae6 43 6c 6f 73 65 48 61 6e 64 6c 65 00 00 00 47 65 CloseHandle...Ge
- 0x781f4af6 74 54 65 78 74 45 78 74 65 6e 74 50 6f 69 6e 74 tTextExtentPoint
- 0x781f4b06 33 32 57 00 00 00 43 72 65 61 74 65 46 6f 6e 74 32W...CreateFont
- 0x781f4b16 49 6e 64 69 72 65 63 74 57 00 00 00 47 65 74 53 IndirectW...GetS
- 0x781f4b26 74 6f 63 6b 4f 62 6a 65 63 74 00 00 00 00 44 65 tockObject....De
- 0x781f4b36 6c 65 74 65 4f 62 6a 65 63 74 00 11 00 00 47 65 leteObject....Ge
- 0x781f4b46 74 4f 62 6a 65 63 74 41 00 00 00 00 43 72 65 61 tObjectA....Crea
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4732 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 InternetOpenUrlW
- 0x781f4742 00 00 00 00 46 74 70 47 65 74 46 69 6c 65 53 69 ....FtpGetFileSi
- 0x781f4752 7a 65 00 00 00 00 48 74 74 70 53 65 6e 64 52 65 ze....HttpSendRe
- 0x781f4762 71 75 65 73 74 45 78 57 00 49 00 00 48 74 74 70 questExW.I..Http
- 0x781f4772 53 65 6e 64 52 65 71 75 65 73 74 57 00 00 00 00 SendRequestW....
- 0x781f4782 49 6e 74 65 72 6e 65 74 57 72 69 74 65 46 69 6c InternetWriteFil
- 0x781f4792 65 00 00 00 46 69 6e 64 4e 65 78 74 55 72 6c 43 e...FindNextUrlC
- 0x781f47a2 61 63 68 65 45 6e 74 72 79 41 00 45 00 00 49 6e acheEntryA.E..In
- 0x781f47b2 74 65 72 6e 65 74 43 72 65 61 74 65 55 72 6c 57 ternetCreateUrlW
- 0x781f47c2 00 49 00 00 48 74 74 70 41 64 64 52 65 71 75 65 .I..HttpAddReque
- 0x781f47d2 73 74 48 65 61 64 65 72 73 57 00 45 00 00 48 74 stHeadersW.E..Ht
- 0x781f47e2 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 00 00 tpOpenRequestW..
- 0x781f47f2 00 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 ..InternetOpenW.
- 0x781f4802 00 00 49 6e 74 65 72 6e 65 74 53 65 74 53 74 61 ..InternetSetSta
- 0x781f4812 74 75 73 43 61 6c 6c 62 61 63 6b 41 00 6c 00 00 tusCallbackA.l..
- 0x781f4822 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- Rule: Str_Win32_Internet_API
- Owner: Process svchost.exe Pid 3296
- 0x781f47f4 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 00 00 InternetOpenW...
- 0x781f4804 49 6e 74 65 72 6e 65 74 53 65 74 53 74 61 74 75 InternetSetStatu
- 0x781f4814 73 43 61 6c 6c 62 61 63 6b 41 00 6c 00 00 49 6e sCallbackA.l..In
- 0x781f4824 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 45 78 ternetReadFileEx
- 0x781f4834 57 00 00 00 49 6e 74 65 72 6e 65 74 45 72 72 6f W...InternetErro
- 0x781f4844 72 44 6c 67 00 00 00 00 52 65 73 75 6d 65 53 75 rDlg....ResumeSu
- 0x781f4854 73 70 65 6e 64 65 64 44 6f 77 6e 6c 6f 61 64 00 spendedDownload.
- 0x781f4864 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 44 ..InternetQueryD
- 0x781f4874 61 74 61 41 76 61 69 6c 61 62 6c 65 00 6c 00 00 ataAvailable.l..
- 0x781f4884 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
- 0x781f4894 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e 69 74 ....InternetInit
- 0x781f48a4 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 79 44 ializeAutoProxyD
- 0x781f48b4 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 79 49 ll....HttpQueryI
- 0x781f48c4 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e 65 74 nfoW....Internet
- 0x781f48d4 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 GetConnectedStat
- 0x781f48e4 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 46 e...InternetSetF
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4758 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
- 0x781f4768 78 57 00 49 00 00 48 74 74 70 53 65 6e 64 52 65 xW.I..HttpSendRe
- 0x781f4778 71 75 65 73 74 57 00 00 00 00 49 6e 74 65 72 6e questW....Intern
- 0x781f4788 65 74 57 72 69 74 65 46 69 6c 65 00 00 00 46 69 etWriteFile...Fi
- 0x781f4798 6e 64 4e 65 78 74 55 72 6c 43 61 63 68 65 45 6e ndNextUrlCacheEn
- 0x781f47a8 74 72 79 41 00 45 00 00 49 6e 74 65 72 6e 65 74 tryA.E..Internet
- 0x781f47b8 43 72 65 61 74 65 55 72 6c 57 00 49 00 00 48 74 CreateUrlW.I..Ht
- 0x781f47c8 74 70 41 64 64 52 65 71 75 65 73 74 48 65 61 64 tpAddRequestHead
- 0x781f47d8 65 72 73 57 00 45 00 00 48 74 74 70 4f 70 65 6e ersW.E..HttpOpen
- 0x781f47e8 52 65 71 75 65 73 74 57 00 00 00 00 49 6e 74 65 RequestW....Inte
- 0x781f47f8 72 6e 65 74 4f 70 65 6e 57 00 00 00 49 6e 74 65 rnetOpenW...Inte
- 0x781f4808 72 6e 65 74 53 65 74 53 74 61 74 75 73 43 61 6c rnetSetStatusCal
- 0x781f4818 6c 62 61 63 6b 41 00 6c 00 00 49 6e 74 65 72 6e lbackA.l..Intern
- 0x781f4828 65 74 52 65 61 64 46 69 6c 65 45 78 57 00 00 00 etReadFileExW...
- 0x781f4838 49 6e 74 65 72 6e 65 74 45 72 72 6f 72 44 6c 67 InternetErrorDlg
- 0x781f4848 00 00 00 00 52 65 73 75 6d 65 53 75 73 70 65 6e ....ResumeSuspen
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x781f476e 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 57 HttpSendRequestW
- 0x781f477e 00 00 00 00 49 6e 74 65 72 6e 65 74 57 72 69 74 ....InternetWrit
- 0x781f478e 65 46 69 6c 65 00 00 00 46 69 6e 64 4e 65 78 74 eFile...FindNext
- 0x781f479e 55 72 6c 43 61 63 68 65 45 6e 74 72 79 41 00 45 UrlCacheEntryA.E
- 0x781f47ae 00 00 49 6e 74 65 72 6e 65 74 43 72 65 61 74 65 ..InternetCreate
- 0x781f47be 55 72 6c 57 00 49 00 00 48 74 74 70 41 64 64 52 UrlW.I..HttpAddR
- 0x781f47ce 65 71 75 65 73 74 48 65 61 64 65 72 73 57 00 45 equestHeadersW.E
- 0x781f47de 00 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 ..HttpOpenReques
- 0x781f47ee 74 57 00 00 00 00 49 6e 74 65 72 6e 65 74 4f 70 tW....InternetOp
- 0x781f47fe 65 6e 57 00 00 00 49 6e 74 65 72 6e 65 74 53 65 enW...InternetSe
- 0x781f480e 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 41 tStatusCallbackA
- 0x781f481e 00 6c 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 .l..InternetRead
- 0x781f482e 46 69 6c 65 45 78 57 00 00 00 49 6e 74 65 72 6e FileExW...Intern
- 0x781f483e 65 74 45 72 72 6f 72 44 6c 67 00 00 00 00 52 65 etErrorDlg....Re
- 0x781f484e 73 75 6d 65 53 75 73 70 65 6e 64 65 64 44 6f 77 sumeSuspendedDow
- 0x781f485e 6e 6c 6f 61 64 00 00 00 49 6e 74 65 72 6e 65 74 nload...Internet
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x781f48ba 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 00 HttpQueryInfoW..
- 0x781f48ca 00 00 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e ..InternetGetCon
- 0x781f48da 6e 65 63 74 65 64 53 74 61 74 65 00 00 00 49 6e nectedState...In
- 0x781f48ea 74 65 72 6e 65 74 53 65 74 46 69 6c 65 50 6f 69 ternetSetFilePoi
- 0x781f48fa 6e 74 65 72 00 45 00 00 55 6e 6c 6f 63 6b 55 72 nter.E..UnlockUr
- 0x781f490a 6c 43 61 63 68 65 45 6e 74 72 79 46 69 6c 65 57 lCacheEntryFileW
- 0x781f491a 00 2e 00 00 49 6e 74 65 72 6e 65 74 55 6e 6c 6f ....InternetUnlo
- 0x781f492a 63 6b 52 65 71 75 65 73 74 46 69 6c 65 00 00 00 ckRequestFile...
- 0x781f493a 52 65 74 72 69 65 76 65 55 72 6c 43 61 63 68 65 RetrieveUrlCache
- 0x781f494a 45 6e 74 72 79 46 69 6c 65 57 00 6c 00 00 49 6e EntryFileW.l..In
- 0x781f495a 74 65 72 6e 65 74 43 72 65 61 74 65 55 72 6c 41 ternetCreateUrlA
- 0x781f496a 00 49 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 .I..InternetQuer
- 0x781f497a 79 4f 70 74 69 6f 6e 57 00 49 00 00 46 69 6e 64 yOptionW.I..Find
- 0x781f498a 46 69 72 73 74 55 72 6c 43 61 63 68 65 45 6e 74 FirstUrlCacheEnt
- 0x781f499a 72 79 45 78 41 00 00 00 43 72 65 61 74 65 55 72 ryExA...CreateUr
- 0x781f49aa 6c 43 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 57 lCacheContainerW
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x781f4a6a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
- 0x781f4a7a 00 00 47 65 74 55 72 6c 43 61 63 68 65 45 6e 74 ..GetUrlCacheEnt
- 0x781f4a8a 72 79 49 6e 66 6f 45 78 57 00 00 00 49 6e 74 65 ryInfoExW...Inte
- 0x781f4a9a 72 6e 65 74 4c 6f 63 6b 52 65 71 75 65 73 74 46 rnetLockRequestF
- 0x781f4aaa 69 6c 65 00 00 00 49 6e 74 65 72 6e 65 74 51 75 ile...InternetQu
- 0x781f4aba 65 72 79 4f 70 74 69 6f 6e 41 00 49 00 00 49 6e eryOptionA.I..In
- 0x781f4aca 74 65 72 6e 65 74 53 65 74 4f 70 74 69 6f 6e 41 ternetSetOptionA
- 0x781f4ada 00 49 00 00 49 6e 74 65 72 6e 65 74 43 6c 6f 73 .I..InternetClos
- 0x781f4aea 65 48 61 6e 64 6c 65 00 00 00 47 65 74 54 65 78 eHandle...GetTex
- 0x781f4afa 74 45 78 74 65 6e 74 50 6f 69 6e 74 33 32 57 00 tExtentPoint32W.
- 0x781f4b0a 00 00 43 72 65 61 74 65 46 6f 6e 74 49 6e 64 69 ..CreateFontIndi
- 0x781f4b1a 72 65 63 74 57 00 00 00 47 65 74 53 74 6f 63 6b rectW...GetStock
- 0x781f4b2a 4f 62 6a 65 63 74 00 00 00 00 44 65 6c 65 74 65 Object....Delete
- 0x781f4b3a 4f 62 6a 65 63 74 00 11 00 00 47 65 74 4f 62 6a Object....GetObj
- 0x781f4b4a 65 63 74 41 00 00 00 00 43 72 65 61 74 65 46 6f ectA....CreateFo
- 0x781f4b5a 6e 74 49 6e 64 69 72 65 63 74 41 00 00 00 53 65 ntIndirectA...Se
- Rule: Str_Win32_Http_API
- Owner: Process svchost.exe Pid 3296
- 0x781f47e0 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 HttpOpenRequestW
- 0x781f47f0 00 00 00 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e ....InternetOpen
- 0x781f4800 57 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 53 W...InternetSetS
- 0x781f4810 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 41 00 6c tatusCallbackA.l
- 0x781f4820 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
- 0x781f4830 6c 65 45 78 57 00 00 00 49 6e 74 65 72 6e 65 74 leExW...Internet
- 0x781f4840 45 72 72 6f 72 44 6c 67 00 00 00 00 52 65 73 75 ErrorDlg....Resu
- 0x781f4850 6d 65 53 75 73 70 65 6e 64 65 64 44 6f 77 6e 6c meSuspendedDownl
- 0x781f4860 6f 61 64 00 00 00 49 6e 74 65 72 6e 65 74 51 75 oad...InternetQu
- 0x781f4870 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
- 0x781f4880 00 6c 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 .l..InternetRead
- 0x781f4890 46 69 6c 65 00 00 00 00 49 6e 74 65 72 6e 65 74 File....Internet
- 0x781f48a0 49 6e 69 74 69 61 6c 69 7a 65 41 75 74 6f 50 72 InitializeAutoPr
- 0x781f48b0 6f 78 79 44 6c 6c 00 00 00 00 48 74 74 70 51 75 oxyDll....HttpQu
- 0x781f48c0 65 72 79 49 6e 66 6f 57 00 00 00 00 49 6e 74 65 eryInfoW....Inte
- 0x781f48d0 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 rnetGetConnected
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement