Exes_594994a856e7ba9858350876e77e2fd8_exe_json.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 9.4
5.  
6. [*] File Name: "Exes_594994a856e7ba9858350876e77e2fd8.exe"
7. [*] File Size: 689152
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "79221dd42d51b693497d6fff9b35309b1a6e4e0cf3d313f2131bbd9e87f702ec"
10. [*] MD5: "594994a856e7ba9858350876e77e2fd8"
11. [*] SHA1: "7404e11a5e89437a4a6ad2cab343df368d1abbc7"
12. [*] SHA512: "2b6846037592d14c38efc88d680e9c8eb277b3631a8af16150cd1241a916d8f6d07dabd6dc50e605937af486ce0b31ffe557a769a44d622349d4b4a3a98271e7"
13. [*] CRC32: "2FF4F9DC"
14. [*] SSDEEP: "12288:uPkwBVwVwYej2WoNrkDusUY3h6WGXLcSpEBCrf/3bvaLXIg2Cm:YdAVnWolagfOAn3GLXZ2F"
15.  
16. [*] Process Execution: [
17. "Exes_594994a856e7ba9858350876e77e2fd8.exe",
18. "Exes_594994a856e7ba9858350876e77e2fd8.exe",
19. "Exes_594994a856e7ba9858350876e77e2fd8.exe"
20. ]
21.  
22. [*] Signatures Detected: [
23. {
24. "Description": "Attempts to connect to a dead IP:Port (4 unique times)",
25. "Details": [
26. {
27. "IP": "91.189.180.216:3365"
28. },
29. {
30. "IP": "213.208.129.204:3366"
31. },
32. {
33. "IP": "91.189.180.216:3369"
34. },
35. {
36. "IP": "213.208.129.204:3367"
37. }
38. ]
39. },
40. {
41. "Description": "Creates RWX memory",
42. "Details": []
43. },
44. {
45. "Description": "A process attempted to delay the analysis task.",
46. "Details": [
47. {
48. "Process": "Exes_594994a856e7ba9858350876e77e2fd8.exe tried to sleep 1796 seconds, actually delayed analysis time by 0 seconds"
49. }
50. ]
51. },
52. {
53. "Description": "Expresses interest in specific running processes",
54. "Details": [
55. {
56. "process": "Exes_594994a856e7ba9858350876e77e2fd8.exe"
57. }
58. ]
59. },
60. {
61. "Description": "Performs some HTTP requests",
62. "Details": [
63. {
64. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
68. },
69. {
70. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
71. },
72. {
73. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
74. },
75. {
76. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
77. },
78. {
79. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
80. },
81. {
82. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
83. },
84. {
85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
86. },
87. {
88. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
89. },
90. {
91. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
92. },
93. {
94. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
95. },
96. {
97. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
98. },
99. {
100. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
101. },
102. {
103. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
104. },
105. {
106. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
107. },
108. {
109. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
110. },
111. {
112. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
113. },
114. {
115. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
116. },
117. {
118. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
119. },
120. {
121. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
122. },
123. {
124. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
125. },
126. {
127. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
128. },
129. {
130. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
131. },
132. {
133. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
134. },
135. {
136. "url": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes"
137. }
138. ]
139. },
140. {
141. "Description": "The binary likely contains encrypted or compressed data.",
142. "Details": [
143. {
144. "section": "name: .rsrc, entropy: 7.16, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x0002ba00, virtual_size: 0x0002b8e8"
145. }
146. ]
147. },
148. {
149. "Description": "Executed a process and injected code into it, probably while unpacking",
150. "Details": [
151. {
152. "Injection": "Exes_594994a856e7ba9858350876e77e2fd8.exe(1464) -> Exes_594994a856e7ba9858350876e77e2fd8.exe(1460)"
153. }
154. ]
155. },
156. {
157. "Description": "Installs itself for autorun at Windows startup",
158. "Details": [
159. {
160. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
161. },
162. {
163. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
164. }
165. ]
166. },
167. {
168. "Description": "Anomalous binary characteristics",
169. "Details": [
170. {
171. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
172. }
173. ]
174. }
175. ]
176.  
177. [*] Started Service: []
178.  
179. [*] Executed Commands: [
180. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_594994a856e7ba9858350876e77e2fd8.exe\"",
181. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_594994a856e7ba9858350876e77e2fd8.exe\" 2 1460 35554406"
182. ]
183.  
184. [*] Mutexes: [
185. "-"
186. ]
187.  
188. [*] Modified Files: [
189. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
190. ]
191.  
192. [*] Deleted Files: [
193. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
194. ]
195.  
196. [*] Modified Registry Keys: []
197.  
198. [*] Deleted Registry Keys: []
199.  
200. [*] DNS Communications: []
201.  
202. [*] Domains: []
203.  
204. [*] Network Communication - ICMP: []
205.  
206. [*] Network Communication - HTTP: [
207. {
208. "count": 1,
209. "body": "",
210. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
211. "user-agent": "Microsoft-CryptoAPI/6.1",
212. "method": "GET",
213. "host": "ocsp.digicert.com",
214. "version": "1.1",
215. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
216. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
217. "port": 80
218. },
219. {
220. "count": 1,
221. "body": "",
222. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
223. "user-agent": "Microsoft-CryptoAPI/6.1",
224. "method": "GET",
225. "host": "ocsp.digicert.com",
226. "version": "1.1",
227. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
228. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
229. "port": 80
230. },
231. {
232. "count": 1,
233. "body": "",
234. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
235. "user-agent": "Microsoft-CryptoAPI/6.1",
236. "method": "GET",
237. "host": "ocsp.digicert.com",
238. "version": "1.1",
239. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
240. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
241. "port": 80
242. },
243. {
244. "count": 1,
245. "body": "",
246. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
247. "user-agent": "Microsoft-CryptoAPI/6.1",
248. "method": "GET",
249. "host": "ocsp.pki.goog",
250. "version": "1.1",
251. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
252. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
253. "port": 80
254. },
255. {
256. "count": 1,
257. "body": "",
258. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
259. "user-agent": "Microsoft-CryptoAPI/6.1",
260. "method": "GET",
261. "host": "ocsp.digicert.com",
262. "version": "1.1",
263. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
264. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
265. "port": 80
266. },
267. {
268. "count": 1,
269. "body": "",
270. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
271. "user-agent": "Microsoft-CryptoAPI/6.1",
272. "method": "GET",
273. "host": "crl.microsoft.com",
274. "version": "1.1",
275. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
276. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
277. "port": 80
278. },
279. {
280. "count": 1,
281. "body": "",
282. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
283. "user-agent": "Microsoft-CryptoAPI/6.1",
284. "method": "GET",
285. "host": "ocsp.comodoca.com",
286. "version": "1.1",
287. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
288. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
289. "port": 80
290. },
291. {
292. "count": 1,
293. "body": "",
294. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
295. "user-agent": "Microsoft-CryptoAPI/6.1",
296. "method": "GET",
297. "host": "ocsp.pki.goog",
298. "version": "1.1",
299. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
300. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
301. "port": 80
302. },
303. {
304. "count": 1,
305. "body": "",
306. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
307. "user-agent": "Microsoft-CryptoAPI/6.1",
308. "method": "GET",
309. "host": "ocsp.digicert.com",
310. "version": "1.1",
311. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
312. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
313. "port": 80
314. },
315. {
316. "count": 1,
317. "body": "",
318. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
319. "user-agent": "Microsoft-CryptoAPI/6.1",
320. "method": "GET",
321. "host": "www.download.windowsupdate.com",
322. "version": "1.1",
323. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
324. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
325. "port": 80
326. },
327. {
328. "count": 1,
329. "body": "",
330. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
331. "user-agent": "Microsoft-CryptoAPI/6.1",
332. "method": "GET",
333. "host": "crl.microsoft.com",
334. "version": "1.1",
335. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
336. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
337. "port": 80
338. },
339. {
340. "count": 1,
341. "body": "",
342. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
343. "user-agent": "Microsoft-CryptoAPI/6.1",
344. "method": "GET",
345. "host": "ocsp.digicert.com",
346. "version": "1.1",
347. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
348. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
349. "port": 80
350. },
351. {
352. "count": 1,
353. "body": "",
354. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
355. "user-agent": "Microsoft-CryptoAPI/6.1",
356. "method": "GET",
357. "host": "ocsp.digicert.com",
358. "version": "1.1",
359. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
360. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
361. "port": 80
362. },
363. {
364. "count": 1,
365. "body": "",
366. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
367. "user-agent": "Microsoft-CryptoAPI/6.1",
368. "method": "GET",
369. "host": "ocsp.digicert.com",
370. "version": "1.1",
371. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
372. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
373. "port": 80
374. },
375. {
376. "count": 1,
377. "body": "",
378. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
379. "user-agent": "Microsoft-CryptoAPI/6.1",
380. "method": "GET",
381. "host": "ocsp.pki.goog",
382. "version": "1.1",
383. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
384. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
385. "port": 80
386. },
387. {
388. "count": 1,
389. "body": "",
390. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
391. "user-agent": "Microsoft-CryptoAPI/6.1",
392. "method": "GET",
393. "host": "ocsp.pki.goog",
394. "version": "1.1",
395. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
396. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
397. "port": 80
398. },
399. {
400. "count": 1,
401. "body": "",
402. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
403. "user-agent": "Microsoft-CryptoAPI/6.1",
404. "method": "GET",
405. "host": "ocsp.digicert.com",
406. "version": "1.1",
407. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
408. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
409. "port": 80
410. },
411. {
412. "count": 1,
413. "body": "",
414. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
415. "user-agent": "Microsoft-CryptoAPI/6.1",
416. "method": "GET",
417. "host": "ocsp.pki.goog",
418. "version": "1.1",
419. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
420. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
421. "port": 80
422. },
423. {
424. "count": 1,
425. "body": "",
426. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
427. "user-agent": "Microsoft-CryptoAPI/6.1",
428. "method": "GET",
429. "host": "ocsp.msocsp.com",
430. "version": "1.1",
431. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
432. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
433. "port": 80
434. },
435. {
436. "count": 1,
437. "body": "",
438. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
439. "user-agent": "Microsoft-CryptoAPI/6.1",
440. "method": "GET",
441. "host": "ocsp.thawte.com",
442. "version": "1.1",
443. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
444. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
445. "port": 80
446. },
447. {
448. "count": 1,
449. "body": "",
450. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
451. "user-agent": "Microsoft-CryptoAPI/6.1",
452. "method": "GET",
453. "host": "ocsp.usertrust.com",
454. "version": "1.1",
455. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
456. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
457. "port": 80
458. },
459. {
460. "count": 1,
461. "body": "",
462. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
463. "user-agent": "Microsoft-CryptoAPI/6.1",
464. "method": "GET",
465. "host": "th.symcd.com",
466. "version": "1.1",
467. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
468. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
469. "port": 80
470. },
471. {
472. "count": 1,
473. "body": "",
474. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
475. "user-agent": "Microsoft-CryptoAPI/6.1",
476. "method": "GET",
477. "host": "ocsp.digicert.com",
478. "version": "1.1",
479. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
480. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
481. "port": 80
482. },
483. {
484. "count": 1,
485. "body": "",
486. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
487. "user-agent": "Microsoft-CryptoAPI/6.1",
488. "method": "GET",
489. "host": "ocsp.digicert.com",
490. "version": "1.1",
491. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
492. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
493. "port": 80
494. },
495. {
496. "count": 1,
497. "body": "",
498. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
499. "user-agent": "Microsoft-CryptoAPI/6.1",
500. "method": "GET",
501. "host": "ocsp.pki.goog",
502. "version": "1.1",
503. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
504. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
505. "port": 80
506. },
507. {
508. "count": 1,
509. "body": "",
510. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
511. "user-agent": "Microsoft-CryptoAPI/6.1",
512. "method": "GET",
513. "host": "crl.microsoft.com",
514. "version": "1.1",
515. "path": "/pki/crl/products/microsoftrootcert.crl",
516. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
517. "port": 80
518. },
519. {
520. "count": 1,
521. "body": "",
522. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
523. "user-agent": "Microsoft BITS/7.5",
524. "method": "HEAD",
525. "host": "redirector.gvt1.com",
526. "version": "1.1",
527. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
528. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
529. "port": 80
530. },
531. {
532. "count": 1,
533. "body": "",
534. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
535. "user-agent": "Microsoft BITS/7.5",
536. "method": "HEAD",
537. "host": "r5---sn-a5meknl7.gvt1.com",
538. "version": "1.1",
539. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
540. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
541. "port": 80
542. },
543. {
544. "count": 1,
545. "body": "",
546. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
547. "user-agent": "Microsoft BITS/7.5",
548. "method": "GET",
549. "host": "r5---sn-a5meknl7.gvt1.com",
550. "version": "1.1",
551. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
552. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6676\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
553. "port": 80
554. },
555. {
556. "count": 1,
557. "body": "",
558. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
559. "user-agent": "Microsoft BITS/7.5",
560. "method": "GET",
561. "host": "r5---sn-a5meknl7.gvt1.com",
562. "version": "1.1",
563. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
564. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6677-17285\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
565. "port": 80
566. },
567. {
568. "count": 1,
569. "body": "",
570. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
571. "user-agent": "Microsoft BITS/7.5",
572. "method": "GET",
573. "host": "r5---sn-a5meknl7.gvt1.com",
574. "version": "1.1",
575. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
576. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17286-27529\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
577. "port": 80
578. },
579. {
580. "count": 1,
581. "body": "",
582. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
583. "user-agent": "Microsoft BITS/7.5",
584. "method": "GET",
585. "host": "r5---sn-a5meknl7.gvt1.com",
586. "version": "1.1",
587. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
588. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27530-42440\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
589. "port": 80
590. },
591. {
592. "count": 1,
593. "body": "",
594. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
595. "user-agent": "Microsoft BITS/7.5",
596. "method": "GET",
597. "host": "r5---sn-a5meknl7.gvt1.com",
598. "version": "1.1",
599. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
600. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=42441-64036\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
601. "port": 80
602. },
603. {
604. "count": 1,
605. "body": "",
606. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
607. "user-agent": "Microsoft BITS/7.5",
608. "method": "GET",
609. "host": "r5---sn-a5meknl7.gvt1.com",
610. "version": "1.1",
611. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
612. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=64037-108164\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
613. "port": 80
614. },
615. {
616. "count": 1,
617. "body": "",
618. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
619. "user-agent": "Microsoft BITS/7.5",
620. "method": "GET",
621. "host": "r5---sn-a5meknl7.gvt1.com",
622. "version": "1.1",
623. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
624. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=108165-129010\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
625. "port": 80
626. },
627. {
628. "count": 1,
629. "body": "",
630. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
631. "user-agent": "Microsoft BITS/7.5",
632. "method": "GET",
633. "host": "r5---sn-a5meknl7.gvt1.com",
634. "version": "1.1",
635. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
636. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=129011-240844\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
637. "port": 80
638. },
639. {
640. "count": 1,
641. "body": "",
642. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
643. "user-agent": "Microsoft BITS/7.5",
644. "method": "GET",
645. "host": "r5---sn-a5meknl7.gvt1.com",
646. "version": "1.1",
647. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
648. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=240845-430365\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
649. "port": 80
650. },
651. {
652. "count": 1,
653. "body": "",
654. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
655. "user-agent": "Microsoft BITS/7.5",
656. "method": "GET",
657. "host": "r5---sn-a5meknl7.gvt1.com",
658. "version": "1.1",
659. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
660. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=430366-682229\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
661. "port": 80
662. },
663. {
664. "count": 1,
665. "body": "",
666. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
667. "user-agent": "Microsoft BITS/7.5",
668. "method": "GET",
669. "host": "r5---sn-a5meknl7.gvt1.com",
670. "version": "1.1",
671. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
672. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=682230-1137907\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
673. "port": 80
674. },
675. {
676. "count": 1,
677. "body": "",
678. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
679. "user-agent": "Microsoft BITS/7.5",
680. "method": "GET",
681. "host": "r5---sn-a5meknl7.gvt1.com",
682. "version": "1.1",
683. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
684. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1137908-1965775\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
685. "port": 80
686. },
687. {
688. "count": 1,
689. "body": "",
690. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
691. "user-agent": "Microsoft BITS/7.5",
692. "method": "GET",
693. "host": "r5---sn-a5meknl7.gvt1.com",
694. "version": "1.1",
695. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
696. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1965776-3440707\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
697. "port": 80
698. },
699. {
700. "count": 1,
701. "body": "",
702. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
703. "user-agent": "Microsoft BITS/7.5",
704. "method": "GET",
705. "host": "r5---sn-a5meknl7.gvt1.com",
706. "version": "1.1",
707. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
708. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3440708-5305892\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
709. "port": 80
710. },
711. {
712. "count": 1,
713. "body": "",
714. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
715. "user-agent": "Microsoft BITS/7.5",
716. "method": "GET",
717. "host": "r5---sn-a5meknl7.gvt1.com",
718. "version": "1.1",
719. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
720. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5305893-7415982\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
721. "port": 80
722. },
723. {
724. "count": 1,
725. "body": "",
726. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
727. "user-agent": "Microsoft BITS/7.5",
728. "method": "GET",
729. "host": "r5---sn-a5meknl7.gvt1.com",
730. "version": "1.1",
731. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
732. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7415983-9655186\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
733. "port": 80
734. },
735. {
736. "count": 1,
737. "body": "",
738. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
739. "user-agent": "Microsoft BITS/7.5",
740. "method": "GET",
741. "host": "r5---sn-a5meknl7.gvt1.com",
742. "version": "1.1",
743. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
744. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9655187-11848595\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
745. "port": 80
746. },
747. {
748. "count": 1,
749. "body": "",
750. "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
751. "user-agent": "Microsoft BITS/7.5",
752. "method": "GET",
753. "host": "r5---sn-a5meknl7.gvt1.com",
754. "version": "1.1",
755. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
756. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11848596-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
757. "port": 80
758. }
759. ]
760.  
761. [*] Network Communication - SMTP: []
762.  
763. [*] Network Communication - Hosts: []
764.  
765. [*] Network Communication - IRC: []
766.  
767. [*] Static Analysis: {
768. "pe": {
769. "peid_signatures": null,
770. "imports": [
771. {
772. "imports": [
773. {
774. "name": "DeleteCriticalSection",
775. "address": "0x476140"
776. },
777. {
778. "name": "LeaveCriticalSection",
779. "address": "0x476144"
780. },
781. {
782. "name": "EnterCriticalSection",
783. "address": "0x476148"
784. },
785. {
786. "name": "InitializeCriticalSection",
787. "address": "0x47614c"
788. },
789. {
790. "name": "VirtualFree",
791. "address": "0x476150"
792. },
793. {
794. "name": "VirtualAlloc",
795. "address": "0x476154"
796. },
797. {
798. "name": "LocalFree",
799. "address": "0x476158"
800. },
801. {
802. "name": "LocalAlloc",
803. "address": "0x47615c"
804. },
805. {
806. "name": "GetVersion",
807. "address": "0x476160"
808. },
809. {
810. "name": "GetCurrentThreadId",
811. "address": "0x476164"
812. },
813. {
814. "name": "InterlockedDecrement",
815. "address": "0x476168"
816. },
817. {
818. "name": "InterlockedIncrement",
819. "address": "0x47616c"
820. },
821. {
822. "name": "VirtualQuery",
823. "address": "0x476170"
824. },
825. {
826. "name": "WideCharToMultiByte",
827. "address": "0x476174"
828. },
829. {
830. "name": "MultiByteToWideChar",
831. "address": "0x476178"
832. },
833. {
834. "name": "lstrlenA",
835. "address": "0x47617c"
836. },
837. {
838. "name": "lstrcpynA",
839. "address": "0x476180"
840. },
841. {
842. "name": "LoadLibraryExA",
843. "address": "0x476184"
844. },
845. {
846. "name": "GetThreadLocale",
847. "address": "0x476188"
848. },
849. {
850. "name": "GetStartupInfoA",
851. "address": "0x47618c"
852. },
853. {
854. "name": "GetProcAddress",
855. "address": "0x476190"
856. },
857. {
858. "name": "GetModuleHandleA",
859. "address": "0x476194"
860. },
861. {
862. "name": "GetModuleFileNameA",
863. "address": "0x476198"
864. },
865. {
866. "name": "GetLocaleInfoA",
867. "address": "0x47619c"
868. },
869. {
870. "name": "GetCommandLineA",
871. "address": "0x4761a0"
872. },
873. {
874. "name": "FreeLibrary",
875. "address": "0x4761a4"
876. },
877. {
878. "name": "FindFirstFileA",
879. "address": "0x4761a8"
880. },
881. {
882. "name": "FindClose",
883. "address": "0x4761ac"
884. },
885. {
886. "name": "ExitProcess",
887. "address": "0x4761b0"
888. },
889. {
890. "name": "WriteFile",
891. "address": "0x4761b4"
892. },
893. {
894. "name": "UnhandledExceptionFilter",
895. "address": "0x4761b8"
896. },
897. {
898. "name": "RtlUnwind",
899. "address": "0x4761bc"
900. },
901. {
902. "name": "RaiseException",
903. "address": "0x4761c0"
904. },
905. {
906. "name": "GetStdHandle",
907. "address": "0x4761c4"
908. }
909. ],
910. "dll": "kernel32.dll"
911. },
912. {
913. "imports": [
914. {
915. "name": "GetKeyboardType",
916. "address": "0x4761cc"
917. },
918. {
919. "name": "LoadStringA",
920. "address": "0x4761d0"
921. },
922. {
923. "name": "MessageBoxA",
924. "address": "0x4761d4"
925. },
926. {
927. "name": "CharNextA",
928. "address": "0x4761d8"
929. }
930. ],
931. "dll": "user32.dll"
932. },
933. {
934. "imports": [
935. {
936. "name": "RegQueryValueExA",
937. "address": "0x4761e0"
938. },
939. {
940. "name": "RegOpenKeyExA",
941. "address": "0x4761e4"
942. },
943. {
944. "name": "RegCloseKey",
945. "address": "0x4761e8"
946. }
947. ],
948. "dll": "advapi32.dll"
949. },
950. {
951. "imports": [
952. {
953. "name": "SysFreeString",
954. "address": "0x4761f0"
955. },
956. {
957. "name": "SysReAllocStringLen",
958. "address": "0x4761f4"
959. },
960. {
961. "name": "SysAllocStringLen",
962. "address": "0x4761f8"
963. }
964. ],
965. "dll": "oleaut32.dll"
966. },
967. {
968. "imports": [
969. {
970. "name": "TlsSetValue",
971. "address": "0x476200"
972. },
973. {
974. "name": "TlsGetValue",
975. "address": "0x476204"
976. },
977. {
978. "name": "LocalAlloc",
979. "address": "0x476208"
980. },
981. {
982. "name": "GetModuleHandleA",
983. "address": "0x47620c"
984. }
985. ],
986. "dll": "kernel32.dll"
987. },
988. {
989. "imports": [
990. {
991. "name": "RegQueryValueExA",
992. "address": "0x476214"
993. },
994. {
995. "name": "RegOpenKeyExA",
996. "address": "0x476218"
997. },
998. {
999. "name": "RegCloseKey",
1000. "address": "0x47621c"
1001. }
1002. ],
1003. "dll": "advapi32.dll"
1004. },
1005. {
1006. "imports": [
1007. {
1008. "name": "lstrcpyA",
1009. "address": "0x476224"
1010. },
1011. {
1012. "name": "lstrcmpA",
1013. "address": "0x476228"
1014. },
1015. {
1016. "name": "WriteFile",
1017. "address": "0x47622c"
1018. },
1019. {
1020. "name": "WaitForSingleObject",
1021. "address": "0x476230"
1022. },
1023. {
1024. "name": "VirtualQuery",
1025. "address": "0x476234"
1026. },
1027. {
1028. "name": "VirtualAlloc",
1029. "address": "0x476238"
1030. },
1031. {
1032. "name": "Sleep",
1033. "address": "0x47623c"
1034. },
1035. {
1036. "name": "SizeofResource",
1037. "address": "0x476240"
1038. },
1039. {
1040. "name": "SetThreadLocale",
1041. "address": "0x476244"
1042. },
1043. {
1044. "name": "SetFilePointer",
1045. "address": "0x476248"
1046. },
1047. {
1048. "name": "SetEvent",
1049. "address": "0x47624c"
1050. },
1051. {
1052. "name": "SetErrorMode",
1053. "address": "0x476250"
1054. },
1055. {
1056. "name": "SetEndOfFile",
1057. "address": "0x476254"
1058. },
1059. {
1060. "name": "ResetEvent",
1061. "address": "0x476258"
1062. },
1063. {
1064. "name": "ReadFile",
1065. "address": "0x47625c"
1066. },
1067. {
1068. "name": "MulDiv",
1069. "address": "0x476260"
1070. },
1071. {
1072. "name": "LockResource",
1073. "address": "0x476264"
1074. },
1075. {
1076. "name": "LoadResource",
1077. "address": "0x476268"
1078. },
1079. {
1080. "name": "LoadLibraryA",
1081. "address": "0x47626c"
1082. },
1083. {
1084. "name": "LeaveCriticalSection",
1085. "address": "0x476270"
1086. },
1087. {
1088. "name": "InitializeCriticalSection",
1089. "address": "0x476274"
1090. },
1091. {
1092. "name": "GlobalUnlock",
1093. "address": "0x476278"
1094. },
1095. {
1096. "name": "GlobalReAlloc",
1097. "address": "0x47627c"
1098. },
1099. {
1100. "name": "GlobalHandle",
1101. "address": "0x476280"
1102. },
1103. {
1104. "name": "GlobalLock",
1105. "address": "0x476284"
1106. },
1107. {
1108. "name": "GlobalFree",
1109. "address": "0x476288"
1110. },
1111. {
1112. "name": "GlobalFindAtomA",
1113. "address": "0x47628c"
1114. },
1115. {
1116. "name": "GlobalDeleteAtom",
1117. "address": "0x476290"
1118. },
1119. {
1120. "name": "GlobalAlloc",
1121. "address": "0x476294"
1122. },
1123. {
1124. "name": "GlobalAddAtomA",
1125. "address": "0x476298"
1126. },
1127. {
1128. "name": "GetVersionExA",
1129. "address": "0x47629c"
1130. },
1131. {
1132. "name": "GetVersion",
1133. "address": "0x4762a0"
1134. },
1135. {
1136. "name": "GetTickCount",
1137. "address": "0x4762a4"
1138. },
1139. {
1140. "name": "GetThreadLocale",
1141. "address": "0x4762a8"
1142. },
1143. {
1144. "name": "GetSystemInfo",
1145. "address": "0x4762ac"
1146. },
1147. {
1148. "name": "GetStringTypeExA",
1149. "address": "0x4762b0"
1150. },
1151. {
1152. "name": "GetStdHandle",
1153. "address": "0x4762b4"
1154. },
1155. {
1156. "name": "GetProcAddress",
1157. "address": "0x4762b8"
1158. },
1159. {
1160. "name": "GetModuleHandleA",
1161. "address": "0x4762bc"
1162. },
1163. {
1164. "name": "GetModuleFileNameA",
1165. "address": "0x4762c0"
1166. },
1167. {
1168. "name": "GetLocaleInfoA",
1169. "address": "0x4762c4"
1170. },
1171. {
1172. "name": "GetLocalTime",
1173. "address": "0x4762c8"
1174. },
1175. {
1176. "name": "GetLastError",
1177. "address": "0x4762cc"
1178. },
1179. {
1180. "name": "GetFullPathNameA",
1181. "address": "0x4762d0"
1182. },
1183. {
1184. "name": "GetFileType",
1185. "address": "0x4762d4"
1186. },
1187. {
1188. "name": "GetDiskFreeSpaceA",
1189. "address": "0x4762d8"
1190. },
1191. {
1192. "name": "GetDateFormatA",
1193. "address": "0x4762dc"
1194. },
1195. {
1196. "name": "GetCurrentThreadId",
1197. "address": "0x4762e0"
1198. },
1199. {
1200. "name": "GetCurrentProcessId",
1201. "address": "0x4762e4"
1202. },
1203. {
1204. "name": "GetCPInfo",
1205. "address": "0x4762e8"
1206. },
1207. {
1208. "name": "GetACP",
1209. "address": "0x4762ec"
1210. },
1211. {
1212. "name": "FreeResource",
1213. "address": "0x4762f0"
1214. },
1215. {
1216. "name": "InterlockedExchange",
1217. "address": "0x4762f4"
1218. },
1219. {
1220. "name": "FreeLibrary",
1221. "address": "0x4762f8"
1222. },
1223. {
1224. "name": "FormatMessageA",
1225. "address": "0x4762fc"
1226. },
1227. {
1228. "name": "FindResourceA",
1229. "address": "0x476300"
1230. },
1231. {
1232. "name": "EnumCalendarInfoA",
1233. "address": "0x476304"
1234. },
1235. {
1236. "name": "EnterCriticalSection",
1237. "address": "0x476308"
1238. },
1239. {
1240. "name": "DeleteCriticalSection",
1241. "address": "0x47630c"
1242. },
1243. {
1244. "name": "CreateThread",
1245. "address": "0x476310"
1246. },
1247. {
1248. "name": "CreateFileA",
1249. "address": "0x476314"
1250. },
1251. {
1252. "name": "CreateEventA",
1253. "address": "0x476318"
1254. },
1255. {
1256. "name": "CompareStringA",
1257. "address": "0x47631c"
1258. },
1259. {
1260. "name": "CloseHandle",
1261. "address": "0x476320"
1262. }
1263. ],
1264. "dll": "kernel32.dll"
1265. },
1266. {
1267. "imports": [
1268. {
1269. "name": "VerQueryValueA",
1270. "address": "0x476328"
1271. },
1272. {
1273. "name": "GetFileVersionInfoSizeA",
1274. "address": "0x47632c"
1275. },
1276. {
1277. "name": "GetFileVersionInfoA",
1278. "address": "0x476330"
1279. }
1280. ],
1281. "dll": "version.dll"
1282. },
1283. {
1284. "imports": [
1285. {
1286. "name": "UnrealizeObject",
1287. "address": "0x476338"
1288. },
1289. {
1290. "name": "StretchBlt",
1291. "address": "0x47633c"
1292. },
1293. {
1294. "name": "SetWindowOrgEx",
1295. "address": "0x476340"
1296. },
1297. {
1298. "name": "SetViewportOrgEx",
1299. "address": "0x476344"
1300. },
1301. {
1302. "name": "SetTextColor",
1303. "address": "0x476348"
1304. },
1305. {
1306. "name": "SetStretchBltMode",
1307. "address": "0x47634c"
1308. },
1309. {
1310. "name": "SetROP2",
1311. "address": "0x476350"
1312. },
1313. {
1314. "name": "SetPixel",
1315. "address": "0x476354"
1316. },
1317. {
1318. "name": "SetDIBColorTable",
1319. "address": "0x476358"
1320. },
1321. {
1322. "name": "SetBrushOrgEx",
1323. "address": "0x47635c"
1324. },
1325. {
1326. "name": "SetBkMode",
1327. "address": "0x476360"
1328. },
1329. {
1330. "name": "SetBkColor",
1331. "address": "0x476364"
1332. },
1333. {
1334. "name": "SelectPalette",
1335. "address": "0x476368"
1336. },
1337. {
1338. "name": "SelectObject",
1339. "address": "0x47636c"
1340. },
1341. {
1342. "name": "ScaleWindowExtEx",
1343. "address": "0x476370"
1344. },
1345. {
1346. "name": "SaveDC",
1347. "address": "0x476374"
1348. },
1349. {
1350. "name": "RestoreDC",
1351. "address": "0x476378"
1352. },
1353. {
1354. "name": "Rectangle",
1355. "address": "0x47637c"
1356. },
1357. {
1358. "name": "RectVisible",
1359. "address": "0x476380"
1360. },
1361. {
1362. "name": "RealizePalette",
1363. "address": "0x476384"
1364. },
1365. {
1366. "name": "PatBlt",
1367. "address": "0x476388"
1368. },
1369. {
1370. "name": "MoveToEx",
1371. "address": "0x47638c"
1372. },
1373. {
1374. "name": "MaskBlt",
1375. "address": "0x476390"
1376. },
1377. {
1378. "name": "LineTo",
1379. "address": "0x476394"
1380. },
1381. {
1382. "name": "IntersectClipRect",
1383. "address": "0x476398"
1384. },
1385. {
1386. "name": "GetWindowOrgEx",
1387. "address": "0x47639c"
1388. },
1389. {
1390. "name": "GetTextMetricsA",
1391. "address": "0x4763a0"
1392. },
1393. {
1394. "name": "GetTextExtentPoint32A",
1395. "address": "0x4763a4"
1396. },
1397. {
1398. "name": "GetSystemPaletteEntries",
1399. "address": "0x4763a8"
1400. },
1401. {
1402. "name": "GetStockObject",
1403. "address": "0x4763ac"
1404. },
1405. {
1406. "name": "GetPixel",
1407. "address": "0x4763b0"
1408. },
1409. {
1410. "name": "GetPaletteEntries",
1411. "address": "0x4763b4"
1412. },
1413. {
1414. "name": "GetObjectA",
1415. "address": "0x4763b8"
1416. },
1417. {
1418. "name": "GetDeviceCaps",
1419. "address": "0x4763bc"
1420. },
1421. {
1422. "name": "GetDIBits",
1423. "address": "0x4763c0"
1424. },
1425. {
1426. "name": "GetDIBColorTable",
1427. "address": "0x4763c4"
1428. },
1429. {
1430. "name": "GetDCOrgEx",
1431. "address": "0x4763c8"
1432. },
1433. {
1434. "name": "GetCurrentPositionEx",
1435. "address": "0x4763cc"
1436. },
1437. {
1438. "name": "GetClipBox",
1439. "address": "0x4763d0"
1440. },
1441. {
1442. "name": "GetBrushOrgEx",
1443. "address": "0x4763d4"
1444. },
1445. {
1446. "name": "GetBitmapBits",
1447. "address": "0x4763d8"
1448. },
1449. {
1450. "name": "ExtTextOutA",
1451. "address": "0x4763dc"
1452. },
1453. {
1454. "name": "ExcludeClipRect",
1455. "address": "0x4763e0"
1456. },
1457. {
1458. "name": "DeleteObject",
1459. "address": "0x4763e4"
1460. },
1461. {
1462. "name": "DeleteDC",
1463. "address": "0x4763e8"
1464. },
1465. {
1466. "name": "CreateSolidBrush",
1467. "address": "0x4763ec"
1468. },
1469. {
1470. "name": "CreatePenIndirect",
1471. "address": "0x4763f0"
1472. },
1473. {
1474. "name": "CreatePalette",
1475. "address": "0x4763f4"
1476. },
1477. {
1478. "name": "CreateHalftonePalette",
1479. "address": "0x4763f8"
1480. },
1481. {
1482. "name": "CreateFontIndirectA",
1483. "address": "0x4763fc"
1484. },
1485. {
1486. "name": "CreateDIBitmap",
1487. "address": "0x476400"
1488. },
1489. {
1490. "name": "CreateDIBSection",
1491. "address": "0x476404"
1492. },
1493. {
1494. "name": "CreateCompatibleDC",
1495. "address": "0x476408"
1496. },
1497. {
1498. "name": "CreateCompatibleBitmap",
1499. "address": "0x47640c"
1500. },
1501. {
1502. "name": "CreateBrushIndirect",
1503. "address": "0x476410"
1504. },
1505. {
1506. "name": "CreateBitmap",
1507. "address": "0x476414"
1508. },
1509. {
1510. "name": "BitBlt",
1511. "address": "0x476418"
1512. }
1513. ],
1514. "dll": "gdi32.dll"
1515. },
1516. {
1517. "imports": [
1518. {
1519. "name": "CreateWindowExA",
1520. "address": "0x476420"
1521. },
1522. {
1523. "name": "WindowFromPoint",
1524. "address": "0x476424"
1525. },
1526. {
1527. "name": "WinHelpA",
1528. "address": "0x476428"
1529. },
1530. {
1531. "name": "WaitMessage",
1532. "address": "0x47642c"
1533. },
1534. {
1535. "name": "UpdateWindow",
1536. "address": "0x476430"
1537. },
1538. {
1539. "name": "UnregisterClassA",
1540. "address": "0x476434"
1541. },
1542. {
1543. "name": "UnhookWindowsHookEx",
1544. "address": "0x476438"
1545. },
1546. {
1547. "name": "TranslateMessage",
1548. "address": "0x47643c"
1549. },
1550. {
1551. "name": "TranslateMDISysAccel",
1552. "address": "0x476440"
1553. },
1554. {
1555. "name": "TrackPopupMenu",
1556. "address": "0x476444"
1557. },
1558. {
1559. "name": "SystemParametersInfoA",
1560. "address": "0x476448"
1561. },
1562. {
1563. "name": "ShowWindow",
1564. "address": "0x47644c"
1565. },
1566. {
1567. "name": "ShowScrollBar",
1568. "address": "0x476450"
1569. },
1570. {
1571. "name": "ShowOwnedPopups",
1572. "address": "0x476454"
1573. },
1574. {
1575. "name": "ShowCursor",
1576. "address": "0x476458"
1577. },
1578. {
1579. "name": "SetWindowsHookExA",
1580. "address": "0x47645c"
1581. },
1582. {
1583. "name": "SetWindowTextA",
1584. "address": "0x476460"
1585. },
1586. {
1587. "name": "SetWindowPos",
1588. "address": "0x476464"
1589. },
1590. {
1591. "name": "SetWindowPlacement",
1592. "address": "0x476468"
1593. },
1594. {
1595. "name": "SetWindowLongA",
1596. "address": "0x47646c"
1597. },
1598. {
1599. "name": "SetTimer",
1600. "address": "0x476470"
1601. },
1602. {
1603. "name": "SetScrollRange",
1604. "address": "0x476474"
1605. },
1606. {
1607. "name": "SetScrollPos",
1608. "address": "0x476478"
1609. },
1610. {
1611. "name": "SetScrollInfo",
1612. "address": "0x47647c"
1613. },
1614. {
1615. "name": "SetRect",
1616. "address": "0x476480"
1617. },
1618. {
1619. "name": "SetPropA",
1620. "address": "0x476484"
1621. },
1622. {
1623. "name": "SetParent",
1624. "address": "0x476488"
1625. },
1626. {
1627. "name": "SetMenuItemInfoA",
1628. "address": "0x47648c"
1629. },
1630. {
1631. "name": "SetMenu",
1632. "address": "0x476490"
1633. },
1634. {
1635. "name": "SetForegroundWindow",
1636. "address": "0x476494"
1637. },
1638. {
1639. "name": "SetFocus",
1640. "address": "0x476498"
1641. },
1642. {
1643. "name": "SetCursor",
1644. "address": "0x47649c"
1645. },
1646. {
1647. "name": "SetClassLongA",
1648. "address": "0x4764a0"
1649. },
1650. {
1651. "name": "SetCapture",
1652. "address": "0x4764a4"
1653. },
1654. {
1655. "name": "SetActiveWindow",
1656. "address": "0x4764a8"
1657. },
1658. {
1659. "name": "SendMessageA",
1660. "address": "0x4764ac"
1661. },
1662. {
1663. "name": "ScrollWindow",
1664. "address": "0x4764b0"
1665. },
1666. {
1667. "name": "ScreenToClient",
1668. "address": "0x4764b4"
1669. },
1670. {
1671. "name": "RemovePropA",
1672. "address": "0x4764b8"
1673. },
1674. {
1675. "name": "RemoveMenu",
1676. "address": "0x4764bc"
1677. },
1678. {
1679. "name": "ReleaseDC",
1680. "address": "0x4764c0"
1681. },
1682. {
1683. "name": "ReleaseCapture",
1684. "address": "0x4764c4"
1685. },
1686. {
1687. "name": "RegisterWindowMessageA",
1688. "address": "0x4764c8"
1689. },
1690. {
1691. "name": "RegisterClipboardFormatA",
1692. "address": "0x4764cc"
1693. },
1694. {
1695. "name": "RegisterClassA",
1696. "address": "0x4764d0"
1697. },
1698. {
1699. "name": "RedrawWindow",
1700. "address": "0x4764d4"
1701. },
1702. {
1703. "name": "PtInRect",
1704. "address": "0x4764d8"
1705. },
1706. {
1707. "name": "PostQuitMessage",
1708. "address": "0x4764dc"
1709. },
1710. {
1711. "name": "PostMessageA",
1712. "address": "0x4764e0"
1713. },
1714. {
1715. "name": "PeekMessageA",
1716. "address": "0x4764e4"
1717. },
1718. {
1719. "name": "OffsetRect",
1720. "address": "0x4764e8"
1721. },
1722. {
1723. "name": "OemToCharA",
1724. "address": "0x4764ec"
1725. },
1726. {
1727. "name": "MessageBoxA",
1728. "address": "0x4764f0"
1729. },
1730. {
1731. "name": "MapWindowPoints",
1732. "address": "0x4764f4"
1733. },
1734. {
1735. "name": "MapVirtualKeyA",
1736. "address": "0x4764f8"
1737. },
1738. {
1739. "name": "LoadStringA",
1740. "address": "0x4764fc"
1741. },
1742. {
1743. "name": "LoadKeyboardLayoutA",
1744. "address": "0x476500"
1745. },
1746. {
1747. "name": "LoadIconA",
1748. "address": "0x476504"
1749. },
1750. {
1751. "name": "LoadCursorA",
1752. "address": "0x476508"
1753. },
1754. {
1755. "name": "LoadBitmapA",
1756. "address": "0x47650c"
1757. },
1758. {
1759. "name": "KillTimer",
1760. "address": "0x476510"
1761. },
1762. {
1763. "name": "IsZoomed",
1764. "address": "0x476514"
1765. },
1766. {
1767. "name": "IsWindowVisible",
1768. "address": "0x476518"
1769. },
1770. {
1771. "name": "IsWindowEnabled",
1772. "address": "0x47651c"
1773. },
1774. {
1775. "name": "IsWindow",
1776. "address": "0x476520"
1777. },
1778. {
1779. "name": "IsRectEmpty",
1780. "address": "0x476524"
1781. },
1782. {
1783. "name": "IsIconic",
1784. "address": "0x476528"
1785. },
1786. {
1787. "name": "IsDialogMessageA",
1788. "address": "0x47652c"
1789. },
1790. {
1791. "name": "IsChild",
1792. "address": "0x476530"
1793. },
1794. {
1795. "name": "InvalidateRect",
1796. "address": "0x476534"
1797. },
1798. {
1799. "name": "IntersectRect",
1800. "address": "0x476538"
1801. },
1802. {
1803. "name": "InsertMenuItemA",
1804. "address": "0x47653c"
1805. },
1806. {
1807. "name": "InsertMenuA",
1808. "address": "0x476540"
1809. },
1810. {
1811. "name": "InflateRect",
1812. "address": "0x476544"
1813. },
1814. {
1815. "name": "GetWindowThreadProcessId",
1816. "address": "0x476548"
1817. },
1818. {
1819. "name": "GetWindowTextA",
1820. "address": "0x47654c"
1821. },
1822. {
1823. "name": "GetWindowRect",
1824. "address": "0x476550"
1825. },
1826. {
1827. "name": "GetWindowPlacement",
1828. "address": "0x476554"
1829. },
1830. {
1831. "name": "GetWindowLongA",
1832. "address": "0x476558"
1833. },
1834. {
1835. "name": "GetWindowDC",
1836. "address": "0x47655c"
1837. },
1838. {
1839. "name": "GetTopWindow",
1840. "address": "0x476560"
1841. },
1842. {
1843. "name": "GetSystemMetrics",
1844. "address": "0x476564"
1845. },
1846. {
1847. "name": "GetSystemMenu",
1848. "address": "0x476568"
1849. },
1850. {
1851. "name": "GetSysColorBrush",
1852. "address": "0x47656c"
1853. },
1854. {
1855. "name": "GetSysColor",
1856. "address": "0x476570"
1857. },
1858. {
1859. "name": "GetSubMenu",
1860. "address": "0x476574"
1861. },
1862. {
1863. "name": "GetScrollRange",
1864. "address": "0x476578"
1865. },
1866. {
1867. "name": "GetScrollPos",
1868. "address": "0x47657c"
1869. },
1870. {
1871. "name": "GetScrollInfo",
1872. "address": "0x476580"
1873. },
1874. {
1875. "name": "GetPropA",
1876. "address": "0x476584"
1877. },
1878. {
1879. "name": "GetParent",
1880. "address": "0x476588"
1881. },
1882. {
1883. "name": "GetWindow",
1884. "address": "0x47658c"
1885. },
1886. {
1887. "name": "GetMessagePos",
1888. "address": "0x476590"
1889. },
1890. {
1891. "name": "GetMenuStringA",
1892. "address": "0x476594"
1893. },
1894. {
1895. "name": "GetMenuState",
1896. "address": "0x476598"
1897. },
1898. {
1899. "name": "GetMenuItemInfoA",
1900. "address": "0x47659c"
1901. },
1902. {
1903. "name": "GetMenuItemID",
1904. "address": "0x4765a0"
1905. },
1906. {
1907. "name": "GetMenuItemCount",
1908. "address": "0x4765a4"
1909. },
1910. {
1911. "name": "GetMenu",
1912. "address": "0x4765a8"
1913. },
1914. {
1915. "name": "GetLastActivePopup",
1916. "address": "0x4765ac"
1917. },
1918. {
1919. "name": "GetKeyboardState",
1920. "address": "0x4765b0"
1921. },
1922. {
1923. "name": "GetKeyboardLayoutList",
1924. "address": "0x4765b4"
1925. },
1926. {
1927. "name": "GetKeyboardLayout",
1928. "address": "0x4765b8"
1929. },
1930. {
1931. "name": "GetKeyState",
1932. "address": "0x4765bc"
1933. },
1934. {
1935. "name": "GetKeyNameTextA",
1936. "address": "0x4765c0"
1937. },
1938. {
1939. "name": "GetIconInfo",
1940. "address": "0x4765c4"
1941. },
1942. {
1943. "name": "GetForegroundWindow",
1944. "address": "0x4765c8"
1945. },
1946. {
1947. "name": "GetFocus",
1948. "address": "0x4765cc"
1949. },
1950. {
1951. "name": "GetDesktopWindow",
1952. "address": "0x4765d0"
1953. },
1954. {
1955. "name": "GetDCEx",
1956. "address": "0x4765d4"
1957. },
1958. {
1959. "name": "GetDC",
1960. "address": "0x4765d8"
1961. },
1962. {
1963. "name": "GetCursorPos",
1964. "address": "0x4765dc"
1965. },
1966. {
1967. "name": "GetCursor",
1968. "address": "0x4765e0"
1969. },
1970. {
1971. "name": "GetClientRect",
1972. "address": "0x4765e4"
1973. },
1974. {
1975. "name": "GetClassNameA",
1976. "address": "0x4765e8"
1977. },
1978. {
1979. "name": "GetClassInfoA",
1980. "address": "0x4765ec"
1981. },
1982. {
1983. "name": "GetCapture",
1984. "address": "0x4765f0"
1985. },
1986. {
1987. "name": "GetActiveWindow",
1988. "address": "0x4765f4"
1989. },
1990. {
1991. "name": "FrameRect",
1992. "address": "0x4765f8"
1993. },
1994. {
1995. "name": "FindWindowA",
1996. "address": "0x4765fc"
1997. },
1998. {
1999. "name": "FillRect",
2000. "address": "0x476600"
2001. },
2002. {
2003. "name": "EqualRect",
2004. "address": "0x476604"
2005. },
2006. {
2007. "name": "EnumWindows",
2008. "address": "0x476608"
2009. },
2010. {
2011. "name": "EnumThreadWindows",
2012. "address": "0x47660c"
2013. },
2014. {
2015. "name": "EndPaint",
2016. "address": "0x476610"
2017. },
2018. {
2019. "name": "EnableWindow",
2020. "address": "0x476614"
2021. },
2022. {
2023. "name": "EnableScrollBar",
2024. "address": "0x476618"
2025. },
2026. {
2027. "name": "EnableMenuItem",
2028. "address": "0x47661c"
2029. },
2030. {
2031. "name": "DrawTextA",
2032. "address": "0x476620"
2033. },
2034. {
2035. "name": "DrawMenuBar",
2036. "address": "0x476624"
2037. },
2038. {
2039. "name": "DrawIconEx",
2040. "address": "0x476628"
2041. },
2042. {
2043. "name": "DrawIcon",
2044. "address": "0x47662c"
2045. },
2046. {
2047. "name": "DrawFrameControl",
2048. "address": "0x476630"
2049. },
2050. {
2051. "name": "DrawEdge",
2052. "address": "0x476634"
2053. },
2054. {
2055. "name": "DispatchMessageA",
2056. "address": "0x476638"
2057. },
2058. {
2059. "name": "DestroyWindow",
2060. "address": "0x47663c"
2061. },
2062. {
2063. "name": "DestroyMenu",
2064. "address": "0x476640"
2065. },
2066. {
2067. "name": "DestroyIcon",
2068. "address": "0x476644"
2069. },
2070. {
2071. "name": "DestroyCursor",
2072. "address": "0x476648"
2073. },
2074. {
2075. "name": "DeleteMenu",
2076. "address": "0x47664c"
2077. },
2078. {
2079. "name": "DefWindowProcA",
2080. "address": "0x476650"
2081. },
2082. {
2083. "name": "DefMDIChildProcA",
2084. "address": "0x476654"
2085. },
2086. {
2087. "name": "DefFrameProcA",
2088. "address": "0x476658"
2089. },
2090. {
2091. "name": "CreatePopupMenu",
2092. "address": "0x47665c"
2093. },
2094. {
2095. "name": "CreateMenu",
2096. "address": "0x476660"
2097. },
2098. {
2099. "name": "CreateIcon",
2100. "address": "0x476664"
2101. },
2102. {
2103. "name": "ClientToScreen",
2104. "address": "0x476668"
2105. },
2106. {
2107. "name": "ChildWindowFromPoint",
2108. "address": "0x47666c"
2109. },
2110. {
2111. "name": "CheckMenuItem",
2112. "address": "0x476670"
2113. },
2114. {
2115. "name": "CallWindowProcA",
2116. "address": "0x476674"
2117. },
2118. {
2119. "name": "CallNextHookEx",
2120. "address": "0x476678"
2121. },
2122. {
2123. "name": "BringWindowToTop",
2124. "address": "0x47667c"
2125. },
2126. {
2127. "name": "BeginPaint",
2128. "address": "0x476680"
2129. },
2130. {
2131. "name": "CharNextA",
2132. "address": "0x476684"
2133. },
2134. {
2135. "name": "CharLowerA",
2136. "address": "0x476688"
2137. },
2138. {
2139. "name": "CharToOemA",
2140. "address": "0x47668c"
2141. },
2142. {
2143. "name": "AdjustWindowRectEx",
2144. "address": "0x476690"
2145. },
2146. {
2147. "name": "ActivateKeyboardLayout",
2148. "address": "0x476694"
2149. }
2150. ],
2151. "dll": "user32.dll"
2152. },
2153. {
2154. "imports": [
2155. {
2156. "name": "Sleep",
2157. "address": "0x47669c"
2158. }
2159. ],
2160. "dll": "kernel32.dll"
2161. },
2162. {
2163. "imports": [
2164. {
2165. "name": "SafeArrayPtrOfIndex",
2166. "address": "0x4766a4"
2167. },
2168. {
2169. "name": "SafeArrayGetUBound",
2170. "address": "0x4766a8"
2171. },
2172. {
2173. "name": "SafeArrayGetLBound",
2174. "address": "0x4766ac"
2175. },
2176. {
2177. "name": "SafeArrayCreate",
2178. "address": "0x4766b0"
2179. },
2180. {
2181. "name": "VariantChangeType",
2182. "address": "0x4766b4"
2183. },
2184. {
2185. "name": "VariantCopy",
2186. "address": "0x4766b8"
2187. },
2188. {
2189. "name": "VariantClear",
2190. "address": "0x4766bc"
2191. },
2192. {
2193. "name": "VariantInit",
2194. "address": "0x4766c0"
2195. }
2196. ],
2197. "dll": "oleaut32.dll"
2198. },
2199. {
2200. "imports": [
2201. {
2202. "name": "CoTaskMemAlloc",
2203. "address": "0x4766c8"
2204. },
2205. {
2206. "name": "CoCreateInstance",
2207. "address": "0x4766cc"
2208. },
2209. {
2210. "name": "CoUninitialize",
2211. "address": "0x4766d0"
2212. },
2213. {
2214. "name": "CoInitialize",
2215. "address": "0x4766d4"
2216. }
2217. ],
2218. "dll": "ole32.dll"
2219. },
2220. {
2221. "imports": [
2222. {
2223. "name": "ImageList_SetIconSize",
2224. "address": "0x4766dc"
2225. },
2226. {
2227. "name": "ImageList_GetIconSize",
2228. "address": "0x4766e0"
2229. },
2230. {
2231. "name": "ImageList_Write",
2232. "address": "0x4766e4"
2233. },
2234. {
2235. "name": "ImageList_Read",
2236. "address": "0x4766e8"
2237. },
2238. {
2239. "name": "ImageList_GetDragImage",
2240. "address": "0x4766ec"
2241. },
2242. {
2243. "name": "ImageList_DragShowNolock",
2244. "address": "0x4766f0"
2245. },
2246. {
2247. "name": "ImageList_SetDragCursorImage",
2248. "address": "0x4766f4"
2249. },
2250. {
2251. "name": "ImageList_DragMove",
2252. "address": "0x4766f8"
2253. },
2254. {
2255. "name": "ImageList_DragLeave",
2256. "address": "0x4766fc"
2257. },
2258. {
2259. "name": "ImageList_DragEnter",
2260. "address": "0x476700"
2261. },
2262. {
2263. "name": "ImageList_EndDrag",
2264. "address": "0x476704"
2265. },
2266. {
2267. "name": "ImageList_BeginDrag",
2268. "address": "0x476708"
2269. },
2270. {
2271. "name": "ImageList_Remove",
2272. "address": "0x47670c"
2273. },
2274. {
2275. "name": "ImageList_DrawEx",
2276. "address": "0x476710"
2277. },
2278. {
2279. "name": "ImageList_Draw",
2280. "address": "0x476714"
2281. },
2282. {
2283. "name": "ImageList_GetBkColor",
2284. "address": "0x476718"
2285. },
2286. {
2287. "name": "ImageList_SetBkColor",
2288. "address": "0x47671c"
2289. },
2290. {
2291. "name": "ImageList_ReplaceIcon",
2292. "address": "0x476720"
2293. },
2294. {
2295. "name": "ImageList_Add",
2296. "address": "0x476724"
2297. },
2298. {
2299. "name": "ImageList_GetImageCount",
2300. "address": "0x476728"
2301. },
2302. {
2303. "name": "ImageList_Destroy",
2304. "address": "0x47672c"
2305. },
2306. {
2307. "name": "ImageList_Create",
2308. "address": "0x476730"
2309. },
2310. {
2311. "name": "InitCommonControls",
2312. "address": "0x476734"
2313. }
2314. ],
2315. "dll": "comctl32.dll"
2316. },
2317. {
2318. "imports": [
2319. {
2320. "name": "ReplaceTextA",
2321. "address": "0x47673c"
2322. },
2323. {
2324. "name": "FindTextA",
2325. "address": "0x476740"
2326. }
2327. ],
2328. "dll": "comdlg32.dll"
2329. }
2330. ],
2331. "digital_signers": null,
2332. "exported_dll_name": null,
2333. "actual_checksum": "0x000ad73e",
2334. "overlay": null,
2335. "imagebase": "0x00400000",
2336. "reported_checksum": "0x00000000",
2337. "icon_hash": null,
2338. "entrypoint": "0x0046a13c",
2339. "timestamp": "1992-01-04 00:24:27",
2340. "osversion": "4.0",
2341. "sections": [
2342. {
2343. "name": "CODE",
2344. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2345. "virtual_address": "0x00001000",
2346. "size_of_data": "0x00069200",
2347. "entropy": "6.52",
2348. "raw_address": "0x00000400",
2349. "virtual_size": "0x00069184",
2350. "characteristics_raw": "0x60000020"
2351. },
2352. {
2353. "name": "DATA",
2354. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2355. "virtual_address": "0x0006b000",
2356. "size_of_data": "0x00009400",
2357. "entropy": "5.08",
2358. "raw_address": "0x00069600",
2359. "virtual_size": "0x000093d0",
2360. "characteristics_raw": "0xc0000040"
2361. },
2362. {
2363. "name": "BSS",
2364. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2365. "virtual_address": "0x00075000",
2366. "size_of_data": "0x00000000",
2367. "entropy": "0.00",
2368. "raw_address": "0x00072a00",
2369. "virtual_size": "0x00000d09",
2370. "characteristics_raw": "0xc0000000"
2371. },
2372. {
2373. "name": ".idata",
2374. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2375. "virtual_address": "0x00076000",
2376. "size_of_data": "0x00002200",
2377. "entropy": "4.80",
2378. "raw_address": "0x00072a00",
2379. "virtual_size": "0x000020c2",
2380. "characteristics_raw": "0xc0000040"
2381. },
2382. {
2383. "name": ".tls",
2384. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2385. "virtual_address": "0x00079000",
2386. "size_of_data": "0x00000000",
2387. "entropy": "0.00",
2388. "raw_address": "0x00074c00",
2389. "virtual_size": "0x00000010",
2390. "characteristics_raw": "0xc0000000"
2391. },
2392. {
2393. "name": ".rdata",
2394. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2395. "virtual_address": "0x0007a000",
2396. "size_of_data": "0x00000200",
2397. "entropy": "0.21",
2398. "raw_address": "0x00074c00",
2399. "virtual_size": "0x00000018",
2400. "characteristics_raw": "0x50000040"
2401. },
2402. {
2403. "name": ".reloc",
2404. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2405. "virtual_address": "0x0007b000",
2406. "size_of_data": "0x00007c00",
2407. "entropy": "6.63",
2408. "raw_address": "0x00074e00",
2409. "virtual_size": "0x00007ab4",
2410. "characteristics_raw": "0x50000040"
2411. },
2412. {
2413. "name": ".rsrc",
2414. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2415. "virtual_address": "0x00083000",
2416. "size_of_data": "0x0002ba00",
2417. "entropy": "7.16",
2418. "raw_address": "0x0007ca00",
2419. "virtual_size": "0x0002b8e8",
2420. "characteristics_raw": "0x50000040"
2421. }
2422. ],
2423. "resources": [],
2424. "dirents": [
2425. {
2426. "virtual_address": "0x00000000",
2427. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2428. "size": "0x00000000"
2429. },
2430. {
2431. "virtual_address": "0x00076000",
2432. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2433. "size": "0x000020c2"
2434. },
2435. {
2436. "virtual_address": "0x00083000",
2437. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2438. "size": "0x0002b8e8"
2439. },
2440. {
2441. "virtual_address": "0x00000000",
2442. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2443. "size": "0x00000000"
2444. },
2445. {
2446. "virtual_address": "0x00000000",
2447. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2448. "size": "0x00000000"
2449. },
2450. {
2451. "virtual_address": "0x0007b000",
2452. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2453. "size": "0x00007ab4"
2454. },
2455. {
2456. "virtual_address": "0x00000000",
2457. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2458. "size": "0x00000000"
2459. },
2460. {
2461. "virtual_address": "0x00000000",
2462. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2463. "size": "0x00000000"
2464. },
2465. {
2466. "virtual_address": "0x00000000",
2467. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2468. "size": "0x00000000"
2469. },
2470. {
2471. "virtual_address": "0x0007a000",
2472. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2473. "size": "0x00000018"
2474. },
2475. {
2476. "virtual_address": "0x00000000",
2477. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2478. "size": "0x00000000"
2479. },
2480. {
2481. "virtual_address": "0x00000000",
2482. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2483. "size": "0x00000000"
2484. },
2485. {
2486. "virtual_address": "0x00000000",
2487. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2488. "size": "0x00000000"
2489. },
2490. {
2491. "virtual_address": "0x00000000",
2492. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2493. "size": "0x00000000"
2494. },
2495. {
2496. "virtual_address": "0x00000000",
2497. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2498. "size": "0x00000000"
2499. },
2500. {
2501. "virtual_address": "0x00000000",
2502. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2503. "size": "0x00000000"
2504. }
2505. ],
2506. "exports": [],
2507. "guest_signers": {},
2508. "imphash": "b6b2a783bd5c931709bdc68a1624d6e8",
2509. "icon_fuzzy": null,
2510. "icon": null,
2511. "pdbpath": null,
2512. "imported_dll_count": 15,
2513. "versioninfo": []
2514. }
2515. }
2516.  
2517. [*] Resolved APIs: [
2518. "kernel32.dll.GetDiskFreeSpaceExA",
2519. "oleaut32.dll.VariantChangeTypeEx",
2520. "oleaut32.dll.VarNeg",
2521. "oleaut32.dll.VarNot",
2522. "oleaut32.dll.VarAdd",
2523. "oleaut32.dll.VarSub",
2524. "oleaut32.dll.VarMul",
2525. "oleaut32.dll.VarDiv",
2526. "oleaut32.dll.VarIdiv",
2527. "oleaut32.dll.VarMod",
2528. "oleaut32.dll.VarAnd",
2529. "oleaut32.dll.VarOr",
2530. "oleaut32.dll.VarXor",
2531. "oleaut32.dll.VarCmp",
2532. "oleaut32.dll.VarI4FromStr",
2533. "oleaut32.dll.VarR4FromStr",
2534. "oleaut32.dll.VarR8FromStr",
2535. "oleaut32.dll.VarDateFromStr",
2536. "oleaut32.dll.VarCyFromStr",
2537. "oleaut32.dll.VarBoolFromStr",
2538. "oleaut32.dll.VarBstrFromCy",
2539. "oleaut32.dll.VarBstrFromDate",
2540. "oleaut32.dll.VarBstrFromBool",
2541. "user32.dll.GetMonitorInfoA",
2542. "user32.dll.GetSystemMetrics",
2543. "user32.dll.EnumDisplayMonitors",
2544. "dwmapi.dll.DwmIsCompositionEnabled",
2545. "gdi32.dll.GetLayout",
2546. "gdi32.dll.GdiRealizationInfo",
2547. "gdi32.dll.FontIsLinked",
2548. "advapi32.dll.RegOpenKeyExW",
2549. "advapi32.dll.RegQueryInfoKeyW",
2550. "gdi32.dll.GetTextFaceAliasW",
2551. "advapi32.dll.RegEnumValueW",
2552. "advapi32.dll.RegCloseKey",
2553. "advapi32.dll.RegQueryValueExW",
2554. "gdi32.dll.GetFontAssocStatus",
2555. "advapi32.dll.RegQueryValueExA",
2556. "advapi32.dll.RegEnumKeyExW",
2557. "gdi32.dll.GdiIsMetaPrintDC",
2558. "user32.dll.AnimateWindow",
2559. "comctl32.dll.InitializeFlatSB",
2560. "comctl32.dll.UninitializeFlatSB",
2561. "comctl32.dll.FlatSB_GetScrollProp",
2562. "comctl32.dll.FlatSB_SetScrollProp",
2563. "comctl32.dll.FlatSB_EnableScrollBar",
2564. "comctl32.dll.FlatSB_ShowScrollBar",
2565. "comctl32.dll.FlatSB_GetScrollRange",
2566. "comctl32.dll.FlatSB_GetScrollInfo",
2567. "comctl32.dll.FlatSB_GetScrollPos",
2568. "comctl32.dll.FlatSB_SetScrollPos",
2569. "comctl32.dll.FlatSB_SetScrollInfo",
2570. "comctl32.dll.FlatSB_SetScrollRange",
2571. "user32.dll.SetLayeredWindowAttributes",
2572. "user32.dll.RegisterRawInputDevices",
2573. "user32.dll.GetRawInputData",
2574. "uxtheme.dll.ThemeInitApiHook",
2575. "user32.dll.IsProcessDPIAware"
2576. ]
2577.  
2578. [*] Static Analysis: {
2579. "pe": {
2580. "peid_signatures": null,
2581. "imports": [
2582. {
2583. "imports": [
2584. {
2585. "name": "DeleteCriticalSection",
2586. "address": "0x476140"
2587. },
2588. {
2589. "name": "LeaveCriticalSection",
2590. "address": "0x476144"
2591. },
2592. {
2593. "name": "EnterCriticalSection",
2594. "address": "0x476148"
2595. },
2596. {
2597. "name": "InitializeCriticalSection",
2598. "address": "0x47614c"
2599. },
2600. {
2601. "name": "VirtualFree",
2602. "address": "0x476150"
2603. },
2604. {
2605. "name": "VirtualAlloc",
2606. "address": "0x476154"
2607. },
2608. {
2609. "name": "LocalFree",
2610. "address": "0x476158"
2611. },
2612. {
2613. "name": "LocalAlloc",
2614. "address": "0x47615c"
2615. },
2616. {
2617. "name": "GetVersion",
2618. "address": "0x476160"
2619. },
2620. {
2621. "name": "GetCurrentThreadId",
2622. "address": "0x476164"
2623. },
2624. {
2625. "name": "InterlockedDecrement",
2626. "address": "0x476168"
2627. },
2628. {
2629. "name": "InterlockedIncrement",
2630. "address": "0x47616c"
2631. },
2632. {
2633. "name": "VirtualQuery",
2634. "address": "0x476170"
2635. },
2636. {
2637. "name": "WideCharToMultiByte",
2638. "address": "0x476174"
2639. },
2640. {
2641. "name": "MultiByteToWideChar",
2642. "address": "0x476178"
2643. },
2644. {
2645. "name": "lstrlenA",
2646. "address": "0x47617c"
2647. },
2648. {
2649. "name": "lstrcpynA",
2650. "address": "0x476180"
2651. },
2652. {
2653. "name": "LoadLibraryExA",
2654. "address": "0x476184"
2655. },
2656. {
2657. "name": "GetThreadLocale",
2658. "address": "0x476188"
2659. },
2660. {
2661. "name": "GetStartupInfoA",
2662. "address": "0x47618c"
2663. },
2664. {
2665. "name": "GetProcAddress",
2666. "address": "0x476190"
2667. },
2668. {
2669. "name": "GetModuleHandleA",
2670. "address": "0x476194"
2671. },
2672. {
2673. "name": "GetModuleFileNameA",
2674. "address": "0x476198"
2675. },
2676. {
2677. "name": "GetLocaleInfoA",
2678. "address": "0x47619c"
2679. },
2680. {
2681. "name": "GetCommandLineA",
2682. "address": "0x4761a0"
2683. },
2684. {
2685. "name": "FreeLibrary",
2686. "address": "0x4761a4"
2687. },
2688. {
2689. "name": "FindFirstFileA",
2690. "address": "0x4761a8"
2691. },
2692. {
2693. "name": "FindClose",
2694. "address": "0x4761ac"
2695. },
2696. {
2697. "name": "ExitProcess",
2698. "address": "0x4761b0"
2699. },
2700. {
2701. "name": "WriteFile",
2702. "address": "0x4761b4"
2703. },
2704. {
2705. "name": "UnhandledExceptionFilter",
2706. "address": "0x4761b8"
2707. },
2708. {
2709. "name": "RtlUnwind",
2710. "address": "0x4761bc"
2711. },
2712. {
2713. "name": "RaiseException",
2714. "address": "0x4761c0"
2715. },
2716. {
2717. "name": "GetStdHandle",
2718. "address": "0x4761c4"
2719. }
2720. ],
2721. "dll": "kernel32.dll"
2722. },
2723. {
2724. "imports": [
2725. {
2726. "name": "GetKeyboardType",
2727. "address": "0x4761cc"
2728. },
2729. {
2730. "name": "LoadStringA",
2731. "address": "0x4761d0"
2732. },
2733. {
2734. "name": "MessageBoxA",
2735. "address": "0x4761d4"
2736. },
2737. {
2738. "name": "CharNextA",
2739. "address": "0x4761d8"
2740. }
2741. ],
2742. "dll": "user32.dll"
2743. },
2744. {
2745. "imports": [
2746. {
2747. "name": "RegQueryValueExA",
2748. "address": "0x4761e0"
2749. },
2750. {
2751. "name": "RegOpenKeyExA",
2752. "address": "0x4761e4"
2753. },
2754. {
2755. "name": "RegCloseKey",
2756. "address": "0x4761e8"
2757. }
2758. ],
2759. "dll": "advapi32.dll"
2760. },
2761. {
2762. "imports": [
2763. {
2764. "name": "SysFreeString",
2765. "address": "0x4761f0"
2766. },
2767. {
2768. "name": "SysReAllocStringLen",
2769. "address": "0x4761f4"
2770. },
2771. {
2772. "name": "SysAllocStringLen",
2773. "address": "0x4761f8"
2774. }
2775. ],
2776. "dll": "oleaut32.dll"
2777. },
2778. {
2779. "imports": [
2780. {
2781. "name": "TlsSetValue",
2782. "address": "0x476200"
2783. },
2784. {
2785. "name": "TlsGetValue",
2786. "address": "0x476204"
2787. },
2788. {
2789. "name": "LocalAlloc",
2790. "address": "0x476208"
2791. },
2792. {
2793. "name": "GetModuleHandleA",
2794. "address": "0x47620c"
2795. }
2796. ],
2797. "dll": "kernel32.dll"
2798. },
2799. {
2800. "imports": [
2801. {
2802. "name": "RegQueryValueExA",
2803. "address": "0x476214"
2804. },
2805. {
2806. "name": "RegOpenKeyExA",
2807. "address": "0x476218"
2808. },
2809. {
2810. "name": "RegCloseKey",
2811. "address": "0x47621c"
2812. }
2813. ],
2814. "dll": "advapi32.dll"
2815. },
2816. {
2817. "imports": [
2818. {
2819. "name": "lstrcpyA",
2820. "address": "0x476224"
2821. },
2822. {
2823. "name": "lstrcmpA",
2824. "address": "0x476228"
2825. },
2826. {
2827. "name": "WriteFile",
2828. "address": "0x47622c"
2829. },
2830. {
2831. "name": "WaitForSingleObject",
2832. "address": "0x476230"
2833. },
2834. {
2835. "name": "VirtualQuery",
2836. "address": "0x476234"
2837. },
2838. {
2839. "name": "VirtualAlloc",
2840. "address": "0x476238"
2841. },
2842. {
2843. "name": "Sleep",
2844. "address": "0x47623c"
2845. },
2846. {
2847. "name": "SizeofResource",
2848. "address": "0x476240"
2849. },
2850. {
2851. "name": "SetThreadLocale",
2852. "address": "0x476244"
2853. },
2854. {
2855. "name": "SetFilePointer",
2856. "address": "0x476248"
2857. },
2858. {
2859. "name": "SetEvent",
2860. "address": "0x47624c"
2861. },
2862. {
2863. "name": "SetErrorMode",
2864. "address": "0x476250"
2865. },
2866. {
2867. "name": "SetEndOfFile",
2868. "address": "0x476254"
2869. },
2870. {
2871. "name": "ResetEvent",
2872. "address": "0x476258"
2873. },
2874. {
2875. "name": "ReadFile",
2876. "address": "0x47625c"
2877. },
2878. {
2879. "name": "MulDiv",
2880. "address": "0x476260"
2881. },
2882. {
2883. "name": "LockResource",
2884. "address": "0x476264"
2885. },
2886. {
2887. "name": "LoadResource",
2888. "address": "0x476268"
2889. },
2890. {
2891. "name": "LoadLibraryA",
2892. "address": "0x47626c"
2893. },
2894. {
2895. "name": "LeaveCriticalSection",
2896. "address": "0x476270"
2897. },
2898. {
2899. "name": "InitializeCriticalSection",
2900. "address": "0x476274"
2901. },
2902. {
2903. "name": "GlobalUnlock",
2904. "address": "0x476278"
2905. },
2906. {
2907. "name": "GlobalReAlloc",
2908. "address": "0x47627c"
2909. },
2910. {
2911. "name": "GlobalHandle",
2912. "address": "0x476280"
2913. },
2914. {
2915. "name": "GlobalLock",
2916. "address": "0x476284"
2917. },
2918. {
2919. "name": "GlobalFree",
2920. "address": "0x476288"
2921. },
2922. {
2923. "name": "GlobalFindAtomA",
2924. "address": "0x47628c"
2925. },
2926. {
2927. "name": "GlobalDeleteAtom",
2928. "address": "0x476290"
2929. },
2930. {
2931. "name": "GlobalAlloc",
2932. "address": "0x476294"
2933. },
2934. {
2935. "name": "GlobalAddAtomA",
2936. "address": "0x476298"
2937. },
2938. {
2939. "name": "GetVersionExA",
2940. "address": "0x47629c"
2941. },
2942. {
2943. "name": "GetVersion",
2944. "address": "0x4762a0"
2945. },
2946. {
2947. "name": "GetTickCount",
2948. "address": "0x4762a4"
2949. },
2950. {
2951. "name": "GetThreadLocale",
2952. "address": "0x4762a8"
2953. },
2954. {
2955. "name": "GetSystemInfo",
2956. "address": "0x4762ac"
2957. },
2958. {
2959. "name": "GetStringTypeExA",
2960. "address": "0x4762b0"
2961. },
2962. {
2963. "name": "GetStdHandle",
2964. "address": "0x4762b4"
2965. },
2966. {
2967. "name": "GetProcAddress",
2968. "address": "0x4762b8"
2969. },
2970. {
2971. "name": "GetModuleHandleA",
2972. "address": "0x4762bc"
2973. },
2974. {
2975. "name": "GetModuleFileNameA",
2976. "address": "0x4762c0"
2977. },
2978. {
2979. "name": "GetLocaleInfoA",
2980. "address": "0x4762c4"
2981. },
2982. {
2983. "name": "GetLocalTime",
2984. "address": "0x4762c8"
2985. },
2986. {
2987. "name": "GetLastError",
2988. "address": "0x4762cc"
2989. },
2990. {
2991. "name": "GetFullPathNameA",
2992. "address": "0x4762d0"
2993. },
2994. {
2995. "name": "GetFileType",
2996. "address": "0x4762d4"
2997. },
2998. {
2999. "name": "GetDiskFreeSpaceA",
3000. "address": "0x4762d8"
3001. },
3002. {
3003. "name": "GetDateFormatA",
3004. "address": "0x4762dc"
3005. },
3006. {
3007. "name": "GetCurrentThreadId",
3008. "address": "0x4762e0"
3009. },
3010. {
3011. "name": "GetCurrentProcessId",
3012. "address": "0x4762e4"
3013. },
3014. {
3015. "name": "GetCPInfo",
3016. "address": "0x4762e8"
3017. },
3018. {
3019. "name": "GetACP",
3020. "address": "0x4762ec"
3021. },
3022. {
3023. "name": "FreeResource",
3024. "address": "0x4762f0"
3025. },
3026. {
3027. "name": "InterlockedExchange",
3028. "address": "0x4762f4"
3029. },
3030. {
3031. "name": "FreeLibrary",
3032. "address": "0x4762f8"
3033. },
3034. {
3035. "name": "FormatMessageA",
3036. "address": "0x4762fc"
3037. },
3038. {
3039. "name": "FindResourceA",
3040. "address": "0x476300"
3041. },
3042. {
3043. "name": "EnumCalendarInfoA",
3044. "address": "0x476304"
3045. },
3046. {
3047. "name": "EnterCriticalSection",
3048. "address": "0x476308"
3049. },
3050. {
3051. "name": "DeleteCriticalSection",
3052. "address": "0x47630c"
3053. },
3054. {
3055. "name": "CreateThread",
3056. "address": "0x476310"
3057. },
3058. {
3059. "name": "CreateFileA",
3060. "address": "0x476314"
3061. },
3062. {
3063. "name": "CreateEventA",
3064. "address": "0x476318"
3065. },
3066. {
3067. "name": "CompareStringA",
3068. "address": "0x47631c"
3069. },
3070. {
3071. "name": "CloseHandle",
3072. "address": "0x476320"
3073. }
3074. ],
3075. "dll": "kernel32.dll"
3076. },
3077. {
3078. "imports": [
3079. {
3080. "name": "VerQueryValueA",
3081. "address": "0x476328"
3082. },
3083. {
3084. "name": "GetFileVersionInfoSizeA",
3085. "address": "0x47632c"
3086. },
3087. {
3088. "name": "GetFileVersionInfoA",
3089. "address": "0x476330"
3090. }
3091. ],
3092. "dll": "version.dll"
3093. },
3094. {
3095. "imports": [
3096. {
3097. "name": "UnrealizeObject",
3098. "address": "0x476338"
3099. },
3100. {
3101. "name": "StretchBlt",
3102. "address": "0x47633c"
3103. },
3104. {
3105. "name": "SetWindowOrgEx",
3106. "address": "0x476340"
3107. },
3108. {
3109. "name": "SetViewportOrgEx",
3110. "address": "0x476344"
3111. },
3112. {
3113. "name": "SetTextColor",
3114. "address": "0x476348"
3115. },
3116. {
3117. "name": "SetStretchBltMode",
3118. "address": "0x47634c"
3119. },
3120. {
3121. "name": "SetROP2",
3122. "address": "0x476350"
3123. },
3124. {
3125. "name": "SetPixel",
3126. "address": "0x476354"
3127. },
3128. {
3129. "name": "SetDIBColorTable",
3130. "address": "0x476358"
3131. },
3132. {
3133. "name": "SetBrushOrgEx",
3134. "address": "0x47635c"
3135. },
3136. {
3137. "name": "SetBkMode",
3138. "address": "0x476360"
3139. },
3140. {
3141. "name": "SetBkColor",
3142. "address": "0x476364"
3143. },
3144. {
3145. "name": "SelectPalette",
3146. "address": "0x476368"
3147. },
3148. {
3149. "name": "SelectObject",
3150. "address": "0x47636c"
3151. },
3152. {
3153. "name": "ScaleWindowExtEx",
3154. "address": "0x476370"
3155. },
3156. {
3157. "name": "SaveDC",
3158. "address": "0x476374"
3159. },
3160. {
3161. "name": "RestoreDC",
3162. "address": "0x476378"
3163. },
3164. {
3165. "name": "Rectangle",
3166. "address": "0x47637c"
3167. },
3168. {
3169. "name": "RectVisible",
3170. "address": "0x476380"
3171. },
3172. {
3173. "name": "RealizePalette",
3174. "address": "0x476384"
3175. },
3176. {
3177. "name": "PatBlt",
3178. "address": "0x476388"
3179. },
3180. {
3181. "name": "MoveToEx",
3182. "address": "0x47638c"
3183. },
3184. {
3185. "name": "MaskBlt",
3186. "address": "0x476390"
3187. },
3188. {
3189. "name": "LineTo",
3190. "address": "0x476394"
3191. },
3192. {
3193. "name": "IntersectClipRect",
3194. "address": "0x476398"
3195. },
3196. {
3197. "name": "GetWindowOrgEx",
3198. "address": "0x47639c"
3199. },
3200. {
3201. "name": "GetTextMetricsA",
3202. "address": "0x4763a0"
3203. },
3204. {
3205. "name": "GetTextExtentPoint32A",
3206. "address": "0x4763a4"
3207. },
3208. {
3209. "name": "GetSystemPaletteEntries",
3210. "address": "0x4763a8"
3211. },
3212. {
3213. "name": "GetStockObject",
3214. "address": "0x4763ac"
3215. },
3216. {
3217. "name": "GetPixel",
3218. "address": "0x4763b0"
3219. },
3220. {
3221. "name": "GetPaletteEntries",
3222. "address": "0x4763b4"
3223. },
3224. {
3225. "name": "GetObjectA",
3226. "address": "0x4763b8"
3227. },
3228. {
3229. "name": "GetDeviceCaps",
3230. "address": "0x4763bc"
3231. },
3232. {
3233. "name": "GetDIBits",
3234. "address": "0x4763c0"
3235. },
3236. {
3237. "name": "GetDIBColorTable",
3238. "address": "0x4763c4"
3239. },
3240. {
3241. "name": "GetDCOrgEx",
3242. "address": "0x4763c8"
3243. },
3244. {
3245. "name": "GetCurrentPositionEx",
3246. "address": "0x4763cc"
3247. },
3248. {
3249. "name": "GetClipBox",
3250. "address": "0x4763d0"
3251. },
3252. {
3253. "name": "GetBrushOrgEx",
3254. "address": "0x4763d4"
3255. },
3256. {
3257. "name": "GetBitmapBits",
3258. "address": "0x4763d8"
3259. },
3260. {
3261. "name": "ExtTextOutA",
3262. "address": "0x4763dc"
3263. },
3264. {
3265. "name": "ExcludeClipRect",
3266. "address": "0x4763e0"
3267. },
3268. {
3269. "name": "DeleteObject",
3270. "address": "0x4763e4"
3271. },
3272. {
3273. "name": "DeleteDC",
3274. "address": "0x4763e8"
3275. },
3276. {
3277. "name": "CreateSolidBrush",
3278. "address": "0x4763ec"
3279. },
3280. {
3281. "name": "CreatePenIndirect",
3282. "address": "0x4763f0"
3283. },
3284. {
3285. "name": "CreatePalette",
3286. "address": "0x4763f4"
3287. },
3288. {
3289. "name": "CreateHalftonePalette",
3290. "address": "0x4763f8"
3291. },
3292. {
3293. "name": "CreateFontIndirectA",
3294. "address": "0x4763fc"
3295. },
3296. {
3297. "name": "CreateDIBitmap",
3298. "address": "0x476400"
3299. },
3300. {
3301. "name": "CreateDIBSection",
3302. "address": "0x476404"
3303. },
3304. {
3305. "name": "CreateCompatibleDC",
3306. "address": "0x476408"
3307. },
3308. {
3309. "name": "CreateCompatibleBitmap",
3310. "address": "0x47640c"
3311. },
3312. {
3313. "name": "CreateBrushIndirect",
3314. "address": "0x476410"
3315. },
3316. {
3317. "name": "CreateBitmap",
3318. "address": "0x476414"
3319. },
3320. {
3321. "name": "BitBlt",
3322. "address": "0x476418"
3323. }
3324. ],
3325. "dll": "gdi32.dll"
3326. },
3327. {
3328. "imports": [
3329. {
3330. "name": "CreateWindowExA",
3331. "address": "0x476420"
3332. },
3333. {
3334. "name": "WindowFromPoint",
3335. "address": "0x476424"
3336. },
3337. {
3338. "name": "WinHelpA",
3339. "address": "0x476428"
3340. },
3341. {
3342. "name": "WaitMessage",
3343. "address": "0x47642c"
3344. },
3345. {
3346. "name": "UpdateWindow",
3347. "address": "0x476430"
3348. },
3349. {
3350. "name": "UnregisterClassA",
3351. "address": "0x476434"
3352. },
3353. {
3354. "name": "UnhookWindowsHookEx",
3355. "address": "0x476438"
3356. },
3357. {
3358. "name": "TranslateMessage",
3359. "address": "0x47643c"
3360. },
3361. {
3362. "name": "TranslateMDISysAccel",
3363. "address": "0x476440"
3364. },
3365. {
3366. "name": "TrackPopupMenu",
3367. "address": "0x476444"
3368. },
3369. {
3370. "name": "SystemParametersInfoA",
3371. "address": "0x476448"
3372. },
3373. {
3374. "name": "ShowWindow",
3375. "address": "0x47644c"
3376. },
3377. {
3378. "name": "ShowScrollBar",
3379. "address": "0x476450"
3380. },
3381. {
3382. "name": "ShowOwnedPopups",
3383. "address": "0x476454"
3384. },
3385. {
3386. "name": "ShowCursor",
3387. "address": "0x476458"
3388. },
3389. {
3390. "name": "SetWindowsHookExA",
3391. "address": "0x47645c"
3392. },
3393. {
3394. "name": "SetWindowTextA",
3395. "address": "0x476460"
3396. },
3397. {
3398. "name": "SetWindowPos",
3399. "address": "0x476464"
3400. },
3401. {
3402. "name": "SetWindowPlacement",
3403. "address": "0x476468"
3404. },
3405. {
3406. "name": "SetWindowLongA",
3407. "address": "0x47646c"
3408. },
3409. {
3410. "name": "SetTimer",
3411. "address": "0x476470"
3412. },
3413. {
3414. "name": "SetScrollRange",
3415. "address": "0x476474"
3416. },
3417. {
3418. "name": "SetScrollPos",
3419. "address": "0x476478"
3420. },
3421. {
3422. "name": "SetScrollInfo",
3423. "address": "0x47647c"
3424. },
3425. {
3426. "name": "SetRect",
3427. "address": "0x476480"
3428. },
3429. {
3430. "name": "SetPropA",
3431. "address": "0x476484"
3432. },
3433. {
3434. "name": "SetParent",
3435. "address": "0x476488"
3436. },
3437. {
3438. "name": "SetMenuItemInfoA",
3439. "address": "0x47648c"
3440. },
3441. {
3442. "name": "SetMenu",
3443. "address": "0x476490"
3444. },
3445. {
3446. "name": "SetForegroundWindow",
3447. "address": "0x476494"
3448. },
3449. {
3450. "name": "SetFocus",
3451. "address": "0x476498"
3452. },
3453. {
3454. "name": "SetCursor",
3455. "address": "0x47649c"
3456. },
3457. {
3458. "name": "SetClassLongA",
3459. "address": "0x4764a0"
3460. },
3461. {
3462. "name": "SetCapture",
3463. "address": "0x4764a4"
3464. },
3465. {
3466. "name": "SetActiveWindow",
3467. "address": "0x4764a8"
3468. },
3469. {
3470. "name": "SendMessageA",
3471. "address": "0x4764ac"
3472. },
3473. {
3474. "name": "ScrollWindow",
3475. "address": "0x4764b0"
3476. },
3477. {
3478. "name": "ScreenToClient",
3479. "address": "0x4764b4"
3480. },
3481. {
3482. "name": "RemovePropA",
3483. "address": "0x4764b8"
3484. },
3485. {
3486. "name": "RemoveMenu",
3487. "address": "0x4764bc"
3488. },
3489. {
3490. "name": "ReleaseDC",
3491. "address": "0x4764c0"
3492. },
3493. {
3494. "name": "ReleaseCapture",
3495. "address": "0x4764c4"
3496. },
3497. {
3498. "name": "RegisterWindowMessageA",
3499. "address": "0x4764c8"
3500. },
3501. {
3502. "name": "RegisterClipboardFormatA",
3503. "address": "0x4764cc"
3504. },
3505. {
3506. "name": "RegisterClassA",
3507. "address": "0x4764d0"
3508. },
3509. {
3510. "name": "RedrawWindow",
3511. "address": "0x4764d4"
3512. },
3513. {
3514. "name": "PtInRect",
3515. "address": "0x4764d8"
3516. },
3517. {
3518. "name": "PostQuitMessage",
3519. "address": "0x4764dc"
3520. },
3521. {
3522. "name": "PostMessageA",
3523. "address": "0x4764e0"
3524. },
3525. {
3526. "name": "PeekMessageA",
3527. "address": "0x4764e4"
3528. },
3529. {
3530. "name": "OffsetRect",
3531. "address": "0x4764e8"
3532. },
3533. {
3534. "name": "OemToCharA",
3535. "address": "0x4764ec"
3536. },
3537. {
3538. "name": "MessageBoxA",
3539. "address": "0x4764f0"
3540. },
3541. {
3542. "name": "MapWindowPoints",
3543. "address": "0x4764f4"
3544. },
3545. {
3546. "name": "MapVirtualKeyA",
3547. "address": "0x4764f8"
3548. },
3549. {
3550. "name": "LoadStringA",
3551. "address": "0x4764fc"
3552. },
3553. {
3554. "name": "LoadKeyboardLayoutA",
3555. "address": "0x476500"
3556. },
3557. {
3558. "name": "LoadIconA",
3559. "address": "0x476504"
3560. },
3561. {
3562. "name": "LoadCursorA",
3563. "address": "0x476508"
3564. },
3565. {
3566. "name": "LoadBitmapA",
3567. "address": "0x47650c"
3568. },
3569. {
3570. "name": "KillTimer",
3571. "address": "0x476510"
3572. },
3573. {
3574. "name": "IsZoomed",
3575. "address": "0x476514"
3576. },
3577. {
3578. "name": "IsWindowVisible",
3579. "address": "0x476518"
3580. },
3581. {
3582. "name": "IsWindowEnabled",
3583. "address": "0x47651c"
3584. },
3585. {
3586. "name": "IsWindow",
3587. "address": "0x476520"
3588. },
3589. {
3590. "name": "IsRectEmpty",
3591. "address": "0x476524"
3592. },
3593. {
3594. "name": "IsIconic",
3595. "address": "0x476528"
3596. },
3597. {
3598. "name": "IsDialogMessageA",
3599. "address": "0x47652c"
3600. },
3601. {
3602. "name": "IsChild",
3603. "address": "0x476530"
3604. },
3605. {
3606. "name": "InvalidateRect",
3607. "address": "0x476534"
3608. },
3609. {
3610. "name": "IntersectRect",
3611. "address": "0x476538"
3612. },
3613. {
3614. "name": "InsertMenuItemA",
3615. "address": "0x47653c"
3616. },
3617. {
3618. "name": "InsertMenuA",
3619. "address": "0x476540"
3620. },
3621. {
3622. "name": "InflateRect",
3623. "address": "0x476544"
3624. },
3625. {
3626. "name": "GetWindowThreadProcessId",
3627. "address": "0x476548"
3628. },
3629. {
3630. "name": "GetWindowTextA",
3631. "address": "0x47654c"
3632. },
3633. {
3634. "name": "GetWindowRect",
3635. "address": "0x476550"
3636. },
3637. {
3638. "name": "GetWindowPlacement",
3639. "address": "0x476554"
3640. },
3641. {
3642. "name": "GetWindowLongA",
3643. "address": "0x476558"
3644. },
3645. {
3646. "name": "GetWindowDC",
3647. "address": "0x47655c"
3648. },
3649. {
3650. "name": "GetTopWindow",
3651. "address": "0x476560"
3652. },
3653. {
3654. "name": "GetSystemMetrics",
3655. "address": "0x476564"
3656. },
3657. {
3658. "name": "GetSystemMenu",
3659. "address": "0x476568"
3660. },
3661. {
3662. "name": "GetSysColorBrush",
3663. "address": "0x47656c"
3664. },
3665. {
3666. "name": "GetSysColor",
3667. "address": "0x476570"
3668. },
3669. {
3670. "name": "GetSubMenu",
3671. "address": "0x476574"
3672. },
3673. {
3674. "name": "GetScrollRange",
3675. "address": "0x476578"
3676. },
3677. {
3678. "name": "GetScrollPos",
3679. "address": "0x47657c"
3680. },
3681. {
3682. "name": "GetScrollInfo",
3683. "address": "0x476580"
3684. },
3685. {
3686. "name": "GetPropA",
3687. "address": "0x476584"
3688. },
3689. {
3690. "name": "GetParent",
3691. "address": "0x476588"
3692. },
3693. {
3694. "name": "GetWindow",
3695. "address": "0x47658c"
3696. },
3697. {
3698. "name": "GetMessagePos",
3699. "address": "0x476590"
3700. },
3701. {
3702. "name": "GetMenuStringA",
3703. "address": "0x476594"
3704. },
3705. {
3706. "name": "GetMenuState",
3707. "address": "0x476598"
3708. },
3709. {
3710. "name": "GetMenuItemInfoA",
3711. "address": "0x47659c"
3712. },
3713. {
3714. "name": "GetMenuItemID",
3715. "address": "0x4765a0"
3716. },
3717. {
3718. "name": "GetMenuItemCount",
3719. "address": "0x4765a4"
3720. },
3721. {
3722. "name": "GetMenu",
3723. "address": "0x4765a8"
3724. },
3725. {
3726. "name": "GetLastActivePopup",
3727. "address": "0x4765ac"
3728. },
3729. {
3730. "name": "GetKeyboardState",
3731. "address": "0x4765b0"
3732. },
3733. {
3734. "name": "GetKeyboardLayoutList",
3735. "address": "0x4765b4"
3736. },
3737. {
3738. "name": "GetKeyboardLayout",
3739. "address": "0x4765b8"
3740. },
3741. {
3742. "name": "GetKeyState",
3743. "address": "0x4765bc"
3744. },
3745. {
3746. "name": "GetKeyNameTextA",
3747. "address": "0x4765c0"
3748. },
3749. {
3750. "name": "GetIconInfo",
3751. "address": "0x4765c4"
3752. },
3753. {
3754. "name": "GetForegroundWindow",
3755. "address": "0x4765c8"
3756. },
3757. {
3758. "name": "GetFocus",
3759. "address": "0x4765cc"
3760. },
3761. {
3762. "name": "GetDesktopWindow",
3763. "address": "0x4765d0"
3764. },
3765. {
3766. "name": "GetDCEx",
3767. "address": "0x4765d4"
3768. },
3769. {
3770. "name": "GetDC",
3771. "address": "0x4765d8"
3772. },
3773. {
3774. "name": "GetCursorPos",
3775. "address": "0x4765dc"
3776. },
3777. {
3778. "name": "GetCursor",
3779. "address": "0x4765e0"
3780. },
3781. {
3782. "name": "GetClientRect",
3783. "address": "0x4765e4"
3784. },
3785. {
3786. "name": "GetClassNameA",
3787. "address": "0x4765e8"
3788. },
3789. {
3790. "name": "GetClassInfoA",
3791. "address": "0x4765ec"
3792. },
3793. {
3794. "name": "GetCapture",
3795. "address": "0x4765f0"
3796. },
3797. {
3798. "name": "GetActiveWindow",
3799. "address": "0x4765f4"
3800. },
3801. {
3802. "name": "FrameRect",
3803. "address": "0x4765f8"
3804. },
3805. {
3806. "name": "FindWindowA",
3807. "address": "0x4765fc"
3808. },
3809. {
3810. "name": "FillRect",
3811. "address": "0x476600"
3812. },
3813. {
3814. "name": "EqualRect",
3815. "address": "0x476604"
3816. },
3817. {
3818. "name": "EnumWindows",
3819. "address": "0x476608"
3820. },
3821. {
3822. "name": "EnumThreadWindows",
3823. "address": "0x47660c"
3824. },
3825. {
3826. "name": "EndPaint",
3827. "address": "0x476610"
3828. },
3829. {
3830. "name": "EnableWindow",
3831. "address": "0x476614"
3832. },
3833. {
3834. "name": "EnableScrollBar",
3835. "address": "0x476618"
3836. },
3837. {
3838. "name": "EnableMenuItem",
3839. "address": "0x47661c"
3840. },
3841. {
3842. "name": "DrawTextA",
3843. "address": "0x476620"
3844. },
3845. {
3846. "name": "DrawMenuBar",
3847. "address": "0x476624"
3848. },
3849. {
3850. "name": "DrawIconEx",
3851. "address": "0x476628"
3852. },
3853. {
3854. "name": "DrawIcon",
3855. "address": "0x47662c"
3856. },
3857. {
3858. "name": "DrawFrameControl",
3859. "address": "0x476630"
3860. },
3861. {
3862. "name": "DrawEdge",
3863. "address": "0x476634"
3864. },
3865. {
3866. "name": "DispatchMessageA",
3867. "address": "0x476638"
3868. },
3869. {
3870. "name": "DestroyWindow",
3871. "address": "0x47663c"
3872. },
3873. {
3874. "name": "DestroyMenu",
3875. "address": "0x476640"
3876. },
3877. {
3878. "name": "DestroyIcon",
3879. "address": "0x476644"
3880. },
3881. {
3882. "name": "DestroyCursor",
3883. "address": "0x476648"
3884. },
3885. {
3886. "name": "DeleteMenu",
3887. "address": "0x47664c"
3888. },
3889. {
3890. "name": "DefWindowProcA",
3891. "address": "0x476650"
3892. },
3893. {
3894. "name": "DefMDIChildProcA",
3895. "address": "0x476654"
3896. },
3897. {
3898. "name": "DefFrameProcA",
3899. "address": "0x476658"
3900. },
3901. {
3902. "name": "CreatePopupMenu",
3903. "address": "0x47665c"
3904. },
3905. {
3906. "name": "CreateMenu",
3907. "address": "0x476660"
3908. },
3909. {
3910. "name": "CreateIcon",
3911. "address": "0x476664"
3912. },
3913. {
3914. "name": "ClientToScreen",
3915. "address": "0x476668"
3916. },
3917. {
3918. "name": "ChildWindowFromPoint",
3919. "address": "0x47666c"
3920. },
3921. {
3922. "name": "CheckMenuItem",
3923. "address": "0x476670"
3924. },
3925. {
3926. "name": "CallWindowProcA",
3927. "address": "0x476674"
3928. },
3929. {
3930. "name": "CallNextHookEx",
3931. "address": "0x476678"
3932. },
3933. {
3934. "name": "BringWindowToTop",
3935. "address": "0x47667c"
3936. },
3937. {
3938. "name": "BeginPaint",
3939. "address": "0x476680"
3940. },
3941. {
3942. "name": "CharNextA",
3943. "address": "0x476684"
3944. },
3945. {
3946. "name": "CharLowerA",
3947. "address": "0x476688"
3948. },
3949. {
3950. "name": "CharToOemA",
3951. "address": "0x47668c"
3952. },
3953. {
3954. "name": "AdjustWindowRectEx",
3955. "address": "0x476690"
3956. },
3957. {
3958. "name": "ActivateKeyboardLayout",
3959. "address": "0x476694"
3960. }
3961. ],
3962. "dll": "user32.dll"
3963. },
3964. {
3965. "imports": [
3966. {
3967. "name": "Sleep",
3968. "address": "0x47669c"
3969. }
3970. ],
3971. "dll": "kernel32.dll"
3972. },
3973. {
3974. "imports": [
3975. {
3976. "name": "SafeArrayPtrOfIndex",
3977. "address": "0x4766a4"
3978. },
3979. {
3980. "name": "SafeArrayGetUBound",
3981. "address": "0x4766a8"
3982. },
3983. {
3984. "name": "SafeArrayGetLBound",
3985. "address": "0x4766ac"
3986. },
3987. {
3988. "name": "SafeArrayCreate",
3989. "address": "0x4766b0"
3990. },
3991. {
3992. "name": "VariantChangeType",
3993. "address": "0x4766b4"
3994. },
3995. {
3996. "name": "VariantCopy",
3997. "address": "0x4766b8"
3998. },
3999. {
4000. "name": "VariantClear",
4001. "address": "0x4766bc"
4002. },
4003. {
4004. "name": "VariantInit",
4005. "address": "0x4766c0"
4006. }
4007. ],
4008. "dll": "oleaut32.dll"
4009. },
4010. {
4011. "imports": [
4012. {
4013. "name": "CoTaskMemAlloc",
4014. "address": "0x4766c8"
4015. },
4016. {
4017. "name": "CoCreateInstance",
4018. "address": "0x4766cc"
4019. },
4020. {
4021. "name": "CoUninitialize",
4022. "address": "0x4766d0"
4023. },
4024. {
4025. "name": "CoInitialize",
4026. "address": "0x4766d4"
4027. }
4028. ],
4029. "dll": "ole32.dll"
4030. },
4031. {
4032. "imports": [
4033. {
4034. "name": "ImageList_SetIconSize",
4035. "address": "0x4766dc"
4036. },
4037. {
4038. "name": "ImageList_GetIconSize",
4039. "address": "0x4766e0"
4040. },
4041. {
4042. "name": "ImageList_Write",
4043. "address": "0x4766e4"
4044. },
4045. {
4046. "name": "ImageList_Read",
4047. "address": "0x4766e8"
4048. },
4049. {
4050. "name": "ImageList_GetDragImage",
4051. "address": "0x4766ec"
4052. },
4053. {
4054. "name": "ImageList_DragShowNolock",
4055. "address": "0x4766f0"
4056. },
4057. {
4058. "name": "ImageList_SetDragCursorImage",
4059. "address": "0x4766f4"
4060. },
4061. {
4062. "name": "ImageList_DragMove",
4063. "address": "0x4766f8"
4064. },
4065. {
4066. "name": "ImageList_DragLeave",
4067. "address": "0x4766fc"
4068. },
4069. {
4070. "name": "ImageList_DragEnter",
4071. "address": "0x476700"
4072. },
4073. {
4074. "name": "ImageList_EndDrag",
4075. "address": "0x476704"
4076. },
4077. {
4078. "name": "ImageList_BeginDrag",
4079. "address": "0x476708"
4080. },
4081. {
4082. "name": "ImageList_Remove",
4083. "address": "0x47670c"
4084. },
4085. {
4086. "name": "ImageList_DrawEx",
4087. "address": "0x476710"
4088. },
4089. {
4090. "name": "ImageList_Draw",
4091. "address": "0x476714"
4092. },
4093. {
4094. "name": "ImageList_GetBkColor",
4095. "address": "0x476718"
4096. },
4097. {
4098. "name": "ImageList_SetBkColor",
4099. "address": "0x47671c"
4100. },
4101. {
4102. "name": "ImageList_ReplaceIcon",
4103. "address": "0x476720"
4104. },
4105. {
4106. "name": "ImageList_Add",
4107. "address": "0x476724"
4108. },
4109. {
4110. "name": "ImageList_GetImageCount",
4111. "address": "0x476728"
4112. },
4113. {
4114. "name": "ImageList_Destroy",
4115. "address": "0x47672c"
4116. },
4117. {
4118. "name": "ImageList_Create",
4119. "address": "0x476730"
4120. },
4121. {
4122. "name": "InitCommonControls",
4123. "address": "0x476734"
4124. }
4125. ],
4126. "dll": "comctl32.dll"
4127. },
4128. {
4129. "imports": [
4130. {
4131. "name": "ReplaceTextA",
4132. "address": "0x47673c"
4133. },
4134. {
4135. "name": "FindTextA",
4136. "address": "0x476740"
4137. }
4138. ],
4139. "dll": "comdlg32.dll"
4140. }
4141. ],
4142. "digital_signers": null,
4143. "exported_dll_name": null,
4144. "actual_checksum": "0x000ad73e",
4145. "overlay": null,
4146. "imagebase": "0x00400000",
4147. "reported_checksum": "0x00000000",
4148. "icon_hash": null,
4149. "entrypoint": "0x0046a13c",
4150. "timestamp": "1992-01-04 00:24:27",
4151. "osversion": "4.0",
4152. "sections": [
4153. {
4154. "name": "CODE",
4155. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4156. "virtual_address": "0x00001000",
4157. "size_of_data": "0x00069200",
4158. "entropy": "6.52",
4159. "raw_address": "0x00000400",
4160. "virtual_size": "0x00069184",
4161. "characteristics_raw": "0x60000020"
4162. },
4163. {
4164. "name": "DATA",
4165. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4166. "virtual_address": "0x0006b000",
4167. "size_of_data": "0x00009400",
4168. "entropy": "5.08",
4169. "raw_address": "0x00069600",
4170. "virtual_size": "0x000093d0",
4171. "characteristics_raw": "0xc0000040"
4172. },
4173. {
4174. "name": "BSS",
4175. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4176. "virtual_address": "0x00075000",
4177. "size_of_data": "0x00000000",
4178. "entropy": "0.00",
4179. "raw_address": "0x00072a00",
4180. "virtual_size": "0x00000d09",
4181. "characteristics_raw": "0xc0000000"
4182. },
4183. {
4184. "name": ".idata",
4185. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4186. "virtual_address": "0x00076000",
4187. "size_of_data": "0x00002200",
4188. "entropy": "4.80",
4189. "raw_address": "0x00072a00",
4190. "virtual_size": "0x000020c2",
4191. "characteristics_raw": "0xc0000040"
4192. },
4193. {
4194. "name": ".tls",
4195. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4196. "virtual_address": "0x00079000",
4197. "size_of_data": "0x00000000",
4198. "entropy": "0.00",
4199. "raw_address": "0x00074c00",
4200. "virtual_size": "0x00000010",
4201. "characteristics_raw": "0xc0000000"
4202. },
4203. {
4204. "name": ".rdata",
4205. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4206. "virtual_address": "0x0007a000",
4207. "size_of_data": "0x00000200",
4208. "entropy": "0.21",
4209. "raw_address": "0x00074c00",
4210. "virtual_size": "0x00000018",
4211. "characteristics_raw": "0x50000040"
4212. },
4213. {
4214. "name": ".reloc",
4215. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4216. "virtual_address": "0x0007b000",
4217. "size_of_data": "0x00007c00",
4218. "entropy": "6.63",
4219. "raw_address": "0x00074e00",
4220. "virtual_size": "0x00007ab4",
4221. "characteristics_raw": "0x50000040"
4222. },
4223. {
4224. "name": ".rsrc",
4225. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4226. "virtual_address": "0x00083000",
4227. "size_of_data": "0x0002ba00",
4228. "entropy": "7.16",
4229. "raw_address": "0x0007ca00",
4230. "virtual_size": "0x0002b8e8",
4231. "characteristics_raw": "0x50000040"
4232. }
4233. ],
4234. "resources": [],
4235. "dirents": [
4236. {
4237. "virtual_address": "0x00000000",
4238. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4239. "size": "0x00000000"
4240. },
4241. {
4242. "virtual_address": "0x00076000",
4243. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4244. "size": "0x000020c2"
4245. },
4246. {
4247. "virtual_address": "0x00083000",
4248. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4249. "size": "0x0002b8e8"
4250. },
4251. {
4252. "virtual_address": "0x00000000",
4253. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4254. "size": "0x00000000"
4255. },
4256. {
4257. "virtual_address": "0x00000000",
4258. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4259. "size": "0x00000000"
4260. },
4261. {
4262. "virtual_address": "0x0007b000",
4263. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4264. "size": "0x00007ab4"
4265. },
4266. {
4267. "virtual_address": "0x00000000",
4268. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4269. "size": "0x00000000"
4270. },
4271. {
4272. "virtual_address": "0x00000000",
4273. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4274. "size": "0x00000000"
4275. },
4276. {
4277. "virtual_address": "0x00000000",
4278. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4279. "size": "0x00000000"
4280. },
4281. {
4282. "virtual_address": "0x0007a000",
4283. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4284. "size": "0x00000018"
4285. },
4286. {
4287. "virtual_address": "0x00000000",
4288. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4289. "size": "0x00000000"
4290. },
4291. {
4292. "virtual_address": "0x00000000",
4293. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4294. "size": "0x00000000"
4295. },
4296. {
4297. "virtual_address": "0x00000000",
4298. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4299. "size": "0x00000000"
4300. },
4301. {
4302. "virtual_address": "0x00000000",
4303. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4304. "size": "0x00000000"
4305. },
4306. {
4307. "virtual_address": "0x00000000",
4308. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4309. "size": "0x00000000"
4310. },
4311. {
4312. "virtual_address": "0x00000000",
4313. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4314. "size": "0x00000000"
4315. }
4316. ],
4317. "exports": [],
4318. "guest_signers": {},
4319. "imphash": "b6b2a783bd5c931709bdc68a1624d6e8",
4320. "icon_fuzzy": null,
4321. "icon": null,
4322. "pdbpath": null,
4323. "imported_dll_count": 15,
4324. "versioninfo": []
4325. }
4326. }