yaraa 3296

1. Volatility Foundation Volatility Framework 2.6
2. Rule: Cobalt_functions
3. Owner: Process svchost.exe Pid 3296
4. 0x0101590d 58 a4 53 e5 ff d5 93 53 6a 00 56 53 57 68 02 d9 X.S....Sj.VSWh..
5. 0x0101591d c8 5f ff d5 01 c3 29 c6 85 f6 75 ec c3 51 73 d8 ._....)...u..Qs.
6. 0x0101592d 5c 9f be 9d 4d c2 e3 d2 fe 2b 59 77 47 16 e4 b1 \...M....+YwG...
7. 0x0101593d 7d 48 12 25 5c 95 cf 0a 46 83 c1 20 45 12 da 06 }H.%\...F...E...
8. 0x0101594d 4a 8f d5 1c 64 ad f7 42 8e db 29 78 cc 19 6b bf J...d..B..)x..k.
9. 0x0101595d ee 98 42 21 6c c5 1f 71 d6 33 91 b0 50 b1 13 89 ..B!l..q.3..P...
10. 0x0101596d d9 3f a5 8c 74 dd 47 33 e1 74 06 70 d8 49 bb 26 .?..t.G3.t.p.I.&
11. 0x0101597d a2 17 8d 24 7c f5 6f 95 66 e3 61 e0 60 e1 63 e6 ...$|.o.f.a.`.c.
12. 0x0101598d 6a ef 75 fc 24 0f d7 22 ae 3b c9 58 e8 79 0b 9e j.u.$..".;.X.y..
13. 0x0101599d fa c2 1d f4 8c 25 bf 5a f6 93 31 d0 8a 19 f3 56 .....%.Z..1....V
14. 0x010159ad fa 9f 45 ec 94 3d e7 d2 a2 e7 d9 48 f8 a9 5b 0e ..E..=.....H..[.
15. 0x010159bd c2 77 2d b4 5f 5a 4f ca 86 43 01 c0 80 41 03 e2 .w-._ZO..C...A..
16. 0x010159cd 7e 5d 55 dc a4 6d 37 02 ce 9b e9 ae 90 cf eb 7e ~]U..m7........~
17. 0x010159dd 52 27 fd d4 ac 85 7f 86 a8 ea 91 b0 90 71 53 36 R'...........qS6
18. 0x010159ed 1e 40 2c d7 3a a9 c7 72 5e 4b 98 c5 d4 c7 e0 2c .@,.:..r^K.....,
19. 0x010159fd 31 99 8d e4 4c 2b 1a da 8d 0b 0c 65 3d c8 e3 76 1...L+.....e=..v
20. Rule: Cobalt_functions
21. Owner: Process svchost.exe Pid 3296
22. 0x010158a4 4c 77 26 07 ff d5 b8 90 01 00 00 29 c4 54 50 68 Lw&........).TPh
23. 0x010158b4 29 80 6b 00 ff d5 50 50 50 50 40 50 40 50 68 ea ).k...PPPP@P@Ph.
24. 0x010158c4 0f df e0 ff d5 97 6a 05 68 7f 00 00 01 68 02 00 ......j.h....h..
25. 0x010158d4 16 2e 89 e6 6a 10 56 57 68 99 a5 74 61 ff d5 85 ....j.VWh..ta...
26. 0x010158e4 c0 74 0c ff 4e 08 75 ec 68 f0 b5 a2 56 ff d5 6a .t..N.u.h...V..j
27. 0x010158f4 00 6a 04 56 57 68 02 d9 c8 5f ff d5 8b 36 6a 40 .j.VWh..._...6j@
28. 0x01015904 68 00 10 00 00 56 6a 00 68 58 a4 53 e5 ff d5 93 h....Vj.hX.S....
29. 0x01015914 53 6a 00 56 53 57 68 02 d9 c8 5f ff d5 01 c3 29 Sj.VSWh..._....)
30. 0x01015924 c6 85 f6 75 ec c3 51 73 d8 5c 9f be 9d 4d c2 e3 ...u..Qs.\...M..
31. 0x01015934 d2 fe 2b 59 77 47 16 e4 b1 7d 48 12 25 5c 95 cf ..+YwG...}H.%\..
32. 0x01015944 0a 46 83 c1 20 45 12 da 06 4a 8f d5 1c 64 ad f7 .F...E...J...d..
33. 0x01015954 42 8e db 29 78 cc 19 6b bf ee 98 42 21 6c c5 1f B..)x..k...B!l..
34. 0x01015964 71 d6 33 91 b0 50 b1 13 89 d9 3f a5 8c 74 dd 47 q.3..P....?..t.G
35. 0x01015974 33 e1 74 06 70 d8 49 bb 26 a2 17 8d 24 7c f5 6f 3.t.p.I.&...$|.o
36. 0x01015984 95 66 e3 61 e0 60 e1 63 e6 6a ef 75 fc 24 0f d7 .f.a.`.c.j.u.$..
37. 0x01015994 22 ae 3b c9 58 e8 79 0b 9e fa c2 1d f4 8c 25 bf ".;.X.y.......%.
38. Rule: Str_Win32_Winsock2_Library
39. Owner: Process svchost.exe Pid 3296
40. 0x01013c1c 57 53 32 5f 33 32 2e 64 6c 6c 00 00 69 00 49 6e WS2_32.dll..i.In
41. 0x01013c2c 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e 64 6c ternetCloseHandl
42. 0x01013c3c 65 00 a7 00 49 6e 74 65 72 6e 65 74 53 65 74 4f e...InternetSetO
43. 0x01013c4c 70 74 69 6f 6e 41 00 00 6f 00 49 6e 74 65 72 6e ptionA..o.Intern
44. 0x01013c5c 65 74 43 6f 6e 6e 65 63 74 41 00 00 92 00 49 6e etConnectA....In
45. 0x01013c6c 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 48 74 ternetOpenA.W.Ht
46. 0x01013c7c 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 9a 00 tpQueryInfoA....
47. 0x01013c8c 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
48. 0x01013c9c 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
49. 0x01013cac 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
50. 0x01013cbc 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 Y.HttpSendReques
51. 0x01013ccc 74 41 00 00 50 00 48 74 74 70 41 64 64 52 65 71 tA..P.HttpAddReq
52. 0x01013cdc 75 65 73 74 48 65 61 64 65 72 73 41 00 00 98 00 uestHeadersA....
53. 0x01013cec 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 InternetQueryOpt
54. 0x01013cfc 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 ionA....Internet
55. 0x01013d0c 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 SetStatusCallbac
56. Rule: Str_Win32_Wininet_Library
57. Owner: Process svchost.exe Pid 3296
58. 0x01013d32 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 20 02 49 6e WININET.dll...In
59. 0x01013d42 74 65 72 6c 6f 63 6b 65 64 49 6e 63 72 65 6d 65 terlockedIncreme
60. 0x01013d52 6e 74 00 00 1c 02 49 6e 74 65 72 6c 6f 63 6b 65 nt....Interlocke
61. 0x01013d62 64 44 65 63 72 65 6d 65 6e 74 00 00 1d 02 49 6e dDecrement....In
62. 0x01013d72 74 65 72 6c 6f 63 6b 65 64 45 78 63 68 61 6e 67 terlockedExchang
63. 0x01013d82 65 00 18 02 49 6e 69 74 69 61 6c 69 7a 65 43 72 e...InitializeCr
64. 0x01013d92 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 7f 00 iticalSection...
65. 0x01013da2 44 65 6c 65 74 65 43 72 69 74 69 63 61 6c 53 65 DeleteCriticalSe
66. 0x01013db2 63 74 69 6f 6e 00 96 00 45 6e 74 65 72 43 72 69 ction...EnterCri
67. 0x01013dc2 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 43 02 ticalSection..C.
68. 0x01013dd2 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 65 63 LeaveCriticalSec
69. 0x01013de2 74 69 6f 6e 00 00 1b 02 49 6e 74 65 72 6c 6f 63 tion....Interloc
70. 0x01013df2 6b 65 64 43 6f 6d 70 61 72 65 45 78 63 68 61 6e kedCompareExchan
71. 0x01013e02 67 65 00 00 7e 02 4f 75 74 70 75 74 44 65 62 75 ge..~.OutputDebu
72. 0x01013e12 67 53 74 72 69 6e 67 41 00 00 c7 02 52 74 6c 55 gStringA....RtlU
73. 0x01013e22 6e 77 69 6e 64 00 36 03 53 65 74 55 6e 68 61 6e nwind.6.SetUnhan
74. Rule: Str_Win32_Internet_API
75. Owner: Process svchost.exe Pid 3296
76. 0x01013c2a 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
77. 0x01013c3a 64 6c 65 00 a7 00 49 6e 74 65 72 6e 65 74 53 65 dle...InternetSe
78. 0x01013c4a 74 4f 70 74 69 6f 6e 41 00 00 6f 00 49 6e 74 65 tOptionA..o.Inte
79. 0x01013c5a 72 6e 65 74 43 6f 6e 6e 65 63 74 41 00 00 92 00 rnetConnectA....
80. 0x01013c6a 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 InternetOpenA.W.
81. 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
82. 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
83. 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
84. 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
85. 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
86. 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
87. 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
88. 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
89. 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
90. 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
91. 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
92. Rule: Str_Win32_Internet_API
93. Owner: Process svchost.exe Pid 3296
94. 0x01001dd0 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
95. 0x01001de0 00 00 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
96. 0x01001df0 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
97. 0x01001e00 44 61 74 61 20 73 65 6e 74 2e 2e 2e 00 00 00 00 Data.sent.......
98. 0x01001e10 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 00 HttpSendRequest.
99. 0x01001e20 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type:.te
100. 0x01001e30 78 74 2f 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d xt/xml..Content-
101. 0x01001e40 6c 65 6e 67 74 68 3a 20 25 64 00 00 48 74 74 70 length:.%d..Http
102. 0x01001e50 4f 70 65 6e 52 65 71 75 65 73 74 00 50 4f 53 54 OpenRequest.POST
103. 0x01001e60 00 00 00 00 48 54 54 50 2f 31 2e 30 00 00 00 00 ....HTTP/1.0....
104. 0x01001e70 74 65 78 74 2f 2a 00 00 4e 6f 20 63 6f 6e 6e 65 text/*..No.conne
105. 0x01001e80 63 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 ction...........
106. 0x01001e90 0e b1 00 01 2a 00 00 00 00 00 00 00 00 00 00 00 ....*...........
107. 0x01001ea0 73 74 72 69 6e 67 20 74 6f 6f 20 6c 6f 6e 67 00 string.too.long.
108. 0x01001eb0 69 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 20 70 invalid.string.p
109. 0x01001ec0 6f 73 69 74 69 6f 6e 00 00 00 00 00 00 00 00 00 osition.........
110. Rule: Str_Win32_Internet_API
111. Owner: Process svchost.exe Pid 3296
112. 0x01013c8c 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
113. 0x01013c9c 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 65 72 ....InternetQuer
114. 0x01013cac 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 00 yDataAvailable..
115. 0x01013cbc 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 Y.HttpSendReques
116. 0x01013ccc 74 41 00 00 50 00 48 74 74 70 41 64 64 52 65 71 tA..P.HttpAddReq
117. 0x01013cdc 75 65 73 74 48 65 61 64 65 72 73 41 00 00 98 00 uestHeadersA....
118. 0x01013cec 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 InternetQueryOpt
119. 0x01013cfc 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 ionA....Internet
120. 0x01013d0c 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 SetStatusCallbac
121. 0x01013d1c 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 71 75 k.U.HttpOpenRequ
122. 0x01013d2c 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e 64 6c estA..WININET.dl
123. 0x01013d3c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 64 49 l...InterlockedI
124. 0x01013d4c 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e 74 65 ncrement....Inte
125. 0x01013d5c 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 6e 74 rlockedDecrement
126. 0x01013d6c 00 00 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 64 45 ....InterlockedE
127. 0x01013d7c 78 63 68 61 6e 67 65 00 18 02 49 6e 69 74 69 61 xchange...Initia
128. Rule: Str_Win32_Internet_API
129. Owner: Process svchost.exe Pid 3296
130. 0x01001a90 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 00 InternetConnect.
131. 0x01001aa0 49 6e 74 65 72 6e 65 74 4f 70 65 6e 00 00 00 00 InternetOpen....
132. 0x01001ab0 58 6d 6c 52 70 63 00 00 00 00 00 00 04 00 00 00 XmlRpc..........
133. 0x01001ac0 54 68 65 20 55 52 49 20 6d 75 73 74 20 62 65 67 The.URI.must.beg
134. 0x01001ad0 69 6e 20 77 69 74 68 20 22 68 74 74 70 73 3a 2f in.with."https:/
135. 0x01001ae0 2f 22 20 7c 7c 20 22 68 74 74 70 3a 2f 2f 22 2e /".||."http://".
136. 0x01001af0 00 00 00 00 68 74 74 70 3a 2f 2f 00 68 74 74 70 ....http://.http
137. 0x01001b00 73 3a 2f 2f 00 00 00 00 00 00 00 00 4c 00 00 00 s://........L...
138. 0x01001b10 30 00 00 00 31 00 00 00 3c 6e 69 6c 2f 3e 00 00 0...1...<nil/>..
139. 0x01001b20 25 34 64 25 30 32 64 25 30 32 64 54 25 30 32 64 %4d%02d%02dT%02d
140. 0x01001b30 3a 25 30 32 64 3a 25 30 32 64 00 00 74 79 70 65 :%02d:%02d..type
141. 0x01001b40 20 65 72 72 6f 72 3a 20 65 78 70 65 63 74 65 64 .error:.expected
142. 0x01001b50 20 61 20 73 74 72 75 63 74 00 00 00 3c 73 74 72 .a.struct...<str
143. 0x01001b60 69 6e 67 2f 3e 00 00 00 42 61 64 20 62 61 73 65 ing/>...Bad.base
144. 0x01001b70 36 34 00 00 55 6e 64 65 66 69 6e 65 64 20 58 6d 64..Undefined.Xm
145. 0x01001b80 6c 52 70 63 20 76 61 6c 75 65 00 00 3c 2f 70 61 lRpc.value..</pa
146. Rule: Str_Win32_Internet_API
147. Owner: Process svchost.exe Pid 3296
148. 0x01013c56 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 41 InternetConnectA
149. 0x01013c66 00 00 92 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e ....InternetOpen
150. 0x01013c76 41 00 57 00 48 74 74 70 51 75 65 72 79 49 6e 66 A.W.HttpQueryInf
151. 0x01013c86 6f 41 00 00 9a 00 49 6e 74 65 72 6e 65 74 52 65 oA....InternetRe
152. 0x01013c96 61 64 46 69 6c 65 00 00 96 00 49 6e 74 65 72 6e adFile....Intern
153. 0x01013ca6 65 74 51 75 65 72 79 44 61 74 61 41 76 61 69 6c etQueryDataAvail
154. 0x01013cb6 61 62 6c 65 00 00 59 00 48 74 74 70 53 65 6e 64 able..Y.HttpSend
155. 0x01013cc6 52 65 71 75 65 73 74 41 00 00 50 00 48 74 74 70 RequestA..P.Http
156. 0x01013cd6 41 64 64 52 65 71 75 65 73 74 48 65 61 64 65 72 AddRequestHeader
157. 0x01013ce6 73 41 00 00 98 00 49 6e 74 65 72 6e 65 74 51 75 sA....InternetQu
158. 0x01013cf6 65 72 79 4f 70 74 69 6f 6e 41 00 00 ad 00 49 6e eryOptionA....In
159. 0x01013d06 74 65 72 6e 65 74 53 65 74 53 74 61 74 75 73 43 ternetSetStatusC
160. 0x01013d16 61 6c 6c 62 61 63 6b 00 55 00 48 74 74 70 4f 70 allback.U.HttpOp
161. 0x01013d26 65 6e 52 65 71 75 65 73 74 41 00 00 57 49 4e 49 enRequestA..WINI
162. 0x01013d36 4e 45 54 2e 64 6c 6c 00 20 02 49 6e 74 65 72 6c NET.dll...Interl
163. 0x01013d46 6f 63 6b 65 64 49 6e 63 72 65 6d 65 6e 74 00 00 ockedIncrement..
164. Rule: Str_Win32_Internet_API
165. Owner: Process svchost.exe Pid 3296
166. 0x01001aa0 49 6e 74 65 72 6e 65 74 4f 70 65 6e 00 00 00 00 InternetOpen....
167. 0x01001ab0 58 6d 6c 52 70 63 00 00 00 00 00 00 04 00 00 00 XmlRpc..........
168. 0x01001ac0 54 68 65 20 55 52 49 20 6d 75 73 74 20 62 65 67 The.URI.must.beg
169. 0x01001ad0 69 6e 20 77 69 74 68 20 22 68 74 74 70 73 3a 2f in.with."https:/
170. 0x01001ae0 2f 22 20 7c 7c 20 22 68 74 74 70 3a 2f 2f 22 2e /".||."http://".
171. 0x01001af0 00 00 00 00 68 74 74 70 3a 2f 2f 00 68 74 74 70 ....http://.http
172. 0x01001b00 73 3a 2f 2f 00 00 00 00 00 00 00 00 4c 00 00 00 s://........L...
173. 0x01001b10 30 00 00 00 31 00 00 00 3c 6e 69 6c 2f 3e 00 00 0...1...<nil/>..
174. 0x01001b20 25 34 64 25 30 32 64 25 30 32 64 54 25 30 32 64 %4d%02d%02dT%02d
175. 0x01001b30 3a 25 30 32 64 3a 25 30 32 64 00 00 74 79 70 65 :%02d:%02d..type
176. 0x01001b40 20 65 72 72 6f 72 3a 20 65 78 70 65 63 74 65 64 .error:.expected
177. 0x01001b50 20 61 20 73 74 72 75 63 74 00 00 00 3c 73 74 72 .a.struct...<str
178. 0x01001b60 69 6e 67 2f 3e 00 00 00 42 61 64 20 62 61 73 65 ing/>...Bad.base
179. 0x01001b70 36 34 00 00 55 6e 64 65 66 69 6e 65 64 20 58 6d 64..Undefined.Xm
180. 0x01001b80 6c 52 70 63 20 76 61 6c 75 65 00 00 3c 2f 70 61 lRpc.value..</pa
181. 0x01001b90 72 61 6d 73 3e 3c 2f 6d 65 74 68 6f 64 43 61 6c rams></methodCal
182. Rule: Str_Win32_Internet_API
183. Owner: Process svchost.exe Pid 3296
184. 0x01013c6a 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 57 00 InternetOpenA.W.
185. 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
186. 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
187. 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
188. 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
189. 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
190. 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
191. 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
192. 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
193. 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
194. 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
195. 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
196. 0x01013d2a 71 75 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e questA..WININET.
197. 0x01013d3a 64 6c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 dll...Interlocke
198. 0x01013d4a 64 49 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e dIncrement....In
199. 0x01013d5a 74 65 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 terlockedDecreme
200. Rule: Str_Win32_Http_API
201. Owner: Process svchost.exe Pid 3296
202. 0x01001e10 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 00 HttpSendRequest.
203. 0x01001e20 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type:.te
204. 0x01001e30 78 74 2f 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d xt/xml..Content-
205. 0x01001e40 6c 65 6e 67 74 68 3a 20 25 64 00 00 48 74 74 70 length:.%d..Http
206. 0x01001e50 4f 70 65 6e 52 65 71 75 65 73 74 00 50 4f 53 54 OpenRequest.POST
207. 0x01001e60 00 00 00 00 48 54 54 50 2f 31 2e 30 00 00 00 00 ....HTTP/1.0....
208. 0x01001e70 74 65 78 74 2f 2a 00 00 4e 6f 20 63 6f 6e 6e 65 text/*..No.conne
209. 0x01001e80 63 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 ction...........
210. 0x01001e90 0e b1 00 01 2a 00 00 00 00 00 00 00 00 00 00 00 ....*...........
211. 0x01001ea0 73 74 72 69 6e 67 20 74 6f 6f 20 6c 6f 6e 67 00 string.too.long.
212. 0x01001eb0 69 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 20 70 invalid.string.p
213. 0x01001ec0 6f 73 69 74 69 6f 6e 00 00 00 00 00 00 00 00 00 osition.........
214. 0x01001ed0 e1 be 00 01 71 ba 00 01 49 b5 00 01 84 d1 00 01 ....q...I.......
215. 0x01001ee0 d9 b5 00 01 84 b7 00 01 18 6f 00 01 c6 6b 00 01 .........o...k..
216. 0x01001ef0 17 bc 00 01 da bc 00 01 4e b6 00 01 16 b5 00 01 ........N.......
217. 0x01001f00 be be 00 01 52 24 00 01 92 b4 00 01 9a b4 00 01 ....R$..........
218. Rule: Str_Win32_Http_API
219. Owner: Process svchost.exe Pid 3296
220. 0x01013cbe 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
221. 0x01013cce 00 00 50 00 48 74 74 70 41 64 64 52 65 71 75 65 ..P.HttpAddReque
222. 0x01013cde 73 74 48 65 61 64 65 72 73 41 00 00 98 00 49 6e stHeadersA....In
223. 0x01013cee 74 65 72 6e 65 74 51 75 65 72 79 4f 70 74 69 6f ternetQueryOptio
224. 0x01013cfe 6e 41 00 00 ad 00 49 6e 74 65 72 6e 65 74 53 65 nA....InternetSe
225. 0x01013d0e 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 00 tStatusCallback.
226. 0x01013d1e 55 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 U.HttpOpenReques
227. 0x01013d2e 74 41 00 00 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 tA..WININET.dll.
228. 0x01013d3e 20 02 49 6e 74 65 72 6c 6f 63 6b 65 64 49 6e 63 ..InterlockedInc
229. 0x01013d4e 72 65 6d 65 6e 74 00 00 1c 02 49 6e 74 65 72 6c rement....Interl
230. 0x01013d5e 6f 63 6b 65 64 44 65 63 72 65 6d 65 6e 74 00 00 ockedDecrement..
231. 0x01013d6e 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 64 45 78 63 ..InterlockedExc
232. 0x01013d7e 68 61 6e 67 65 00 18 02 49 6e 69 74 69 61 6c 69 hange...Initiali
233. 0x01013d8e 7a 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f zeCriticalSectio
234. 0x01013d9e 6e 00 7f 00 44 65 6c 65 74 65 43 72 69 74 69 63 n...DeleteCritic
235. 0x01013dae 61 6c 53 65 63 74 69 6f 6e 00 96 00 45 6e 74 65 alSection...Ente
236. Rule: Str_Win32_Http_API
237. Owner: Process svchost.exe Pid 3296
238. 0x01013c7a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
239. 0x01013c8a 9a 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
240. 0x01013c9a 6c 65 00 00 96 00 49 6e 74 65 72 6e 65 74 51 75 le....InternetQu
241. 0x01013caa 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
242. 0x01013cba 00 00 59 00 48 74 74 70 53 65 6e 64 52 65 71 75 ..Y.HttpSendRequ
243. 0x01013cca 65 73 74 41 00 00 50 00 48 74 74 70 41 64 64 52 estA..P.HttpAddR
244. 0x01013cda 65 71 75 65 73 74 48 65 61 64 65 72 73 41 00 00 equestHeadersA..
245. 0x01013cea 98 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 4f ..InternetQueryO
246. 0x01013cfa 70 74 69 6f 6e 41 00 00 ad 00 49 6e 74 65 72 6e ptionA....Intern
247. 0x01013d0a 65 74 53 65 74 53 74 61 74 75 73 43 61 6c 6c 62 etSetStatusCallb
248. 0x01013d1a 61 63 6b 00 55 00 48 74 74 70 4f 70 65 6e 52 65 ack.U.HttpOpenRe
249. 0x01013d2a 71 75 65 73 74 41 00 00 57 49 4e 49 4e 45 54 2e questA..WININET.
250. 0x01013d3a 64 6c 6c 00 20 02 49 6e 74 65 72 6c 6f 63 6b 65 dll...Interlocke
251. 0x01013d4a 64 49 6e 63 72 65 6d 65 6e 74 00 00 1c 02 49 6e dIncrement....In
252. 0x01013d5a 74 65 72 6c 6f 63 6b 65 64 44 65 63 72 65 6d 65 terlockedDecreme
253. 0x01013d6a 6e 74 00 00 1d 02 49 6e 74 65 72 6c 6f 63 6b 65 nt....Interlocke
254. Rule: Str_Win32_Http_API
255. Owner: Process svchost.exe Pid 3296
256. 0x01001e4c 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 00 HttpOpenRequest.
257. 0x01001e5c 50 4f 53 54 00 00 00 00 48 54 54 50 2f 31 2e 30 POST....HTTP/1.0
258. 0x01001e6c 00 00 00 00 74 65 78 74 2f 2a 00 00 4e 6f 20 63 ....text/*..No.c
259. 0x01001e7c 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 00 00 00 00 onnection.......
260. 0x01001e8c 00 00 00 00 0e b1 00 01 2a 00 00 00 00 00 00 00 ........*.......
261. 0x01001e9c 00 00 00 00 73 74 72 69 6e 67 20 74 6f 6f 20 6c ....string.too.l
262. 0x01001eac 6f 6e 67 00 69 6e 76 61 6c 69 64 20 73 74 72 69 ong.invalid.stri
263. 0x01001ebc 6e 67 20 70 6f 73 69 74 69 6f 6e 00 00 00 00 00 ng.position.....
264. 0x01001ecc 00 00 00 00 e1 be 00 01 71 ba 00 01 49 b5 00 01 ........q...I...
265. 0x01001edc 84 d1 00 01 d9 b5 00 01 84 b7 00 01 18 6f 00 01 .............o..
266. 0x01001eec c6 6b 00 01 17 bc 00 01 da bc 00 01 4e b6 00 01 .k..........N...
267. 0x01001efc 16 b5 00 01 be be 00 01 52 24 00 01 92 b4 00 01 ........R$......
268. 0x01001f0c 9a b4 00 01 9a b4 00 01 2e b7 00 01 2e b7 00 01 ................
269. 0x01001f1c 4f b7 00 01 68 b7 00 01 00 00 00 00 00 00 00 00 O...h...........
270. 0x01001f2c 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ................
271. 0x01001f3c ff ff ff ff 00 00 00 00 00 00 00 00 55 c6 00 01 ............U...
272. Rule: Str_Win32_Http_API
273. Owner: Process svchost.exe Pid 3296
274. 0x01013d20 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 41 HttpOpenRequestA
275. 0x01013d30 00 00 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 20 02 ..WININET.dll...
276. 0x01013d40 49 6e 74 65 72 6c 6f 63 6b 65 64 49 6e 63 72 65 InterlockedIncre
277. 0x01013d50 6d 65 6e 74 00 00 1c 02 49 6e 74 65 72 6c 6f 63 ment....Interloc
278. 0x01013d60 6b 65 64 44 65 63 72 65 6d 65 6e 74 00 00 1d 02 kedDecrement....
279. 0x01013d70 49 6e 74 65 72 6c 6f 63 6b 65 64 45 78 63 68 61 InterlockedExcha
280. 0x01013d80 6e 67 65 00 18 02 49 6e 69 74 69 61 6c 69 7a 65 nge...Initialize
281. 0x01013d90 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 CriticalSection.
282. 0x01013da0 7f 00 44 65 6c 65 74 65 43 72 69 74 69 63 61 6c ..DeleteCritical
283. 0x01013db0 53 65 63 74 69 6f 6e 00 96 00 45 6e 74 65 72 43 Section...EnterC
284. 0x01013dc0 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 riticalSection..
285. 0x01013dd0 43 02 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 C.LeaveCriticalS
286. 0x01013de0 65 63 74 69 6f 6e 00 00 1b 02 49 6e 74 65 72 6c ection....Interl
287. 0x01013df0 6f 63 6b 65 64 43 6f 6d 70 61 72 65 45 78 63 68 ockedCompareExch
288. 0x01013e00 61 6e 67 65 00 00 7e 02 4f 75 74 70 75 74 44 65 ange..~.OutputDe
289. 0x01013e10 62 75 67 53 74 72 69 6e 67 41 00 00 c7 02 52 74 bugStringA....Rt
290. Rule: Str_Win32_Wininet_Library
291. Owner: Process svchost.exe Pid 3296
292. 0x3d93233e 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 43 6f 6d 6d WININET.dll.Comm
293. 0x3d93234e 69 74 55 72 6c 43 61 63 68 65 45 6e 74 72 79 41 itUrlCacheEntryA
294. 0x3d93235e 00 43 6f 6d 6d 69 74 55 72 6c 43 61 63 68 65 45 .CommitUrlCacheE
295. 0x3d93236e 6e 74 72 79 57 00 43 72 65 61 74 65 4d 44 35 53 ntryW.CreateMD5S
296. 0x3d93237e 53 4f 48 61 73 68 00 43 72 65 61 74 65 55 72 6c SOHash.CreateUrl
297. 0x3d93238e 43 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 41 00 CacheContainerA.
298. 0x3d93239e 43 72 65 61 74 65 55 72 6c 43 61 63 68 65 43 6f CreateUrlCacheCo
299. 0x3d9323ae 6e 74 61 69 6e 65 72 57 00 43 72 65 61 74 65 55 ntainerW.CreateU
300. 0x3d9323be 72 6c 43 61 63 68 65 45 6e 74 72 79 41 00 43 72 rlCacheEntryA.Cr
301. 0x3d9323ce 65 61 74 65 55 72 6c 43 61 63 68 65 45 6e 74 72 eateUrlCacheEntr
302. 0x3d9323de 79 57 00 43 72 65 61 74 65 55 72 6c 43 61 63 68 yW.CreateUrlCach
303. 0x3d9323ee 65 47 72 6f 75 70 00 44 65 6c 65 74 65 49 45 33 eGroup.DeleteIE3
304. 0x3d9323fe 43 61 63 68 65 00 44 65 6c 65 74 65 55 72 6c 43 Cache.DeleteUrlC
305. 0x3d93240e 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 41 00 44 acheContainerA.D
306. 0x3d93241e 65 6c 65 74 65 55 72 6c 43 61 63 68 65 43 6f 6e eleteUrlCacheCon
307. 0x3d93242e 74 61 69 6e 65 72 57 00 44 65 6c 65 74 65 55 72 tainerW.DeleteUr
308. Rule: Str_Win32_Wininet_Library
309. Owner: Process svchost.exe Pid 3296
310. 0x3d983be0 77 69 6e 69 6e 65 74 2e 64 6c 6c 00 3b f3 0f 84 wininet.dll.;...
311. 0x3d983bf0 d0 d4 fb ff 39 1e 0f 85 85 82 fb ff e9 c3 d4 fb ....9...........
312. 0x3d983c00 ff 8b 07 83 60 08 00 e9 d3 ce fb ff 56 ff 15 c8 ....`.......V...
313. 0x3d983c10 14 93 3d eb 70 6a 57 5e eb 67 33 c9 e9 68 80 fb ..=.pjW^.g3..h..
314. 0x3d983c20 ff 90 90 90 90 90 8b ff 55 8b ec 56 57 33 ff 39 ........U..VW3.9
315. 0x3d983c30 7d 08 74 e1 39 7d 0c 8b 75 10 74 08 3b f7 74 d5 }.t.9}..u.t.;.t.
316. 0x3d983c40 39 3e 74 d1 39 7d 14 75 cc 39 7d 18 75 c7 39 7d 9>t.9}.u.9}.u.9}
317. 0x3d983c50 1c 75 c2 e8 c2 11 fb ff 85 c0 0f 84 30 30 01 00 .u..........00..
318. 0x3d983c60 8b 45 20 8b 0d e4 12 9e 3d 50 25 00 01 00 00 83 .E......=P%.....
319. 0x3d983c70 c8 01 50 56 ff 75 0c ff 75 08 e8 85 1d fb ff 8b ..PV.u..u.......
320. 0x3d983c80 f0 3b f7 75 87 33 c0 3b f7 5f 0f 94 c0 5e 5d c2 .;.u.3.;._...^].
321. 0x3d983c90 1c 00 90 90 90 90 90 8b ff 55 8b ec 56 8b 75 08 .........U..V.u.
322. 0x3d983ca0 85 f6 75 22 39 75 0c 74 16 8b 45 10 ff 75 0c f7 ..u"9u.t..E..u..
323. 0x3d983cb0 d8 1b c0 83 e0 02 50 ff 15 fc 14 93 3d 8b f0 8b ......P.....=...
324. 0x3d983cc0 c6 5e 5d c2 0c 00 83 7d 0c 00 0f 85 1d 39 fc ff .^]....}.....9..
325. 0x3d983cd0 56 ff 15 f8 14 93 3d eb e4 53 57 ff 36 e8 b5 ff V.....=..SW.6...
326. Rule: Str_Win32_Internet_API
327. Owner: Process svchost.exe Pid 3296
328. 0x3d932be0 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
329. 0x3d932bf0 64 6c 65 00 49 6e 74 65 72 6e 65 74 43 6f 6d 62 dle.InternetComb
330. 0x3d932c00 69 6e 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 ineUrlA.Internet
331. 0x3d932c10 43 6f 6d 62 69 6e 65 55 72 6c 57 00 49 6e 74 65 CombineUrlW.Inte
332. 0x3d932c20 72 6e 65 74 43 6f 6e 66 69 72 6d 5a 6f 6e 65 43 rnetConfirmZoneC
333. 0x3d932c30 72 6f 73 73 69 6e 67 00 49 6e 74 65 72 6e 65 74 rossing.Internet
334. 0x3d932c40 43 6f 6e 66 69 72 6d 5a 6f 6e 65 43 72 6f 73 73 ConfirmZoneCross
335. 0x3d932c50 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 43 6f 6e ingA.InternetCon
336. 0x3d932c60 66 69 72 6d 5a 6f 6e 65 43 72 6f 73 73 69 6e 67 firmZoneCrossing
337. 0x3d932c70 57 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 W.InternetConnec
338. 0x3d932c80 74 41 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 tA.InternetConne
339. 0x3d932c90 63 74 57 00 49 6e 74 65 72 6e 65 74 43 72 61 63 ctW.InternetCrac
340. 0x3d932ca0 6b 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 kUrlA.InternetCr
341. 0x3d932cb0 61 63 6b 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 ackUrlW.Internet
342. 0x3d932cc0 43 72 65 61 74 65 55 72 6c 41 00 49 6e 74 65 72 CreateUrlA.Inter
343. 0x3d932cd0 6e 65 74 43 72 65 61 74 65 55 72 6c 57 00 49 6e netCreateUrlW.In
344. Rule: Str_Win32_Internet_API
345. Owner: Process svchost.exe Pid 3296
346. 0x3d93307e 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
347. 0x3d93308e 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
348. 0x3d93309e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 eExA.InternetRea
349. 0x3d9330ae 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 dFileExW.Interne
350. 0x3d9330be 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f tSecurityProtoco
351. 0x3d9330ce 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 lToStringA.Inter
352. 0x3d9330de 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f netSecurityProto
353. 0x3d9330ee 63 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 colToStringW.Int
354. 0x3d9330fe 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 ernetSetCookieA.
355. 0x3d93310e 49 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 InternetSetCooki
356. 0x3d93311e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 53 65 74 eExA.InternetSet
357. 0x3d93312e 43 6f 6f 6b 69 65 45 78 57 00 49 6e 74 65 72 6e CookieExW.Intern
358. 0x3d93313e 65 74 53 65 74 43 6f 6f 6b 69 65 57 00 49 6e 74 etSetCookieW.Int
359. 0x3d93314e 65 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 ernetSetDialStat
360. 0x3d93315e 65 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 61 e.InternetSetDia
361. 0x3d93316e 6c 53 74 61 74 65 41 00 49 6e 74 65 72 6e 65 74 lStateA.Internet
362. Rule: Str_Win32_Internet_API
363. Owner: Process svchost.exe Pid 3296
364. 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
365. 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
366. 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
367. 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
368. 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
369. 0x3d9330df 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
370. 0x3d9330ef 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 olToStringW.Inte
371. 0x3d9330ff 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 49 rnetSetCookieA.I
372. 0x3d93310f 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 nternetSetCookie
373. 0x3d93311f 45 78 41 00 49 6e 74 65 72 6e 65 74 53 65 74 43 ExA.InternetSetC
374. 0x3d93312f 6f 6f 6b 69 65 45 78 57 00 49 6e 74 65 72 6e 65 ookieExW.Interne
375. 0x3d93313f 74 53 65 74 43 6f 6f 6b 69 65 57 00 49 6e 74 65 tSetCookieW.Inte
376. 0x3d93314f 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 65 rnetSetDialState
377. 0x3d93315f 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 61 6c .InternetSetDial
378. 0x3d93316f 53 74 61 74 65 41 00 49 6e 74 65 72 6e 65 74 53 StateA.InternetS
379. 0x3d93317f 65 74 44 69 61 6c 53 74 61 74 65 57 00 49 6e 74 etDialStateW.Int
380. Rule: Str_Win32_Internet_API
381. Owner: Process svchost.exe Pid 3296
382. 0x3d9330a3 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
383. 0x3d9330b3 45 78 57 00 49 6e 74 65 72 6e 65 74 53 65 63 75 ExW.InternetSecu
384. 0x3d9330c3 72 69 74 79 50 72 6f 74 6f 63 6f 6c 54 6f 53 74 rityProtocolToSt
385. 0x3d9330d3 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 53 65 ringA.InternetSe
386. 0x3d9330e3 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c 54 6f curityProtocolTo
387. 0x3d9330f3 53 74 72 69 6e 67 57 00 49 6e 74 65 72 6e 65 74 StringW.Internet
388. 0x3d933103 53 65 74 43 6f 6f 6b 69 65 41 00 49 6e 74 65 72 SetCookieA.Inter
389. 0x3d933113 6e 65 74 53 65 74 43 6f 6f 6b 69 65 45 78 41 00 netSetCookieExA.
390. 0x3d933123 49 6e 74 65 72 6e 65 74 53 65 74 43 6f 6f 6b 69 InternetSetCooki
391. 0x3d933133 65 45 78 57 00 49 6e 74 65 72 6e 65 74 53 65 74 eExW.InternetSet
392. 0x3d933143 43 6f 6f 6b 69 65 57 00 49 6e 74 65 72 6e 65 74 CookieW.Internet
393. 0x3d933153 53 65 74 44 69 61 6c 53 74 61 74 65 00 49 6e 74 SetDialState.Int
394. 0x3d933163 65 72 6e 65 74 53 65 74 44 69 61 6c 53 74 61 74 ernetSetDialStat
395. 0x3d933173 65 41 00 49 6e 74 65 72 6e 65 74 53 65 74 44 69 eA.InternetSetDi
396. 0x3d933183 61 6c 53 74 61 74 65 57 00 49 6e 74 65 72 6e 65 alStateW.Interne
397. 0x3d933193 74 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 tSetFilePointer.
398. Rule: Str_Win32_Internet_API
399. Owner: Process svchost.exe Pid 3296
400. 0x3d932c72 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 41 InternetConnectA
401. 0x3d932c82 00 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 .InternetConnect
402. 0x3d932c92 57 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b 55 W.InternetCrackU
403. 0x3d932ca2 72 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 61 63 rlA.InternetCrac
404. 0x3d932cb2 6b 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 72 kUrlW.InternetCr
405. 0x3d932cc2 65 61 74 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 eateUrlA.Interne
406. 0x3d932cd2 74 43 72 65 61 74 65 55 72 6c 57 00 49 6e 74 65 tCreateUrlW.Inte
407. 0x3d932ce2 72 6e 65 74 44 69 61 6c 00 49 6e 74 65 72 6e 65 rnetDial.Interne
408. 0x3d932cf2 74 44 69 61 6c 41 00 49 6e 74 65 72 6e 65 74 44 tDialA.InternetD
409. 0x3d932d02 69 61 6c 57 00 49 6e 74 65 72 6e 65 74 45 6e 75 ialW.InternetEnu
410. 0x3d932d12 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 44 65 mPerSiteCookieDe
411. 0x3d932d22 63 69 73 69 6f 6e 41 00 49 6e 74 65 72 6e 65 74 cisionA.Internet
412. 0x3d932d32 45 6e 75 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 EnumPerSiteCooki
413. 0x3d932d42 65 44 65 63 69 73 69 6f 6e 57 00 49 6e 74 65 72 eDecisionW.Inter
414. 0x3d932d52 6e 65 74 45 72 72 6f 72 44 6c 67 00 49 6e 74 65 netErrorDlg.Inte
415. 0x3d932d62 72 6e 65 74 46 69 6e 64 4e 65 78 74 46 69 6c 65 rnetFindNextFile
416. Rule: Str_Win32_Internet_API
417. Owner: Process svchost.exe Pid 3296
418. 0x3d932c83 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 57 InternetConnectW
419. 0x3d932c93 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b 55 72 .InternetCrackUr
420. 0x3d932ca3 6c 41 00 49 6e 74 65 72 6e 65 74 43 72 61 63 6b lA.InternetCrack
421. 0x3d932cb3 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 72 65 UrlW.InternetCre
422. 0x3d932cc3 61 74 65 55 72 6c 41 00 49 6e 74 65 72 6e 65 74 ateUrlA.Internet
423. 0x3d932cd3 43 72 65 61 74 65 55 72 6c 57 00 49 6e 74 65 72 CreateUrlW.Inter
424. 0x3d932ce3 6e 65 74 44 69 61 6c 00 49 6e 74 65 72 6e 65 74 netDial.Internet
425. 0x3d932cf3 44 69 61 6c 41 00 49 6e 74 65 72 6e 65 74 44 69 DialA.InternetDi
426. 0x3d932d03 61 6c 57 00 49 6e 74 65 72 6e 65 74 45 6e 75 6d alW.InternetEnum
427. 0x3d932d13 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 44 65 63 PerSiteCookieDec
428. 0x3d932d23 69 73 69 6f 6e 41 00 49 6e 74 65 72 6e 65 74 45 isionA.InternetE
429. 0x3d932d33 6e 75 6d 50 65 72 53 69 74 65 43 6f 6f 6b 69 65 numPerSiteCookie
430. 0x3d932d43 44 65 63 69 73 69 6f 6e 57 00 49 6e 74 65 72 6e DecisionW.Intern
431. 0x3d932d53 65 74 45 72 72 6f 72 44 6c 67 00 49 6e 74 65 72 etErrorDlg.Inter
432. 0x3d932d63 6e 65 74 46 69 6e 64 4e 65 78 74 46 69 6c 65 41 netFindNextFileA
433. 0x3d932d73 00 49 6e 74 65 72 6e 65 74 46 69 6e 64 4e 65 78 .InternetFindNex
434. Rule: Str_Win32_Internet_API
435. Owner: Process svchost.exe Pid 3296
436. 0x3d932fdf 49 6e 74 65 72 6e 65 74 4f 70 65 6e 41 00 49 6e InternetOpenA.In
437. 0x3d932fef 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 41 00 49 ternetOpenUrlA.I
438. 0x3d932fff 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 00 nternetOpenUrlW.
439. 0x3d93300f 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 6e InternetOpenW.In
440. 0x3d93301f 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 41 ternetQueryDataA
441. 0x3d93302f 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e 65 vailable.Interne
442. 0x3d93303f 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 74 tQueryFortezzaSt
443. 0x3d93304f 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 65 atus.InternetQue
444. 0x3d93305f 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 6e ryOptionA.Intern
445. 0x3d93306f 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
446. 0x3d93307f 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 00 nternetReadFile.
447. 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
448. 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
449. 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
450. 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
451. 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
452. Rule: Str_Win32_Internet_API
453. Owner: Process svchost.exe Pid 3296
454. 0x3d932fed 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 41 InternetOpenUrlA
455. 0x3d932ffd 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c .InternetOpenUrl
456. 0x3d93300d 57 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 W.InternetOpenW.
457. 0x3d93301d 49 6e 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 InternetQueryDat
458. 0x3d93302d 61 41 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 aAvailable.Inter
459. 0x3d93303d 6e 65 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 netQueryFortezza
460. 0x3d93304d 53 74 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 Status.InternetQ
461. 0x3d93305d 75 65 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 ueryOptionA.Inte
462. 0x3d93306d 72 6e 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 rnetQueryOptionW
463. 0x3d93307d 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
464. 0x3d93308d 65 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 e.InternetReadFi
465. 0x3d93309d 6c 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 leExA.InternetRe
466. 0x3d9330ad 61 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e adFileExW.Intern
467. 0x3d9330bd 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
468. 0x3d9330cd 6f 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 olToStringA.Inte
469. 0x3d9330dd 72 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 rnetSecurityProt
470. Rule: Str_Win32_Internet_API
471. Owner: Process svchost.exe Pid 3296
472. 0x3d932ffe 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 InternetOpenUrlW
473. 0x3d93300e 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 .InternetOpenW.I
474. 0x3d93301e 6e 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 nternetQueryData
475. 0x3d93302e 41 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e Available.Intern
476. 0x3d93303e 65 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 etQueryFortezzaS
477. 0x3d93304e 74 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 tatus.InternetQu
478. 0x3d93305e 65 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 eryOptionA.Inter
479. 0x3d93306e 6e 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 netQueryOptionW.
480. 0x3d93307e 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
481. 0x3d93308e 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c .InternetReadFil
482. 0x3d93309e 65 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 eExA.InternetRea
483. 0x3d9330ae 64 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 dFileExW.Interne
484. 0x3d9330be 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f tSecurityProtoco
485. 0x3d9330ce 6c 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 lToStringA.Inter
486. 0x3d9330de 6e 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f netSecurityProto
487. 0x3d9330ee 63 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 colToStringW.Int
488. Rule: Str_Win32_Internet_API
489. Owner: Process svchost.exe Pid 3296
490. 0x3d93300f 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 49 6e InternetOpenW.In
491. 0x3d93301f 74 65 72 6e 65 74 51 75 65 72 79 44 61 74 61 41 ternetQueryDataA
492. 0x3d93302f 76 61 69 6c 61 62 6c 65 00 49 6e 74 65 72 6e 65 vailable.Interne
493. 0x3d93303f 74 51 75 65 72 79 46 6f 72 74 65 7a 7a 61 53 74 tQueryFortezzaSt
494. 0x3d93304f 61 74 75 73 00 49 6e 74 65 72 6e 65 74 51 75 65 atus.InternetQue
495. 0x3d93305f 72 79 4f 70 74 69 6f 6e 41 00 49 6e 74 65 72 6e ryOptionA.Intern
496. 0x3d93306f 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
497. 0x3d93307f 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 00 nternetReadFile.
498. 0x3d93308f 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
499. 0x3d93309f 45 78 41 00 49 6e 74 65 72 6e 65 74 52 65 61 64 ExA.InternetRead
500. 0x3d9330af 46 69 6c 65 45 78 57 00 49 6e 74 65 72 6e 65 74 FileExW.Internet
501. 0x3d9330bf 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 6f 6c SecurityProtocol
502. 0x3d9330cf 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
503. 0x3d9330df 65 74 53 65 63 75 72 69 74 79 50 72 6f 74 6f 63 etSecurityProtoc
504. 0x3d9330ef 6f 6c 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 olToStringW.Inte
505. 0x3d9330ff 72 6e 65 74 53 65 74 43 6f 6f 6b 69 65 41 00 49 rnetSetCookieA.I
506. Rule: Str_Win32_Http_API
507. Owner: Process svchost.exe Pid 3296
508. 0x3d932a6b 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
509. 0x3d932a7b 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 .HttpSendRequest
510. 0x3d932a8b 45 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 ExA.HttpSendRequ
511. 0x3d932a9b 65 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 estExW.HttpSendR
512. 0x3d932aab 65 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e equestW.Incremen
513. 0x3d932abb 74 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 tUrlCacheHeaderD
514. 0x3d932acb 61 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ata.InternetAlgI
515. 0x3d932adb 64 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 dToStringA.Inter
516. 0x3d932aeb 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 netAlgIdToString
517. 0x3d932afb 57 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 W.InternetAttemp
518. 0x3d932b0b 74 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 tConnect.Interne
519. 0x3d932b1b 74 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e tAutodial.Intern
520. 0x3d932b2b 65 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 etAutodialCallba
521. 0x3d932b3b 63 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 ck.InternetAutod
522. 0x3d932b4b 69 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e ialHangup.Intern
523. 0x3d932b5b 65 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 etCanonicalizeUr
524. Rule: Str_Win32_Http_API
525. Owner: Process svchost.exe Pid 3296
526. 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
527. 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
528. 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
529. 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
530. 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
531. 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
532. 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
533. 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
534. 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
535. 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
536. 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
537. 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
538. 0x3d932b3c 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 k.InternetAutodi
539. 0x3d932b4c 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 alHangup.Interne
540. 0x3d932b5c 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 6c tCanonicalizeUrl
541. 0x3d932b6c 41 00 49 6e 74 65 72 6e 65 74 43 61 6e 6f 6e 69 A.InternetCanoni
542. Rule: Str_Win32_Http_API
543. Owner: Process svchost.exe Pid 3296
544. 0x3d932a8f 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
545. 0x3d932a9f 78 57 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xW.HttpSendReque
546. 0x3d932aaf 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 55 72 6c stW.IncrementUrl
547. 0x3d932abf 43 61 63 68 65 48 65 61 64 65 72 44 61 74 61 00 CacheHeaderData.
548. 0x3d932acf 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 54 6f 53 InternetAlgIdToS
549. 0x3d932adf 74 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 74 41 tringA.InternetA
550. 0x3d932aef 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 00 49 6e lgIdToStringW.In
551. 0x3d932aff 74 65 72 6e 65 74 41 74 74 65 6d 70 74 43 6f 6e ternetAttemptCon
552. 0x3d932b0f 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 41 75 74 nect.InternetAut
553. 0x3d932b1f 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 74 41 75 odial.InternetAu
554. 0x3d932b2f 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 6b 00 49 todialCallback.I
555. 0x3d932b3f 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 61 6c 48 nternetAutodialH
556. 0x3d932b4f 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 74 43 61 angup.InternetCa
557. 0x3d932b5f 6e 6f 6e 69 63 61 6c 69 7a 65 55 72 6c 41 00 49 nonicalizeUrlA.I
558. 0x3d932b6f 6e 74 65 72 6e 65 74 43 61 6e 6f 6e 69 63 61 6c nternetCanonical
559. 0x3d932b7f 69 7a 65 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 izeUrlW.Internet
560. Rule: Str_Win32_Http_API
561. Owner: Process svchost.exe Pid 3296
562. 0x3d932aa2 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 57 HttpSendRequestW
563. 0x3d932ab2 00 49 6e 63 72 65 6d 65 6e 74 55 72 6c 43 61 63 .IncrementUrlCac
564. 0x3d932ac2 68 65 48 65 61 64 65 72 44 61 74 61 00 49 6e 74 heHeaderData.Int
565. 0x3d932ad2 65 72 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 ernetAlgIdToStri
566. 0x3d932ae2 6e 67 41 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ngA.InternetAlgI
567. 0x3d932af2 64 54 6f 53 74 72 69 6e 67 57 00 49 6e 74 65 72 dToStringW.Inter
568. 0x3d932b02 6e 65 74 41 74 74 65 6d 70 74 43 6f 6e 6e 65 63 netAttemptConnec
569. 0x3d932b12 74 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 t.InternetAutodi
570. 0x3d932b22 61 6c 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 al.InternetAutod
571. 0x3d932b32 69 61 6c 43 61 6c 6c 62 61 63 6b 00 49 6e 74 65 ialCallback.Inte
572. 0x3d932b42 72 6e 65 74 41 75 74 6f 64 69 61 6c 48 61 6e 67 rnetAutodialHang
573. 0x3d932b52 75 70 00 49 6e 74 65 72 6e 65 74 43 61 6e 6f 6e up.InternetCanon
574. 0x3d932b62 69 63 61 6c 69 7a 65 55 72 6c 41 00 49 6e 74 65 icalizeUrlA.Inte
575. 0x3d932b72 72 6e 65 74 43 61 6e 6f 6e 69 63 61 6c 69 7a 65 rnetCanonicalize
576. 0x3d932b82 55 72 6c 57 00 49 6e 74 65 72 6e 65 74 43 68 65 UrlW.InternetChe
577. 0x3d932b92 63 6b 43 6f 6e 6e 65 63 74 69 6f 6e 41 00 49 6e ckConnectionA.In
578. Rule: Str_Win32_Http_API
579. Owner: Process svchost.exe Pid 3296
580. 0x3d932a4d 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 48 HttpQueryInfoA.H
581. 0x3d932a5d 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 74 ttpQueryInfoW.Ht
582. 0x3d932a6d 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 48 tpSendRequestA.H
583. 0x3d932a7d 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 78 ttpSendRequestEx
584. 0x3d932a8d 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 A.HttpSendReques
585. 0x3d932a9d 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 71 tExW.HttpSendReq
586. 0x3d932aad 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 55 uestW.IncrementU
587. 0x3d932abd 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 74 rlCacheHeaderDat
588. 0x3d932acd 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 54 a.InternetAlgIdT
589. 0x3d932add 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e 65 oStringA.Interne
590. 0x3d932aed 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 00 tAlgIdToStringW.
591. 0x3d932afd 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 43 InternetAttemptC
592. 0x3d932b0d 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 41 onnect.InternetA
593. 0x3d932b1d 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 74 utodial.Internet
594. 0x3d932b2d 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 6b AutodialCallback
595. 0x3d932b3d 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 61 .InternetAutodia
596. Rule: Str_Win32_Http_API
597. Owner: Process svchost.exe Pid 3296
598. 0x3d932a5c 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 HttpQueryInfoW.H
599. 0x3d932a6c 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 ttpSendRequestA.
600. 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
601. 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
602. 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
603. 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
604. 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
605. 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
606. 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
607. 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
608. 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
609. 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
610. 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
611. 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
612. 0x3d932b3c 6b 00 49 6e 74 65 72 6e 65 74 41 75 74 6f 64 69 k.InternetAutodi
613. 0x3d932b4c 61 6c 48 61 6e 67 75 70 00 49 6e 74 65 72 6e 65 alHangup.Interne
614. Rule: Str_Win32_Http_API
615. Owner: Process svchost.exe Pid 3296
616. 0x3d932a2b 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 41 HttpOpenRequestA
617. 0x3d932a3b 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 .HttpOpenRequest
618. 0x3d932a4b 57 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 W.HttpQueryInfoA
619. 0x3d932a5b 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 .HttpQueryInfoW.
620. 0x3d932a6b 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 HttpSendRequestA
621. 0x3d932a7b 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 .HttpSendRequest
622. 0x3d932a8b 45 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 ExA.HttpSendRequ
623. 0x3d932a9b 65 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 estExW.HttpSendR
624. 0x3d932aab 65 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e equestW.Incremen
625. 0x3d932abb 74 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 tUrlCacheHeaderD
626. 0x3d932acb 61 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 ata.InternetAlgI
627. 0x3d932adb 64 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 dToStringA.Inter
628. 0x3d932aeb 6e 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 netAlgIdToString
629. 0x3d932afb 57 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 W.InternetAttemp
630. 0x3d932b0b 74 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 tConnect.Interne
631. 0x3d932b1b 74 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e tAutodial.Intern
632. Rule: Str_Win32_Http_API
633. Owner: Process svchost.exe Pid 3296
634. 0x3d932a3c 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 HttpOpenRequestW
635. 0x3d932a4c 00 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 .HttpQueryInfoA.
636. 0x3d932a5c 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 48 HttpQueryInfoW.H
637. 0x3d932a6c 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 41 00 ttpSendRequestA.
638. 0x3d932a7c 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
639. 0x3d932a8c 78 41 00 48 74 74 70 53 65 6e 64 52 65 71 75 65 xA.HttpSendReque
640. 0x3d932a9c 73 74 45 78 57 00 48 74 74 70 53 65 6e 64 52 65 stExW.HttpSendRe
641. 0x3d932aac 71 75 65 73 74 57 00 49 6e 63 72 65 6d 65 6e 74 questW.Increment
642. 0x3d932abc 55 72 6c 43 61 63 68 65 48 65 61 64 65 72 44 61 UrlCacheHeaderDa
643. 0x3d932acc 74 61 00 49 6e 74 65 72 6e 65 74 41 6c 67 49 64 ta.InternetAlgId
644. 0x3d932adc 54 6f 53 74 72 69 6e 67 41 00 49 6e 74 65 72 6e ToStringA.Intern
645. 0x3d932aec 65 74 41 6c 67 49 64 54 6f 53 74 72 69 6e 67 57 etAlgIdToStringW
646. 0x3d932afc 00 49 6e 74 65 72 6e 65 74 41 74 74 65 6d 70 74 .InternetAttempt
647. 0x3d932b0c 43 6f 6e 6e 65 63 74 00 49 6e 74 65 72 6e 65 74 Connect.Internet
648. 0x3d932b1c 41 75 74 6f 64 69 61 6c 00 49 6e 74 65 72 6e 65 Autodial.Interne
649. 0x3d932b2c 74 41 75 74 6f 64 69 61 6c 43 61 6c 6c 62 61 63 tAutodialCallbac
650. Rule: Str_Win32_Winsock2_Library
651. Owner: Process svchost.exe Pid 3296
652. 0x76f157d0 57 53 32 5f 33 32 2e 64 6c 6c 00 ff 90 90 90 90 WS2_32.dll......
653. 0x76f157e0 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 18 58 03 00 SHELL32.dll..X..
654. 0x76f157f0 2e 58 03 00 52 58 03 00 66 58 03 00 00 00 00 00 .X..RX..fX......
655. 0x76f15800 7a 58 03 00 00 00 00 00 0b 00 00 80 0c 00 00 80 zX..............
656. 0x76f15810 6f 00 00 80 00 00 00 00 00 00 4e 65 74 57 6b 73 o.........NetWks
657. 0x76f15820 74 61 55 73 65 72 47 65 74 49 6e 66 6f 00 00 00 taUserGetInfo...
658. 0x76f15830 44 73 52 6f 6c 65 47 65 74 50 72 69 6d 61 72 79 DsRoleGetPrimary
659. 0x76f15840 44 6f 6d 61 69 6e 49 6e 66 6f 72 6d 61 74 69 6f DomainInformatio
660. 0x76f15850 6e 00 00 00 44 73 52 6f 6c 65 46 72 65 65 4d 65 n...DsRoleFreeMe
661. 0x76f15860 6d 6f 72 79 00 33 00 00 4e 65 74 41 70 69 42 75 mory.3..NetApiBu
662. 0x76f15870 66 66 65 72 46 72 65 65 00 33 00 00 53 48 47 65 fferFree.3..SHGe
663. 0x76f15880 74 46 6f 6c 64 65 72 50 61 74 68 57 00 32 90 90 tFolderPathW.2..
664. 0x76f15890 a8 59 03 00 ff ff ff ff ff ff ff ff 44 59 03 00 .Y..........DY..
665. 0x76f158a0 00 10 00 00 30 5a 03 00 ff ff ff ff ff ff ff ff ....0Z..........
666. 0x76f158b0 52 59 03 00 88 10 00 00 9c 5b 03 00 ff ff ff ff RY.......[......
667. 0x76f158c0 ff ff ff ff 60 59 03 00 f4 11 00 00 28 5c 03 00 ....`Y......(\..
668. Rule: Str_Win32_Winsock2_Library
669. Owner: Process svchost.exe Pid 3296
670. 0x71a78e32 57 53 32 5f 33 32 2e 64 6c 6c 00 00 57 53 32 48 WS2_32.dll..WS2H
671. 0x71a78e42 45 4c 50 2e 64 6c 6c 00 90 90 70 92 02 00 80 92 ELP.dll...p.....
672. 0x71a78e52 02 00 8e 92 02 00 a2 92 02 00 b2 92 02 00 c6 92 ................
673. 0x71a78e62 02 00 d6 92 02 00 e6 92 02 00 f6 92 02 00 08 93 ................
674. 0x71a78e72 02 00 1a 93 02 00 2c 93 02 00 40 93 02 00 58 93 ......,...@...X.
675. 0x71a78e82 02 00 72 93 02 00 84 93 02 00 a0 93 02 00 c0 93 ..r.............
676. 0x71a78e92 02 00 d6 93 02 00 e6 93 02 00 f6 93 02 00 0e 94 ................
677. 0x71a78ea2 02 00 1e 94 02 00 30 94 02 00 46 94 02 00 5a 94 ......0...F...Z.
678. 0x71a78eb2 02 00 6a 94 02 00 7c 94 02 00 8c 94 02 00 9c 94 ..j...|.........
679. 0x71a78ec2 02 00 b2 94 02 00 c8 94 02 00 e6 94 02 00 00 00 ................
680. 0x71a78ed2 00 00 f6 94 02 00 04 95 02 00 10 95 02 00 22 95 ..............".
681. 0x71a78ee2 02 00 2e 95 02 00 3a 95 02 00 4c 95 02 00 5e 95 ......:...L...^.
682. 0x71a78ef2 02 00 6c 95 02 00 88 95 02 00 a2 95 02 00 bc 95 ..l.............
683. 0x71a78f02 02 00 d0 95 02 00 ec 95 02 00 0a 96 02 00 22 96 ..............".
684. 0x71a78f12 02 00 38 96 02 00 4e 96 02 00 64 96 02 00 74 96 ..8...N...d...t.
685. 0x71a78f22 02 00 84 96 02 00 92 96 02 00 a4 96 02 00 b2 96 ................
686. Rule: Str_Win32_Winsock2_Library
687. Owner: Process svchost.exe Pid 3296
688. 0x662b9820 57 53 32 5f 33 32 2e 64 6c 6c 00 fe 00 00 00 00 WS2_32.dll......
689. 0x662b9830 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 5c 00 5c 00 SHELL32.dll.\.\.
690. 0x662b9840 2e 00 5c 00 4e 00 44 00 49 00 53 00 00 00 00 00 ..\.N.D.I.S.....
691. 0x662b9850 6e 65 74 73 68 65 6c 6c 2e 64 6c 6c 00 5a 00 00 netshell.dll.Z..
692. 0x662b9860 cc 84 d3 fd c6 78 6d 4e 86 94 1d ac be e5 7f 96 .....xmN........
693. 0x662b9870 f1 fb 1b b7 f2 2a 20 48 81 0c 4f 8e ff 83 8e 60 .....*.H..O....`
694. 0x662b9880 99 d0 d1 b6 35 e2 99 4b ba 98 7c 62 4f d8 75 db ....5..K..|bO.u.
695. 0x662b9890 c3 5e 01 d6 16 fa 13 48 9c a1 da 20 45 74 f5 da .^.....H....Et..
696. 0x662b98a0 d2 7f 03 7c 42 2b 0f 4a b8 a2 61 1d 10 e0 31 17 ...|B+.J..a...1.
697. 0x662b98b0 03 f1 51 d8 90 8c 21 43 af f0 58 ba 5b d4 21 c2 ..Q...!C..X.[.!.
698. 0x662b98c0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 H...............
699. 0x662b98d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
700. 0x662b98e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
701. 0x662b98f0 00 00 00 00 00 00 00 00 00 00 00 00 6c 15 2f 66 ............l./f
702. 0x662b9900 30 99 2b 66 d3 00 00 00 52 53 44 53 2b 2c 33 87 0.+f....RSDS+,3.
703. 0x662b9910 6e ff fc 42 b8 97 84 a1 d2 4e c2 71 01 00 00 00 n..B.....N.q....
704. Rule: Str_Win32_Wininet_Library
705. Owner: Process svchost.exe Pid 3296
706. 0x662b9810 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 00 00 00 00 WININET.dll.....
707. 0x662b9820 57 53 32 5f 33 32 2e 64 6c 6c 00 fe 00 00 00 00 WS2_32.dll......
708. 0x662b9830 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 5c 00 5c 00 SHELL32.dll.\.\.
709. 0x662b9840 2e 00 5c 00 4e 00 44 00 49 00 53 00 00 00 00 00 ..\.N.D.I.S.....
710. 0x662b9850 6e 65 74 73 68 65 6c 6c 2e 64 6c 6c 00 5a 00 00 netshell.dll.Z..
711. 0x662b9860 cc 84 d3 fd c6 78 6d 4e 86 94 1d ac be e5 7f 96 .....xmN........
712. 0x662b9870 f1 fb 1b b7 f2 2a 20 48 81 0c 4f 8e ff 83 8e 60 .....*.H..O....`
713. 0x662b9880 99 d0 d1 b6 35 e2 99 4b ba 98 7c 62 4f d8 75 db ....5..K..|bO.u.
714. 0x662b9890 c3 5e 01 d6 16 fa 13 48 9c a1 da 20 45 74 f5 da .^.....H....Et..
715. 0x662b98a0 d2 7f 03 7c 42 2b 0f 4a b8 a2 61 1d 10 e0 31 17 ...|B+.J..a...1.
716. 0x662b98b0 03 f1 51 d8 90 8c 21 43 af f0 58 ba 5b d4 21 c2 ..Q...!C..X.[.!.
717. 0x662b98c0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 H...............
718. 0x662b98d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
719. 0x662b98e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
720. 0x662b98f0 00 00 00 00 00 00 00 00 00 00 00 00 6c 15 2f 66 ............l./f
721. 0x662b9900 30 99 2b 66 d3 00 00 00 52 53 44 53 2b 2c 33 87 0.+f....RSDS+,3.
722. Rule: Str_Win32_Winsock2_Library
723. Owner: Process svchost.exe Pid 3296
724. 0x5b8ab680 57 53 32 5f 33 32 2e 64 6c 6c 00 fc 90 90 90 90 WS2_32.dll......
725. 0x5b8ab690 57 4c 44 41 50 33 32 2e 64 6c 6c 00 90 90 90 90 WLDAP32.dll.....
726. 0x5b8ab6a0 44 4e 53 41 50 49 2e 64 6c 6c 00 fc 90 90 90 90 DNSAPI.dll......
727. 0x5b8ab6b0 55 53 45 52 33 32 2e 64 6c 6c 00 fc b0 b8 04 00 USER32.dll......
728. 0x5b8ab6c0 be b8 04 00 d2 b8 04 00 e8 b8 04 00 fc b8 04 00 ................
729. 0x5b8ab6d0 10 b9 04 00 00 00 00 00 20 b9 04 00 3a b9 04 00 ............:...
730. 0x5b8ab6e0 52 b9 04 00 62 b9 04 00 74 b9 04 00 8c b9 04 00 R...b...t.......
731. 0x5b8ab6f0 9e b9 04 00 b0 b9 04 00 c8 b9 04 00 dc b9 04 00 ................
732. 0x5b8ab700 f4 b9 04 00 00 00 00 00 08 ba 04 00 16 ba 04 00 ................
733. 0x5b8ab710 34 ba 04 00 46 ba 04 00 5a ba 04 00 6a ba 04 00 4...F...Z...j...
734. 0x5b8ab720 76 ba 04 00 00 00 00 00 92 ba 04 00 a4 ba 04 00 v...............
735. 0x5b8ab730 bc ba 04 00 d6 ba 04 00 e4 ba 04 00 f4 ba 04 00 ................
736. 0x5b8ab740 0e bb 04 00 1e bb 04 00 2c bb 04 00 4a bb 04 00 ........,...J...
737. 0x5b8ab750 64 bb 04 00 84 bb 04 00 96 bb 04 00 b0 bb 04 00 d...............
738. 0x5b8ab760 ca bb 04 00 e8 bb 04 00 04 bc 04 00 1c bc 04 00 ................
739. 0x5b8ab770 34 bc 04 00 50 bc 04 00 62 bc 04 00 7c bc 04 00 4...P...b...|...
740. Rule: Str_Win32_Winsock2_Library
741. Owner: Process svchost.exe Pid 3296
742. 0x71a902af 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
743. 0x71a902bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
744. 0x71a902cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
745. 0x71a902df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
746. 0x71a902ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
747. 0x71a902ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
748. 0x71a9030f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
749. 0x71a9031f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
750. 0x71a9032f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
751. 0x71a9033f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
752. 0x71a9034f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
753. 0x71a9035f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
754. 0x71a9036f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
755. 0x71a9037f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
756. 0x71a9038f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
757. 0x71a9039f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
758. Rule: Str_Win32_Winsock2_Library
759. Owner: Process svchost.exe Pid 3296
760. 0x71a945a0 57 53 32 5f 33 32 2e 64 6c 6c 00 00 2c 46 00 00 WS2_32.dll..,F..
761. 0x71a945b0 40 46 00 00 5a 46 00 00 78 46 00 00 94 46 00 00 @F..ZF..xF...F..
762. 0x71a945c0 a8 46 00 00 c4 46 00 00 de 46 00 00 f4 46 00 00 .F...F...F...F..
763. 0x71a945d0 0a 47 00 00 00 00 00 00 1a 47 00 00 2e 47 00 00 .G.......G...G..
764. 0x71a945e0 50 47 00 00 5c 47 00 00 74 47 00 00 90 47 00 00 PG..\G..tG...G..
765. 0x71a945f0 a8 47 00 00 b8 47 00 00 d0 47 00 00 e2 47 00 00 .G...G...G...G..
766. 0x71a94600 ec 47 00 00 08 48 00 00 24 48 00 00 30 48 00 00 .G...H..$H..0H..
767. 0x71a94610 3e 48 00 00 48 48 00 00 52 48 00 00 00 00 00 00 >H..HH..RH......
768. 0x71a94620 0f 00 00 80 08 00 00 80 00 00 00 00 4a 03 54 65 ............J.Te
769. 0x71a94630 72 6d 69 6e 61 74 65 50 72 6f 63 65 73 73 00 00 rminateProcess..
770. 0x71a94640 94 02 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e ..QueryPerforman
771. 0x71a94650 63 65 43 6f 75 6e 74 65 72 00 36 03 53 65 74 55 ceCounter.6.SetU
772. 0x71a94660 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f nhandledExceptio
773. 0x71a94670 6e 46 69 6c 74 65 72 00 5b 03 55 6e 68 61 6e 64 nFilter.[.Unhand
774. 0x71a94680 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 ledExceptionFilt
775. 0x71a94690 65 72 00 00 3b 01 47 65 74 43 75 72 72 65 6e 74 er..;.GetCurrent
776. Rule: Str_Win32_Winsock2_Library
777. Owner: Process svchost.exe Pid 3296
778. 0x71ab1eba 57 53 32 5f 33 32 2e 64 6c 6c 00 46 72 65 65 41 WS2_32.dll.FreeA
779. 0x71ab1eca 64 64 72 49 6e 66 6f 57 00 47 65 74 41 64 64 72 ddrInfoW.GetAddr
780. 0x71ab1eda 49 6e 66 6f 57 00 47 65 74 4e 61 6d 65 49 6e 66 InfoW.GetNameInf
781. 0x71ab1eea 6f 57 00 57 45 50 00 57 50 55 43 6f 6d 70 6c 65 oW.WEP.WPUComple
782. 0x71ab1efa 74 65 4f 76 65 72 6c 61 70 70 65 64 52 65 71 75 teOverlappedRequ
783. 0x71ab1f0a 65 73 74 00 57 53 41 41 63 63 65 70 74 00 57 53 est.WSAAccept.WS
784. 0x71ab1f1a 41 41 64 64 72 65 73 73 54 6f 53 74 72 69 6e 67 AAddressToString
785. 0x71ab1f2a 41 00 57 53 41 41 64 64 72 65 73 73 54 6f 53 74 A.WSAAddressToSt
786. 0x71ab1f3a 72 69 6e 67 57 00 57 53 41 41 73 79 6e 63 47 65 ringW.WSAAsyncGe
787. 0x71ab1f4a 74 48 6f 73 74 42 79 41 64 64 72 00 57 53 41 41 tHostByAddr.WSAA
788. 0x71ab1f5a 73 79 6e 63 47 65 74 48 6f 73 74 42 79 4e 61 6d syncGetHostByNam
789. 0x71ab1f6a 65 00 57 53 41 41 73 79 6e 63 47 65 74 50 72 6f e.WSAAsyncGetPro
790. 0x71ab1f7a 74 6f 42 79 4e 61 6d 65 00 57 53 41 41 73 79 6e toByName.WSAAsyn
791. 0x71ab1f8a 63 47 65 74 50 72 6f 74 6f 42 79 4e 75 6d 62 65 cGetProtoByNumbe
792. 0x71ab1f9a 72 00 57 53 41 41 73 79 6e 63 47 65 74 53 65 72 r.WSAAsyncGetSer
793. 0x71ab1faa 76 42 79 4e 61 6d 65 00 57 53 41 41 73 79 6e 63 vByName.WSAAsync
794. Rule: Str_Win32_Internet_API
795. Owner: Process svchost.exe Pid 3296
796. 0x76362ddf 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 6f InternetConnecto
797. 0x76362def 72 53 74 61 74 75 73 00 53 65 72 76 65 72 4c 69 rStatus.ServerLi
798. 0x76362dff 63 65 6e 73 69 6e 67 43 6c 6f 73 65 00 53 65 72 censingClose.Ser
799. 0x76362e0f 76 65 72 4c 69 63 65 6e 73 69 6e 67 44 65 61 63 verLicensingDeac
800. 0x76362e1f 74 69 76 61 74 65 43 75 72 72 65 6e 74 50 6f 6c tivateCurrentPol
801. 0x76362e2f 69 63 79 00 53 65 72 76 65 72 4c 69 63 65 6e 73 icy.ServerLicens
802. 0x76362e3f 69 6e 67 46 72 65 65 50 6f 6c 69 63 79 49 6e 66 ingFreePolicyInf
803. 0x76362e4f 6f 72 6d 61 74 69 6f 6e 00 53 65 72 76 65 72 4c ormation.ServerL
804. 0x76362e5f 69 63 65 6e 73 69 6e 67 47 65 74 41 76 61 69 6c icensingGetAvail
805. 0x76362e6f 61 62 6c 65 50 6f 6c 69 63 79 49 64 73 00 53 65 ablePolicyIds.Se
806. 0x76362e7f 72 76 65 72 4c 69 63 65 6e 73 69 6e 67 47 65 74 rverLicensingGet
807. 0x76362e8f 50 6f 6c 69 63 79 00 53 65 72 76 65 72 4c 69 63 Policy.ServerLic
808. 0x76362e9f 65 6e 73 69 6e 67 47 65 74 50 6f 6c 69 63 79 49 ensingGetPolicyI
809. 0x76362eaf 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 53 65 72 76 nformationA.Serv
810. 0x76362ebf 65 72 4c 69 63 65 6e 73 69 6e 67 47 65 74 50 6f erLicensingGetPo
811. 0x76362ecf 6c 69 63 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 57 licyInformationW
812. Rule: Str_Win32_Internet_API
813. Owner: Process svchost.exe Pid 3296
814. 0x76362fac 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 6f InternetConnecto
815. 0x76362fbc 72 53 74 61 74 75 73 00 57 69 6e 53 74 61 74 69 rStatus.WinStati
816. 0x76362fcc 6f 6e 41 63 74 69 76 61 74 65 4c 69 63 65 6e 73 onActivateLicens
817. 0x76362fdc 65 00 57 69 6e 53 74 61 74 69 6f 6e 41 75 74 6f e.WinStationAuto
818. 0x76362fec 52 65 63 6f 6e 6e 65 63 74 00 57 69 6e 53 74 61 Reconnect.WinSta
819. 0x76362ffc 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 00 tion............
820. 0x7636300c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
821. 0x7636301c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
822. 0x7636302c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
823. 0x7636303c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
824. 0x7636304c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
825. 0x7636305c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
826. 0x7636306c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
827. 0x7636307c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
828. 0x7636308c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
829. 0x7636309c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
830. Rule: Str_Win32_Winsock2_Library
831. Owner: Process svchost.exe Pid 3296
832. 0x76d602f2 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
833. 0x76d60302 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
834. 0x76d60312 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
835. 0x76d60322 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
836. 0x76d60332 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
837. 0x76d60342 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
838. 0x76d60352 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
839. 0x76d60362 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
840. 0x76d60372 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
841. 0x76d60382 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
842. 0x76d60392 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
843. 0x76d603a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
844. 0x76d603b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
845. 0x76d603c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
846. 0x76d603d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
847. 0x76d603e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
848. Rule: Str_Win32_Winsock2_Library
849. Owner: Process svchost.exe Pid 3296
850. 0x76d733d6 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 d8 35 WS2_32.dll.....5
851. 0x76d733e6 01 00 e8 35 01 00 f8 35 01 00 06 36 01 00 1a 36 ...5...5...6...6
852. 0x76d733f6 01 00 2c 36 01 00 42 36 01 00 56 36 01 00 6e 36 ..,6..B6..V6..n6
853. 0x76d73406 01 00 86 36 01 00 98 36 01 00 a8 36 01 00 b8 36 ...6...6...6...6
854. 0x76d73416 01 00 00 00 00 00 cc 36 01 00 d8 36 01 00 e4 36 .......6...6...6
855. 0x76d73426 01 00 fa 36 01 00 10 37 01 00 22 37 01 00 40 37 ...6...7.."7..@7
856. 0x76d73436 01 00 5c 37 01 00 70 37 01 00 86 37 01 00 9c 37 ..\7..p7...7...7
857. 0x76d73446 01 00 b6 37 01 00 d4 37 01 00 e2 37 01 00 fa 37 ...7...7...7...7
858. 0x76d73456 01 00 12 38 01 00 2c 38 01 00 3a 38 01 00 48 38 ...8..,8..:8..H8
859. 0x76d73466 01 00 58 38 01 00 6e 38 01 00 80 38 01 00 90 38 ..X8..n8...8...8
860. 0x76d73476 01 00 ac 38 01 00 ba 38 01 00 c8 38 01 00 da 38 ...8...8...8...8
861. 0x76d73486 01 00 e6 38 01 00 f6 38 01 00 12 39 01 00 2a 39 ...8...8...9..*9
862. 0x76d73496 01 00 38 39 01 00 48 39 01 00 58 39 01 00 6a 39 ..89..H9..X9..j9
863. 0x76d734a6 01 00 78 39 01 00 84 39 01 00 94 39 01 00 a4 39 ..x9...9...9...9
864. 0x76d734b6 01 00 b0 39 01 00 bc 39 01 00 c8 39 01 00 e0 39 ...9...9...9...9
865. 0x76d734c6 01 00 f8 39 01 00 06 3a 01 00 1a 3a 01 00 2a 3a ...9...:...:..*:
866. Rule: Str_Win32_Winsock2_Library
867. Owner: Process svchost.exe Pid 3296
868. 0x76e9031a 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
869. 0x76e9032a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
870. 0x76e9033a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
871. 0x76e9034a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
872. 0x76e9035a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
873. 0x76e9036a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
874. 0x76e9037a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
875. 0x76e9038a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
876. 0x76e9039a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
877. 0x76e903aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
878. 0x76e903ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
879. 0x76e903ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
880. 0x76e903da 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
881. 0x76e903ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
882. 0x76e903fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
883. 0x76e9040a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
884. Rule: Str_Win32_Winsock2_Library
885. Owner: Process svchost.exe Pid 3296
886. 0x76e9e108 57 53 32 5f 33 32 2e 64 6c 6c 00 00 bc e2 00 00 WS2_32.dll......
887. 0x76e9e118 ce e2 00 00 de e2 00 00 ee e2 00 00 00 e3 00 00 ................
888. 0x76e9e128 12 e3 00 00 24 e3 00 00 32 e3 00 00 46 e3 00 00 ....$...2...F...
889. 0x76e9e138 58 e3 00 00 68 e3 00 00 76 e3 00 00 8a e3 00 00 X...h...v.......
890. 0x76e9e148 a0 e3 00 00 b0 e3 00 00 c6 e3 00 00 d6 e3 00 00 ................
891. 0x76e9e158 e8 e3 00 00 fe e3 00 00 12 e4 00 00 24 e4 00 00 ............$...
892. 0x76e9e168 00 00 00 00 36 e4 00 00 42 e4 00 00 52 e4 00 00 ....6...B...R...
893. 0x76e9e178 64 e4 00 00 7c e4 00 00 8c e4 00 00 a8 e4 00 00 d...|...........
894. 0x76e9e188 d0 e4 00 00 d8 e4 00 00 e8 e4 00 00 fa e4 00 00 ................
895. 0x76e9e198 0a e5 00 00 20 e5 00 00 2c e5 00 00 3a e5 00 00 ........,...:...
896. 0x76e9e1a8 48 e5 00 00 5e e5 00 00 6e e5 00 00 7e e5 00 00 H...^...n...~...
897. 0x76e9e1b8 90 e5 00 00 a4 e5 00 00 bc e5 00 00 d4 e5 00 00 ................
898. 0x76e9e1c8 e2 e5 00 00 f0 e5 00 00 06 e6 00 00 1a e6 00 00 ................
899. 0x76e9e1d8 2e e6 00 00 48 e6 00 00 58 e6 00 00 6e e6 00 00 ....H...X...n...
900. 0x76e9e1e8 88 e6 00 00 9c e6 00 00 b8 e6 00 00 d6 e6 00 00 ................
901. 0x76e9e1f8 ec e6 00 00 f8 e6 00 00 06 e7 00 00 14 e7 00 00 ................
902. Rule: Str_Win32_Winsock2_Library
903. Owner: Process svchost.exe Pid 3296
904. 0x76fc02d7 57 53 32 5f 33 32 2e 64 6c 6c 00 00 00 00 00 00 WS2_32.dll......
905. 0x76fc02e7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
906. 0x76fc02f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
907. 0x76fc0307 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
908. 0x76fc0317 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
909. 0x76fc0327 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
910. 0x76fc0337 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
911. 0x76fc0347 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
912. 0x76fc0357 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
913. 0x76fc0367 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
914. 0x76fc0377 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
915. 0x76fc0387 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
916. 0x76fc0397 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
917. 0x76fc03a7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
918. 0x76fc03b7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
919. 0x76fc03c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
920. Rule: Str_Win32_Winsock2_Library
921. Owner: Process svchost.exe Pid 3296
922. 0x76fc1d06 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 ac 1d WS2_32.dll......
923. 0x76fc1d16 00 00 bc 1d 00 00 d0 1d 00 00 00 00 00 00 de 1d ................
924. 0x76fc1d26 00 00 fa 1d 00 00 0e 1e 00 00 22 1e 00 00 3c 1e .........."...<.
925. 0x76fc1d36 00 00 5a 1e 00 00 70 1e 00 00 80 1e 00 00 9a 1e ..Z...p.........
926. 0x76fc1d46 00 00 a2 1e 00 00 b0 1e 00 00 c6 1e 00 00 dc 1e ................
927. 0x76fc1d56 00 00 ea 1e 00 00 fa 1e 00 00 06 1f 00 00 16 1f ................
928. 0x76fc1d66 00 00 2c 1f 00 00 3a 1f 00 00 4a 1f 00 00 5c 1f ..,...:...J...\.
929. 0x76fc1d76 00 00 00 00 00 00 78 1f 00 00 80 1f 00 00 8c 1f ......x.........
930. 0x76fc1d86 00 00 96 1f 00 00 a0 1f 00 00 00 00 00 00 b0 1f ................
931. 0x76fc1d96 00 00 c0 1f 00 00 d8 1f 00 00 00 00 00 00 0b 00 ................
932. 0x76fc1da6 00 80 00 00 00 00 e5 01 52 65 67 4f 70 65 6e 4b ........RegOpenK
933. 0x76fc1db6 65 79 45 78 57 00 ef 01 52 65 67 51 75 65 72 79 eyExW...RegQuery
934. 0x76fc1dc6 56 61 6c 75 65 45 78 57 00 00 ca 01 52 65 67 43 ValueExW....RegC
935. 0x76fc1dd6 6c 6f 73 65 4b 65 79 00 5b 03 55 6e 68 61 6e 64 loseKey.[.Unhand
936. 0x76fc1de6 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 ledExceptionFilt
937. 0x76fc1df6 65 72 00 00 3b 01 47 65 74 43 75 72 72 65 6e 74 er..;.GetCurrent
938. Rule: Str_Win32_Winsock2_Library
939. Owner: Process svchost.exe Pid 3296
940. 0x77c8d4fe 57 53 32 5f 33 32 2e 64 6c 6c 00 00 90 90 14 d8 WS2_32.dll......
941. 0x77c8d50e 01 00 2a d8 01 00 34 d8 01 00 4c d8 01 00 68 d8 ..*...4...L...h.
942. 0x77c8d51e 01 00 84 d8 01 00 9a d8 01 00 b2 d8 01 00 c6 d8 ................
943. 0x77c8d52e 01 00 d6 d8 01 00 f2 d8 01 00 fe d8 01 00 16 d9 ................
944. 0x77c8d53e 01 00 28 d9 01 00 3e d9 01 00 58 d9 01 00 6a d9 ..(...>...X...j.
945. 0x77c8d54e 01 00 76 d9 01 00 84 d9 01 00 92 d9 01 00 a4 d9 ..v.............
946. 0x77c8d55e 01 00 b4 d9 01 00 c4 d9 01 00 da d9 01 00 f0 d9 ................
947. 0x77c8d56e 01 00 00 da 01 00 14 da 01 00 24 da 01 00 38 da ..........$...8.
948. 0x77c8d57e 01 00 46 da 01 00 54 da 01 00 68 da 01 00 7c da ..F...T...h...|.
949. 0x77c8d58e 01 00 90 da 01 00 a4 da 01 00 b8 da 01 00 c8 da ................
950. 0x77c8d59e 01 00 e4 da 01 00 f0 da 01 00 00 00 00 00 00 db ................
951. 0x77c8d5ae 01 00 0a db 01 00 16 db 01 00 00 00 00 00 22 db ..............".
952. 0x77c8d5be 01 00 00 00 00 00 3a db 01 00 50 db 01 00 60 db ......:...P...`.
953. 0x77c8d5ce 01 00 7e db 01 00 9a db 01 00 ae db 01 00 c2 db ..~.............
954. 0x77c8d5de 01 00 dc db 01 00 f2 db 01 00 08 dc 01 00 18 dc ................
955. 0x77c8d5ee 01 00 32 dc 01 00 4e dc 01 00 62 dc 01 00 78 dc ..2...N...b...x.
956. Rule: Str_Win32_Wininet_Library
957. Owner: Process svchost.exe Pid 3296
958. 0x781f43a0 57 49 4e 49 4e 45 54 2e 64 6c 6c 00 90 90 90 90 WININET.dll.....
959. 0x781f43b0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
960. 0x781f43c0 47 44 49 33 32 2e 64 6c 6c 00 90 90 90 90 90 90 GDI32.dll.......
961. 0x781f43d0 4e 45 54 41 50 49 33 32 2e 64 6c 6c 00 90 90 90 NETAPI32.dll....
962. 0x781f43e0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
963. 0x781f43f0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................
964. 0x781f4400 53 48 45 4c 4c 33 32 2e 64 6c 6c 00 90 90 90 90 SHELL32.dll.....
965. 0x781f4410 56 45 52 53 49 4f 4e 2e 64 6c 6c 00 90 90 90 90 VERSION.dll.....
966. 0x781f4420 4d 50 52 2e 64 6c 6c 00 90 90 90 90 90 90 90 90 MPR.dll.........
967. 0x781f4430 61 70 70 68 65 6c 70 2e 64 6c 6c 00 c8 45 0c 00 apphelp.dll..E..
968. 0x781f4440 e2 45 0c 00 fc 45 0c 00 16 46 0c 00 34 46 0c 00 .E...E...F..4F..
969. 0x781f4450 52 46 0c 00 66 46 0c 00 82 46 0c 00 9a 46 0c 00 RF..fF...F...F..
970. 0x781f4460 b8 46 0c 00 cc 46 0c 00 e8 46 0c 00 00 47 0c 00 .F...F...F...G..
971. 0x781f4470 18 47 0c 00 30 47 0c 00 44 47 0c 00 56 47 0c 00 .G..0G..DG..VG..
972. 0x781f4480 6c 47 0c 00 80 47 0c 00 94 47 0c 00 ae 47 0c 00 lG...G...G...G..
973. 0x781f4490 c4 47 0c 00 de 47 0c 00 f2 47 0c 00 02 48 0c 00 .G...G...G...H..
974. Rule: Str_Win32_Internet_API
975. Owner: Process svchost.exe Pid 3296
976. 0x781f4ade 49 6e 74 65 72 6e 65 74 43 6c 6f 73 65 48 61 6e InternetCloseHan
977. 0x781f4aee 64 6c 65 00 00 00 47 65 74 54 65 78 74 45 78 74 dle...GetTextExt
978. 0x781f4afe 65 6e 74 50 6f 69 6e 74 33 32 57 00 00 00 43 72 entPoint32W...Cr
979. 0x781f4b0e 65 61 74 65 46 6f 6e 74 49 6e 64 69 72 65 63 74 eateFontIndirect
980. 0x781f4b1e 57 00 00 00 47 65 74 53 74 6f 63 6b 4f 62 6a 65 W...GetStockObje
981. 0x781f4b2e 63 74 00 00 00 00 44 65 6c 65 74 65 4f 62 6a 65 ct....DeleteObje
982. 0x781f4b3e 63 74 00 11 00 00 47 65 74 4f 62 6a 65 63 74 41 ct....GetObjectA
983. 0x781f4b4e 00 00 00 00 43 72 65 61 74 65 46 6f 6e 74 49 6e ....CreateFontIn
984. 0x781f4b5e 64 69 72 65 63 74 41 00 00 00 53 65 6c 65 63 74 directA...Select
985. 0x781f4b6e 4f 62 6a 65 63 74 00 11 00 00 47 65 74 4f 62 6a Object....GetObj
986. 0x781f4b7e 65 63 74 57 00 00 00 00 47 65 74 4d 65 74 61 46 ectW....GetMetaF
987. 0x781f4b8e 69 6c 65 42 69 74 73 45 78 00 00 00 53 65 74 4d ileBitsEx...SetM
988. 0x781f4b9e 65 74 61 46 69 6c 65 42 69 74 73 45 78 00 00 00 etaFileBitsEx...
989. 0x781f4bae 47 65 74 42 69 74 6d 61 70 42 69 74 73 00 00 00 GetBitmapBits...
990. 0x781f4bbe 43 72 65 61 74 65 42 69 74 6d 61 70 00 11 00 00 CreateBitmap....
991. 0x781f4bce 47 65 74 45 6e 68 4d 65 74 61 46 69 6c 65 42 69 GetEnhMetaFileBi
992. Rule: Str_Win32_Internet_API
993. Owner: Process svchost.exe Pid 3296
994. 0x781f4822 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
995. 0x781f4832 45 78 57 00 00 00 49 6e 74 65 72 6e 65 74 45 72 ExW...InternetEr
996. 0x781f4842 72 6f 72 44 6c 67 00 00 00 00 52 65 73 75 6d 65 rorDlg....Resume
997. 0x781f4852 53 75 73 70 65 6e 64 65 64 44 6f 77 6e 6c 6f 61 SuspendedDownloa
998. 0x781f4862 64 00 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 d...InternetQuer
999. 0x781f4872 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 00 6c yDataAvailable.l
1000. 0x781f4882 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
1001. 0x781f4892 6c 65 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e le....InternetIn
1002. 0x781f48a2 69 74 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 itializeAutoProx
1003. 0x781f48b2 79 44 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 yDll....HttpQuer
1004. 0x781f48c2 79 49 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e yInfoW....Intern
1005. 0x781f48d2 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 etGetConnectedSt
1006. 0x781f48e2 61 74 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 ate...InternetSe
1007. 0x781f48f2 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 45 00 00 tFilePointer.E..
1008. 0x781f4902 55 6e 6c 6f 63 6b 55 72 6c 43 61 63 68 65 45 6e UnlockUrlCacheEn
1009. 0x781f4912 74 72 79 46 69 6c 65 57 00 2e 00 00 49 6e 74 65 tryFileW....Inte
1010. Rule: Str_Win32_Internet_API
1011. Owner: Process svchost.exe Pid 3296
1012. 0x781f4884 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
1013. 0x781f4894 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e 69 74 ....InternetInit
1014. 0x781f48a4 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 79 44 ializeAutoProxyD
1015. 0x781f48b4 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 79 49 ll....HttpQueryI
1016. 0x781f48c4 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e 65 74 nfoW....Internet
1017. 0x781f48d4 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 GetConnectedStat
1018. 0x781f48e4 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 46 e...InternetSetF
1019. 0x781f48f4 69 6c 65 50 6f 69 6e 74 65 72 00 45 00 00 55 6e ilePointer.E..Un
1020. 0x781f4904 6c 6f 63 6b 55 72 6c 43 61 63 68 65 45 6e 74 72 lockUrlCacheEntr
1021. 0x781f4914 79 46 69 6c 65 57 00 2e 00 00 49 6e 74 65 72 6e yFileW....Intern
1022. 0x781f4924 65 74 55 6e 6c 6f 63 6b 52 65 71 75 65 73 74 46 etUnlockRequestF
1023. 0x781f4934 69 6c 65 00 00 00 52 65 74 72 69 65 76 65 55 72 ile...RetrieveUr
1024. 0x781f4944 6c 43 61 63 68 65 45 6e 74 72 79 46 69 6c 65 57 lCacheEntryFileW
1025. 0x781f4954 00 6c 00 00 49 6e 74 65 72 6e 65 74 43 72 65 61 .l..InternetCrea
1026. 0x781f4964 74 65 55 72 6c 41 00 49 00 00 49 6e 74 65 72 6e teUrlA.I..Intern
1027. 0x781f4974 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 57 00 49 etQueryOptionW.I
1028. Rule: Str_Win32_Internet_API
1029. Owner: Process svchost.exe Pid 3296
1030. 0x781f4a56 49 6e 74 65 72 6e 65 74 43 6f 6e 6e 65 63 74 57 InternetConnectW
1031. 0x781f4a66 00 00 00 00 48 74 74 70 51 75 65 72 79 49 6e 66 ....HttpQueryInf
1032. 0x781f4a76 6f 41 00 00 00 00 47 65 74 55 72 6c 43 61 63 68 oA....GetUrlCach
1033. 0x781f4a86 65 45 6e 74 72 79 49 6e 66 6f 45 78 57 00 00 00 eEntryInfoExW...
1034. 0x781f4a96 49 6e 74 65 72 6e 65 74 4c 6f 63 6b 52 65 71 75 InternetLockRequ
1035. 0x781f4aa6 65 73 74 46 69 6c 65 00 00 00 49 6e 74 65 72 6e estFile...Intern
1036. 0x781f4ab6 65 74 51 75 65 72 79 4f 70 74 69 6f 6e 41 00 49 etQueryOptionA.I
1037. 0x781f4ac6 00 00 49 6e 74 65 72 6e 65 74 53 65 74 4f 70 74 ..InternetSetOpt
1038. 0x781f4ad6 69 6f 6e 41 00 49 00 00 49 6e 74 65 72 6e 65 74 ionA.I..Internet
1039. 0x781f4ae6 43 6c 6f 73 65 48 61 6e 64 6c 65 00 00 00 47 65 CloseHandle...Ge
1040. 0x781f4af6 74 54 65 78 74 45 78 74 65 6e 74 50 6f 69 6e 74 tTextExtentPoint
1041. 0x781f4b06 33 32 57 00 00 00 43 72 65 61 74 65 46 6f 6e 74 32W...CreateFont
1042. 0x781f4b16 49 6e 64 69 72 65 63 74 57 00 00 00 47 65 74 53 IndirectW...GetS
1043. 0x781f4b26 74 6f 63 6b 4f 62 6a 65 63 74 00 00 00 00 44 65 tockObject....De
1044. 0x781f4b36 6c 65 74 65 4f 62 6a 65 63 74 00 11 00 00 47 65 leteObject....Ge
1045. 0x781f4b46 74 4f 62 6a 65 63 74 41 00 00 00 00 43 72 65 61 tObjectA....Crea
1046. Rule: Str_Win32_Internet_API
1047. Owner: Process svchost.exe Pid 3296
1048. 0x781f4732 49 6e 74 65 72 6e 65 74 4f 70 65 6e 55 72 6c 57 InternetOpenUrlW
1049. 0x781f4742 00 00 00 00 46 74 70 47 65 74 46 69 6c 65 53 69 ....FtpGetFileSi
1050. 0x781f4752 7a 65 00 00 00 00 48 74 74 70 53 65 6e 64 52 65 ze....HttpSendRe
1051. 0x781f4762 71 75 65 73 74 45 78 57 00 49 00 00 48 74 74 70 questExW.I..Http
1052. 0x781f4772 53 65 6e 64 52 65 71 75 65 73 74 57 00 00 00 00 SendRequestW....
1053. 0x781f4782 49 6e 74 65 72 6e 65 74 57 72 69 74 65 46 69 6c InternetWriteFil
1054. 0x781f4792 65 00 00 00 46 69 6e 64 4e 65 78 74 55 72 6c 43 e...FindNextUrlC
1055. 0x781f47a2 61 63 68 65 45 6e 74 72 79 41 00 45 00 00 49 6e acheEntryA.E..In
1056. 0x781f47b2 74 65 72 6e 65 74 43 72 65 61 74 65 55 72 6c 57 ternetCreateUrlW
1057. 0x781f47c2 00 49 00 00 48 74 74 70 41 64 64 52 65 71 75 65 .I..HttpAddReque
1058. 0x781f47d2 73 74 48 65 61 64 65 72 73 57 00 45 00 00 48 74 stHeadersW.E..Ht
1059. 0x781f47e2 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 00 00 tpOpenRequestW..
1060. 0x781f47f2 00 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 ..InternetOpenW.
1061. 0x781f4802 00 00 49 6e 74 65 72 6e 65 74 53 65 74 53 74 61 ..InternetSetSta
1062. 0x781f4812 74 75 73 43 61 6c 6c 62 61 63 6b 41 00 6c 00 00 tusCallbackA.l..
1063. 0x781f4822 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
1064. Rule: Str_Win32_Internet_API
1065. Owner: Process svchost.exe Pid 3296
1066. 0x781f47f4 49 6e 74 65 72 6e 65 74 4f 70 65 6e 57 00 00 00 InternetOpenW...
1067. 0x781f4804 49 6e 74 65 72 6e 65 74 53 65 74 53 74 61 74 75 InternetSetStatu
1068. 0x781f4814 73 43 61 6c 6c 62 61 63 6b 41 00 6c 00 00 49 6e sCallbackA.l..In
1069. 0x781f4824 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 45 78 ternetReadFileEx
1070. 0x781f4834 57 00 00 00 49 6e 74 65 72 6e 65 74 45 72 72 6f W...InternetErro
1071. 0x781f4844 72 44 6c 67 00 00 00 00 52 65 73 75 6d 65 53 75 rDlg....ResumeSu
1072. 0x781f4854 73 70 65 6e 64 65 64 44 6f 77 6e 6c 6f 61 64 00 spendedDownload.
1073. 0x781f4864 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 79 44 ..InternetQueryD
1074. 0x781f4874 61 74 61 41 76 61 69 6c 61 62 6c 65 00 6c 00 00 ataAvailable.l..
1075. 0x781f4884 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 6c 65 InternetReadFile
1076. 0x781f4894 00 00 00 00 49 6e 74 65 72 6e 65 74 49 6e 69 74 ....InternetInit
1077. 0x781f48a4 69 61 6c 69 7a 65 41 75 74 6f 50 72 6f 78 79 44 ializeAutoProxyD
1078. 0x781f48b4 6c 6c 00 00 00 00 48 74 74 70 51 75 65 72 79 49 ll....HttpQueryI
1079. 0x781f48c4 6e 66 6f 57 00 00 00 00 49 6e 74 65 72 6e 65 74 nfoW....Internet
1080. 0x781f48d4 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 GetConnectedStat
1081. 0x781f48e4 65 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 46 e...InternetSetF
1082. Rule: Str_Win32_Http_API
1083. Owner: Process svchost.exe Pid 3296
1084. 0x781f4758 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 45 HttpSendRequestE
1085. 0x781f4768 78 57 00 49 00 00 48 74 74 70 53 65 6e 64 52 65 xW.I..HttpSendRe
1086. 0x781f4778 71 75 65 73 74 57 00 00 00 00 49 6e 74 65 72 6e questW....Intern
1087. 0x781f4788 65 74 57 72 69 74 65 46 69 6c 65 00 00 00 46 69 etWriteFile...Fi
1088. 0x781f4798 6e 64 4e 65 78 74 55 72 6c 43 61 63 68 65 45 6e ndNextUrlCacheEn
1089. 0x781f47a8 74 72 79 41 00 45 00 00 49 6e 74 65 72 6e 65 74 tryA.E..Internet
1090. 0x781f47b8 43 72 65 61 74 65 55 72 6c 57 00 49 00 00 48 74 CreateUrlW.I..Ht
1091. 0x781f47c8 74 70 41 64 64 52 65 71 75 65 73 74 48 65 61 64 tpAddRequestHead
1092. 0x781f47d8 65 72 73 57 00 45 00 00 48 74 74 70 4f 70 65 6e ersW.E..HttpOpen
1093. 0x781f47e8 52 65 71 75 65 73 74 57 00 00 00 00 49 6e 74 65 RequestW....Inte
1094. 0x781f47f8 72 6e 65 74 4f 70 65 6e 57 00 00 00 49 6e 74 65 rnetOpenW...Inte
1095. 0x781f4808 72 6e 65 74 53 65 74 53 74 61 74 75 73 43 61 6c rnetSetStatusCal
1096. 0x781f4818 6c 62 61 63 6b 41 00 6c 00 00 49 6e 74 65 72 6e lbackA.l..Intern
1097. 0x781f4828 65 74 52 65 61 64 46 69 6c 65 45 78 57 00 00 00 etReadFileExW...
1098. 0x781f4838 49 6e 74 65 72 6e 65 74 45 72 72 6f 72 44 6c 67 InternetErrorDlg
1099. 0x781f4848 00 00 00 00 52 65 73 75 6d 65 53 75 73 70 65 6e ....ResumeSuspen
1100. Rule: Str_Win32_Http_API
1101. Owner: Process svchost.exe Pid 3296
1102. 0x781f476e 48 74 74 70 53 65 6e 64 52 65 71 75 65 73 74 57 HttpSendRequestW
1103. 0x781f477e 00 00 00 00 49 6e 74 65 72 6e 65 74 57 72 69 74 ....InternetWrit
1104. 0x781f478e 65 46 69 6c 65 00 00 00 46 69 6e 64 4e 65 78 74 eFile...FindNext
1105. 0x781f479e 55 72 6c 43 61 63 68 65 45 6e 74 72 79 41 00 45 UrlCacheEntryA.E
1106. 0x781f47ae 00 00 49 6e 74 65 72 6e 65 74 43 72 65 61 74 65 ..InternetCreate
1107. 0x781f47be 55 72 6c 57 00 49 00 00 48 74 74 70 41 64 64 52 UrlW.I..HttpAddR
1108. 0x781f47ce 65 71 75 65 73 74 48 65 61 64 65 72 73 57 00 45 equestHeadersW.E
1109. 0x781f47de 00 00 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 ..HttpOpenReques
1110. 0x781f47ee 74 57 00 00 00 00 49 6e 74 65 72 6e 65 74 4f 70 tW....InternetOp
1111. 0x781f47fe 65 6e 57 00 00 00 49 6e 74 65 72 6e 65 74 53 65 enW...InternetSe
1112. 0x781f480e 74 53 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 41 tStatusCallbackA
1113. 0x781f481e 00 6c 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 .l..InternetRead
1114. 0x781f482e 46 69 6c 65 45 78 57 00 00 00 49 6e 74 65 72 6e FileExW...Intern
1115. 0x781f483e 65 74 45 72 72 6f 72 44 6c 67 00 00 00 00 52 65 etErrorDlg....Re
1116. 0x781f484e 73 75 6d 65 53 75 73 70 65 6e 64 65 64 44 6f 77 sumeSuspendedDow
1117. 0x781f485e 6e 6c 6f 61 64 00 00 00 49 6e 74 65 72 6e 65 74 nload...Internet
1118. Rule: Str_Win32_Http_API
1119. Owner: Process svchost.exe Pid 3296
1120. 0x781f48ba 48 74 74 70 51 75 65 72 79 49 6e 66 6f 57 00 00 HttpQueryInfoW..
1121. 0x781f48ca 00 00 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e ..InternetGetCon
1122. 0x781f48da 6e 65 63 74 65 64 53 74 61 74 65 00 00 00 49 6e nectedState...In
1123. 0x781f48ea 74 65 72 6e 65 74 53 65 74 46 69 6c 65 50 6f 69 ternetSetFilePoi
1124. 0x781f48fa 6e 74 65 72 00 45 00 00 55 6e 6c 6f 63 6b 55 72 nter.E..UnlockUr
1125. 0x781f490a 6c 43 61 63 68 65 45 6e 74 72 79 46 69 6c 65 57 lCacheEntryFileW
1126. 0x781f491a 00 2e 00 00 49 6e 74 65 72 6e 65 74 55 6e 6c 6f ....InternetUnlo
1127. 0x781f492a 63 6b 52 65 71 75 65 73 74 46 69 6c 65 00 00 00 ckRequestFile...
1128. 0x781f493a 52 65 74 72 69 65 76 65 55 72 6c 43 61 63 68 65 RetrieveUrlCache
1129. 0x781f494a 45 6e 74 72 79 46 69 6c 65 57 00 6c 00 00 49 6e EntryFileW.l..In
1130. 0x781f495a 74 65 72 6e 65 74 43 72 65 61 74 65 55 72 6c 41 ternetCreateUrlA
1131. 0x781f496a 00 49 00 00 49 6e 74 65 72 6e 65 74 51 75 65 72 .I..InternetQuer
1132. 0x781f497a 79 4f 70 74 69 6f 6e 57 00 49 00 00 46 69 6e 64 yOptionW.I..Find
1133. 0x781f498a 46 69 72 73 74 55 72 6c 43 61 63 68 65 45 6e 74 FirstUrlCacheEnt
1134. 0x781f499a 72 79 45 78 41 00 00 00 43 72 65 61 74 65 55 72 ryExA...CreateUr
1135. 0x781f49aa 6c 43 61 63 68 65 43 6f 6e 74 61 69 6e 65 72 57 lCacheContainerW
1136. Rule: Str_Win32_Http_API
1137. Owner: Process svchost.exe Pid 3296
1138. 0x781f4a6a 48 74 74 70 51 75 65 72 79 49 6e 66 6f 41 00 00 HttpQueryInfoA..
1139. 0x781f4a7a 00 00 47 65 74 55 72 6c 43 61 63 68 65 45 6e 74 ..GetUrlCacheEnt
1140. 0x781f4a8a 72 79 49 6e 66 6f 45 78 57 00 00 00 49 6e 74 65 ryInfoExW...Inte
1141. 0x781f4a9a 72 6e 65 74 4c 6f 63 6b 52 65 71 75 65 73 74 46 rnetLockRequestF
1142. 0x781f4aaa 69 6c 65 00 00 00 49 6e 74 65 72 6e 65 74 51 75 ile...InternetQu
1143. 0x781f4aba 65 72 79 4f 70 74 69 6f 6e 41 00 49 00 00 49 6e eryOptionA.I..In
1144. 0x781f4aca 74 65 72 6e 65 74 53 65 74 4f 70 74 69 6f 6e 41 ternetSetOptionA
1145. 0x781f4ada 00 49 00 00 49 6e 74 65 72 6e 65 74 43 6c 6f 73 .I..InternetClos
1146. 0x781f4aea 65 48 61 6e 64 6c 65 00 00 00 47 65 74 54 65 78 eHandle...GetTex
1147. 0x781f4afa 74 45 78 74 65 6e 74 50 6f 69 6e 74 33 32 57 00 tExtentPoint32W.
1148. 0x781f4b0a 00 00 43 72 65 61 74 65 46 6f 6e 74 49 6e 64 69 ..CreateFontIndi
1149. 0x781f4b1a 72 65 63 74 57 00 00 00 47 65 74 53 74 6f 63 6b rectW...GetStock
1150. 0x781f4b2a 4f 62 6a 65 63 74 00 00 00 00 44 65 6c 65 74 65 Object....Delete
1151. 0x781f4b3a 4f 62 6a 65 63 74 00 11 00 00 47 65 74 4f 62 6a Object....GetObj
1152. 0x781f4b4a 65 63 74 41 00 00 00 00 43 72 65 61 74 65 46 6f ectA....CreateFo
1153. 0x781f4b5a 6e 74 49 6e 64 69 72 65 63 74 41 00 00 00 53 65 ntIndirectA...Se
1154. Rule: Str_Win32_Http_API
1155. Owner: Process svchost.exe Pid 3296
1156. 0x781f47e0 48 74 74 70 4f 70 65 6e 52 65 71 75 65 73 74 57 HttpOpenRequestW
1157. 0x781f47f0 00 00 00 00 49 6e 74 65 72 6e 65 74 4f 70 65 6e ....InternetOpen
1158. 0x781f4800 57 00 00 00 49 6e 74 65 72 6e 65 74 53 65 74 53 W...InternetSetS
1159. 0x781f4810 74 61 74 75 73 43 61 6c 6c 62 61 63 6b 41 00 6c tatusCallbackA.l
1160. 0x781f4820 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 46 69 ..InternetReadFi
1161. 0x781f4830 6c 65 45 78 57 00 00 00 49 6e 74 65 72 6e 65 74 leExW...Internet
1162. 0x781f4840 45 72 72 6f 72 44 6c 67 00 00 00 00 52 65 73 75 ErrorDlg....Resu
1163. 0x781f4850 6d 65 53 75 73 70 65 6e 64 65 64 44 6f 77 6e 6c meSuspendedDownl
1164. 0x781f4860 6f 61 64 00 00 00 49 6e 74 65 72 6e 65 74 51 75 oad...InternetQu
1165. 0x781f4870 65 72 79 44 61 74 61 41 76 61 69 6c 61 62 6c 65 eryDataAvailable
1166. 0x781f4880 00 6c 00 00 49 6e 74 65 72 6e 65 74 52 65 61 64 .l..InternetRead
1167. 0x781f4890 46 69 6c 65 00 00 00 00 49 6e 74 65 72 6e 65 74 File....Internet
1168. 0x781f48a0 49 6e 69 74 69 61 6c 69 7a 65 41 75 74 6f 50 72 InitializeAutoPr
1169. 0x781f48b0 6f 78 79 44 6c 6c 00 00 00 00 48 74 74 70 51 75 oxyDll....HttpQu
1170. 0x781f48c0 65 72 79 49 6e 66 6f 57 00 00 00 00 49 6e 74 65 eryInfoW....Inte
1171. 0x781f48d0 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 rnetGetConnected