Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_f1d4e242.exe"
- [*] File Size: 281088
- [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
- [*] SHA256: "48b5edc78601f342221dd42e12275b626eb44e1944ecc744d97c29daef0cdbc2"
- [*] MD5: "2d2365c01435faa3e698f3687e4dbb79"
- [*] SHA1: "1ac95e5f6b225ffc6547cb36178a429993db5332"
- [*] SHA512: "60892f3338ff28462111dff23e2a551cf317d36e7765c2a7d99944163f160ec8bbb089fcfea5048bbef2fbab7998f9b9a3958abebed1a8d25ee975753238f32e"
- [*] CRC32: "F1D4E242"
- [*] SSDEEP: "6144:VdZMigGhUY8PwX/WWiO47WR+KoYy3XmZq0b/:Vdqig1PwX/WWP9RIYyo"
- [*] Process Execution: [
- "Exes_f1d4e242.exe",
- "services.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "svchost.exe",
- "WMIADAP.exe",
- "lsass.exe",
- "msiexec.exe",
- "GoogleUpdate.exe",
- "svchost.exe",
- "taskhost.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "216.58.193.195:443"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "Exes_f1d4e242.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
- "Details": [
- {
- "ioc": "http://crl.globalsign.net/root-r2.crl0"
- }
- ]
- },
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
- },
- {
- "suspicious_request": "http://checkip.amazonaws.com/"
- },
- {
- "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://checkip.amazonaws.com/"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe"
- }
- ]
- },
- {
- "Description": "Anomalous .NET characteristics",
- "Details": [
- {
- "anomalous_version": "Assembly version is set to 0"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 16322361 times"
- }
- ]
- },
- {
- "Description": "Steals private information from local Internet browsers",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- }
- ]
- },
- {
- "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
- "Details": []
- },
- {
- "Description": "File has been identified by 35 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.Razy.490164"
- },
- {
- "FireEye": "Generic.mg.2d2365c01435faa3"
- },
- {
- "McAfee": "GenericRXHT-KJ!2D2365C01435"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Arcabit": "Trojan.Razy.D77AB4"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "Symantec": "ML.Attribute.HighConfidence"
- },
- {
- "APEX": "Malicious"
- },
- {
- "ClamAV": "Win.Malware.Razy-6952874-0"
- },
- {
- "Kaspersky": "Trojan-Spy.MSIL.Agent.tfqt"
- },
- {
- "BitDefender": "Gen:Variant.Razy.490164"
- },
- {
- "Ad-Aware": "Gen:Variant.Razy.490164"
- },
- {
- "Emsisoft": "Gen:Variant.Razy.490164 (B)"
- },
- {
- "F-Secure": "Trojan.TR/Spy.Agent.lkofd"
- },
- {
- "DrWeb": "Trojan.PWS.Stealer.19347"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.dh"
- },
- {
- "Trapmine": "malicious.moderate.ml.score"
- },
- {
- "Ikarus": "Trojan-Spy.Keylogger.AgentTesla"
- },
- {
- "ESET-NOD32": "a variant of MSIL/Spy.Agent.AES"
- },
- {
- "Avira": "TR/Spy.Agent.lkofd"
- },
- {
- "Microsoft": "PWS:Win32/AgentTesla.YB!MTB"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "ZoneAlarm": "Trojan-Spy.MSIL.Agent.tfqt"
- },
- {
- "GData": "Gen:Variant.Razy.490164"
- },
- {
- "VBA32": "TScope.Trojan.MSIL"
- },
- {
- "ALYac": "Gen:Variant.Razy.490164"
- },
- {
- "MAX": "malware (ai score=84)"
- },
- {
- "Malwarebytes": "Spyware.PasswordStealer.MSIL.Generic"
- },
- {
- "Rising": "Spyware.AgentTesla!1.B864 (CLASSIC)"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Fortinet": "MSIL/Stealer.AGI!tr"
- },
- {
- "AVG": "MSIL:IELib-A [Trj]"
- },
- {
- "Cybereason": "malicious.01435f"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "HEUR/QVM03.0.CED3.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details": []
- },
- {
- "Description": "Harvests credentials from local FTP client softwares",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
- },
- {
- "file": "C:\\cftp\\Ftplist.txt"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
- }
- ]
- },
- {
- "Description": "Harvests information related to installed mail clients",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
- }
- ]
- },
- {
- "Description": "Collects information to fingerprint the system",
- "Details": []
- }
- ]
- [*] Started Service: [
- "VaultSvc",
- "msiserver",
- "gupdate"
- ]
- [*] Executed Commands: [
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
- "C:\\Windows\\system32\\lsass.exe",
- "C:\\Windows\\system32\\msiexec.exe /V",
- "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /svc",
- "C:\\Windows\\System32\\svchost.exe -k netsvcs"
- ]
- [*] Mutexes: [
- "Global\\CLR_CASOFF_MUTEX",
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
- "Global\\.net clr networking",
- "Global\\_MSIExecute",
- "Global\\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}",
- "Global\\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}",
- "Global\\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}",
- "Global\\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}",
- "Global\\ADAP_WMI_ENTRY"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
- "\\??\\PIPE\\samr",
- "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
- "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
- "\\??\\WMIDataDevice",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
- "C:\\Windows\\Installer\\4d5899.msi",
- "C:\\Windows\\Installer\\4d589a.msi",
- "\\??\\PIPE\\wkssvc",
- "\\??\\pipe\\GoogleCrashServices\\S-1-5-18",
- "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat",
- "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat"
- ]
- [*] Deleted Files: [
- "C:\\Windows\\Installer\\4d5899.msi",
- "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}\\GoogleUpdateSetup.exe",
- "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}"
- ]
- [*] Modified Registry Keys: [
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\EnableFileTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\EnableConsoleTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\FileTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\ConsoleTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\MaxFileSize",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_f1d4e242_RASAPI32\\FileDirectory",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msiserver\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gupdate\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Type",
- "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}\\PersistedPingString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}\\PersistedPingTime",
- "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\pv",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\pv",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000_CLASSES\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\proxy\\source",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\RollCallDayStartSec",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\DayOfLastRollCall",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\ping_freshness",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\(Default)",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\hint",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\name",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\LastCheckSuccess",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ActivePingDayStartSec",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\RollCallDayStartSec",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastActivity",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastRollCall",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ping_freshness",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\(Default)",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\hint",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\name",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableCount",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableSince",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\LastChecked",
- "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{A4C39F19-AC6A-4AF4-9EF9-212DF42F10D1}",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{A4C39F19-AC6A-4AF4-9EF9-212DF42F10D1}\\PersistedPingString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{A4C39F19-AC6A-4AF4-9EF9-212DF42F10D1}\\PersistedPingTime",
- "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadTimeRemainingMs",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadProgressPercent",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\StateValue",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Performance\\PerfMMFileName",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\uid",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\old-uid",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\tttoken",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableCount",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableSince",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\tttoken"
- ]
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "checkip.amazonaws.com",
- "answers": [
- {
- "data": "52.206.161.133",
- "type": "A"
- },
- {
- "data": "52.200.125.74",
- "type": "A"
- },
- {
- "data": "checkip.check-ip.aws.a2z.com",
- "type": "CNAME"
- },
- {
- "data": "52.6.79.229",
- "type": "A"
- },
- {
- "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
- "type": "CNAME"
- },
- {
- "data": "34.233.102.38",
- "type": "A"
- },
- {
- "data": "52.202.139.131",
- "type": "A"
- },
- {
- "data": "18.211.215.84",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "18.211.215.84",
- "domain": "checkip.amazonaws.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://checkip.amazonaws.com/",
- "user-agent": "",
- "method": "GET",
- "host": "checkip.amazonaws.com",
- "version": "1.1",
- "path": "/",
- "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://checkip.amazonaws.com/",
- "user-agent": "",
- "method": "GET",
- "host": "checkip.amazonaws.com",
- "version": "1.1",
- "path": "/",
- "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "0.0.0.0",
- "name": "SDIRHJLUZXOVXTKUOOBHSEMYYCCSWXREPFLGTZKB_20190612012740816"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "8.0.0.0",
- "name": "Microsoft.VisualBasic"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Management"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Security"
- }
- ],
- "typerefs": [
- {
- "typename": "Microsoft.VisualBasic.AppWinStyle",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.User",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompareMethod",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Conversion",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Computer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Keyboard",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.FileAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.FileSystem",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Information",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Interaction",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenAccess",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenShare",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Strings",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.DefaultValueAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.FileVersionInfo",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.Process",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessModule",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessStartInfo",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessWindowStyle",
- "assembly": "System"
- },
- {
- "typename": "System.Net.CredentialCache",
- "assembly": "System"
- },
- {
- "typename": "System.Net.FtpWebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.HttpWebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.ICredentials",
- "assembly": "System"
- },
- {
- "typename": "System.Net.ICredentialsByHost",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.Attachment",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.AttachmentCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.MailAddress",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.MailMessage",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.SmtpClient",
- "assembly": "System"
- },
- {
- "typename": "System.Net.NetworkCredential",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebClient",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebResponse",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Capture",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Group",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.GroupCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Match",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.MatchCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Regex",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.ElapsedEventArgs",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.ElapsedEventHandler",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.Timer",
- "assembly": "System"
- },
- {
- "typename": "System.Uri",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Bitmap",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Graphics",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Image",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.Encoder",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.EncoderParameter",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.EncoderParameters",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.ImageCodecInfo",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.ImageFormat",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Rectangle",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Management.ManagementBaseObject",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementClass",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObject",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectCollection",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectSearcher",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.PropertyData",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.PropertyDataCollection",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Security.Cryptography.DataProtectionScope",
- "assembly": "System.Security"
- },
- {
- "typename": "System.Security.Cryptography.ProtectedData",
- "assembly": "System.Security"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CreateParams",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Keys",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Message",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.MouseButtons",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.NativeWindow",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Screen",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.SystemInformation",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "Microsoft.Win32.Registry",
- "assembly": "mscorlib"
- },
- {
- "typename": "Microsoft.Win32.RegistryKey",
- "assembly": "mscorlib"
- },
- {
- "typename": "Microsoft.Win32.RegistryValueKind",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentOutOfRangeException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.AsyncCallback",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BitConverter",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Boolean",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Buffer",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Char",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.KeyValuePair`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ObjectModel.Collection`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Convert",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.DateTime",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Decimal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Double",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Enum",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment/SpecialFolder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Exception",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.FlagsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.NumberStyles",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Guid",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IAsyncResult",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IFormatProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.BinaryReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Directory",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DirectoryInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DriveInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DriveType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.File",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileAttributes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileSystemInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Path",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SearchOption",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int16",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int64",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IntPtr",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Math",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.MulticastDelegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.OperatingSystem",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.FieldInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.MethodBase",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.MethodInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Module",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.Cer",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.Consistency",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.Marshal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.SafeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeFieldHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.AceFlags",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.AceQualifier",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.CommonAce",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.GenericAce",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.RawAcl",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.RawSecurityDescriptor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.CipherMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HMACSHA1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HashAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.ICryptoTransform",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.PaddingMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.Rijndael",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SymmetricAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDES",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.SecurityIdentifier",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WellKnownSidType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsBuiltInRole",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsIdentity",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsPrincipal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.String",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.StringComparison",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Decoder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.StringBuilder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.UTF8Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ThreadStaticAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Mutex",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.UInt32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.UInt64",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ValueType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Version",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0004a07f",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x0044608e",
- "timestamp": "2019-06-11 22:27:40",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00044200",
- "entropy": "6.60",
- "raw_address": "0x00000200",
- "virtual_size": "0x00044094",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00048000",
- "size_of_data": "0x00000400",
- "entropy": "2.97",
- "raw_address": "0x00044400",
- "virtual_size": "0x00000370",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0004a000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00044800",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00046038",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000053"
- },
- {
- "virtual_address": "0x00048000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000370"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0004a000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.IsProcessorFeaturePresent",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll._CorExeMain",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "ole32.dll.CoInitializeEx",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetFullPathNameW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "mscorjit.dll.getJit",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetUserDefaultUILanguage",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "bcrypt.dll.BCryptGetFipsAlgorithmMode",
- "kernel32.dll.GetEnvironmentVariableW",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptCreateHash",
- "ole32.dll.CreateBindCtx",
- "ole32.dll.CoGetObjectContext",
- "sechost.dll.LookupAccountNameLocalW",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "cryptsp.dll.CryptGenRandom",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "ole32.dll.MkParseDisplayName",
- "oleaut32.dll.#2",
- "oleaut32.dll.#6",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.LocaleNameToLCID",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.LCIDToLocaleName",
- "kernel32.dll.GetSystemDefaultLocaleName",
- "ole32.dll.BindMoniker",
- "sxs.dll.SxsOleAut32RedirectTypeLibrary",
- "advapi32.dll.RegOpenKeyW",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.RegQueryValueW",
- "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
- "sxs.dll.SxsLookupClrGuid",
- "kernel32.dll.ReleaseActCtx",
- "oleaut32.dll.#9",
- "oleaut32.dll.#4",
- "oleaut32.dll.#283",
- "oleaut32.dll.#284",
- "mscoree.dll.GetTokenForVTableEntry",
- "mscoree.dll.SetTargetForVTableEntry",
- "mscoree.dll.GetTargetForVTableEntry",
- "kernel32.dll.GetLastError",
- "kernel32.dll.LocalAlloc",
- "oleaut32.dll.VariantInit",
- "oleaut32.dll.VariantClear",
- "oleaut32.dll.#7",
- "kernel32.dll.CreateEventW",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.SwitchToThread",
- "kernel32.dll.SetEvent",
- "ole32.dll.CoWaitForMultipleHandles",
- "ole32.dll.IIDFromString",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.GetProcAddress",
- "wminet_utils.dll.ResetSecurity",
- "wminet_utils.dll.SetSecurity",
- "wminet_utils.dll.BlessIWbemServices",
- "wminet_utils.dll.BlessIWbemServicesObject",
- "wminet_utils.dll.GetPropertyHandle",
- "wminet_utils.dll.WritePropertyValue",
- "wminet_utils.dll.Clone",
- "wminet_utils.dll.VerifyClientKey",
- "wminet_utils.dll.GetQualifierSet",
- "wminet_utils.dll.Get",
- "wminet_utils.dll.Put",
- "wminet_utils.dll.Delete",
- "wminet_utils.dll.GetNames",
- "wminet_utils.dll.BeginEnumeration",
- "wminet_utils.dll.Next",
- "wminet_utils.dll.EndEnumeration",
- "wminet_utils.dll.GetPropertyQualifierSet",
- "wminet_utils.dll.GetObjectText",
- "wminet_utils.dll.SpawnDerivedClass",
- "wminet_utils.dll.SpawnInstance",
- "wminet_utils.dll.CompareTo",
- "wminet_utils.dll.GetPropertyOrigin",
- "wminet_utils.dll.InheritsFrom",
- "wminet_utils.dll.GetMethod",
- "wminet_utils.dll.PutMethod",
- "wminet_utils.dll.DeleteMethod",
- "wminet_utils.dll.BeginMethodEnumeration",
- "wminet_utils.dll.NextMethod",
- "wminet_utils.dll.EndMethodEnumeration",
- "wminet_utils.dll.GetMethodQualifierSet",
- "wminet_utils.dll.GetMethodOrigin",
- "wminet_utils.dll.QualifierSet_Get",
- "wminet_utils.dll.QualifierSet_Put",
- "wminet_utils.dll.QualifierSet_Delete",
- "wminet_utils.dll.QualifierSet_GetNames",
- "wminet_utils.dll.QualifierSet_BeginEnumeration",
- "wminet_utils.dll.QualifierSet_Next",
- "wminet_utils.dll.QualifierSet_EndEnumeration",
- "wminet_utils.dll.GetCurrentApartmentType",
- "wminet_utils.dll.GetDemultiplexedStub",
- "wminet_utils.dll.CreateInstanceEnumWmi",
- "wminet_utils.dll.CreateClassEnumWmi",
- "wminet_utils.dll.ExecQueryWmi",
- "wminet_utils.dll.ExecNotificationQueryWmi",
- "wminet_utils.dll.PutInstanceWmi",
- "wminet_utils.dll.PutClassWmi",
- "wminet_utils.dll.CloneEnumWbemClassObject",
- "wminet_utils.dll.ConnectServerWmi",
- "ole32.dll.CoUninitialize",
- "oleaut32.dll.#500",
- "oleaut32.dll.SysStringLen",
- "kernel32.dll.RtlZeroMemory",
- "kernel32.dll.RegOpenKeyExW",
- "advapi32.dll.GetUserNameW",
- "kernel32.dll.GetComputerNameW",
- "kernel32.dll.GetModuleHandleW",
- "user32.dll.DefWindowProcW",
- "gdi32.dll.GetStockObject",
- "user32.dll.RegisterClassW",
- "user32.dll.CreateWindowExW",
- "user32.dll.SetWindowLongW",
- "user32.dll.GetWindowLongW",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.GetCurrentThreadId",
- "user32.dll.CallWindowProcW",
- "user32.dll.RegisterWindowMessageW",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "kernel32.dll.GetCurrentProcessId",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "ntdll.dll.NtQuerySystemInformation",
- "kernel32.dll.CreateIoCompletionPort",
- "kernel32.dll.PostQueuedCompletionStatus",
- "ntdll.dll.NtQueryInformationThread",
- "ntdll.dll.NtGetCurrentProcessorNumber",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetACP",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "oleaut32.dll.#204",
- "oleaut32.dll.#203",
- "culture.dll.ConvertLangIdToCultureName",
- "mlang.dll.#112",
- "wininet.dll.FindFirstUrlCacheEntryA",
- "kernel32.dll.SetFileInformationByHandle",
- "urlmon.dll.CreateUri",
- "kernel32.dll.InitializeSRWLock",
- "kernel32.dll.AcquireSRWLockExclusive",
- "kernel32.dll.AcquireSRWLockShared",
- "kernel32.dll.ReleaseSRWLockExclusive",
- "kernel32.dll.ReleaseSRWLockShared",
- "wininet.dll.FindNextUrlCacheEntryA",
- "urlmon.dll.CreateIUriBuilder",
- "urlmon.dll.IntlPercentEncodeNormalize",
- "wininet.dll.FindCloseUrlCache",
- "cryptsp.dll.CryptAcquireContextA",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptReleaseContext",
- "vaultcli.dll.VaultEnumerateVaults",
- "kernel32.dll.GetSystemTimeAsFileTime",
- "user32.dll.GetLastInputInfo",
- "ole32.dll.CLSIDFromProgIDEx",
- "oleaut32.dll.#201",
- "user32.dll.GetSystemMetrics",
- "user32.dll.GetClientRect",
- "user32.dll.GetWindowRect",
- "user32.dll.GetParent",
- "ole32.dll.OleInitialize",
- "ole32.dll.CoRegisterMessageFilter",
- "user32.dll.PeekMessageW",
- "user32.dll.WaitMessage",
- "mscoree.dll.ND_RI2",
- "rasapi32.dll.RasEnumConnectionsW",
- "rtutils.dll.TraceRegisterExA",
- "rtutils.dll.TracePrintfExA",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.QueryServiceStatus",
- "sechost.dll.CloseServiceHandle",
- "ws2_32.dll.WSAStartup",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.setsockopt",
- "ws2_32.dll.WSAEventSelect",
- "ws2_32.dll.ioctlsocket",
- "ws2_32.dll.closesocket",
- "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "kernel32.dll.LocalFree",
- "kernel32.dll.CreateFileMappingW",
- "kernel32.dll.MapViewOfFile",
- "kernel32.dll.VirtualQuery",
- "kernel32.dll.ReleaseMutex",
- "advapi32.dll.CreateWellKnownSid",
- "kernel32.dll.CreateMutexW",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.OpenMutexW",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.GetProcessTimes",
- "ws2_32.dll.WSAIoctl",
- "kernel32.dll.FormatMessageW",
- "rasapi32.dll.RasConnectionNotificationW",
- "advapi32.dll.RegOpenCurrentUser",
- "advapi32.dll.RegNotifyChangeKeyValue",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "sechost.dll.NotifyServiceStatusChangeA",
- "iphlpapi.dll.GetNetworkParams",
- "dnsapi.dll.DnsQueryConfig",
- "iphlpapi.dll.GetAdaptersAddresses",
- "kernel32.dll.ResetEvent",
- "iphlpapi.dll.GetIpInterfaceEntry",
- "iphlpapi.dll.GetBestInterfaceEx",
- "ws2_32.dll.inet_addr",
- "ws2_32.dll.getaddrinfo",
- "ws2_32.dll.freeaddrinfo",
- "ws2_32.dll.WSAConnect",
- "ws2_32.dll.send",
- "ws2_32.dll.recv",
- "ws2_32.dll.select",
- "ws2_32.dll.shutdown",
- "vssapi.dll.CreateWriter",
- "advapi32.dll.LookupAccountNameW",
- "samcli.dll.NetLocalGroupGetMembers",
- "samlib.dll.SamConnect",
- "rpcrt4.dll.NdrClientCall3",
- "rpcrt4.dll.RpcStringBindingComposeW",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcStringFreeW",
- "rpcrt4.dll.RpcBindingFree",
- "samlib.dll.SamOpenDomain",
- "samlib.dll.SamLookupNamesInDomain",
- "samlib.dll.SamOpenAlias",
- "samlib.dll.SamFreeMemory",
- "samlib.dll.SamCloseHandle",
- "samlib.dll.SamGetMembersInAlias",
- "netutils.dll.NetApiBufferFree",
- "ole32.dll.CoCreateGuid",
- "ole32.dll.StringFromCLSID",
- "propsys.dll.VariantToPropVariant",
- "wbemcore.dll.Reinitialize",
- "wbemsvc.dll.DllGetClassObject",
- "wbemsvc.dll.DllCanUnloadNow",
- "authz.dll.AuthzInitializeContextFromToken",
- "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
- "authz.dll.AuthzAccessCheck",
- "authz.dll.AuthzFreeAuditEvent",
- "authz.dll.AuthzFreeContext",
- "authz.dll.AuthzInitializeResourceManager",
- "authz.dll.AuthzFreeResourceManager",
- "rpcrt4.dll.RpcBindingCreateW",
- "rpcrt4.dll.RpcBindingBind",
- "rpcrt4.dll.I_RpcMapWin32Status",
- "advapi32.dll.EventRegister",
- "advapi32.dll.EventUnregister",
- "advapi32.dll.EventWrite",
- "kernel32.dll.RegCloseKey",
- "kernel32.dll.RegSetValueExW",
- "kernel32.dll.RegQueryValueExW",
- "wmisvc.dll.IsImproperShutdownDetected",
- "wevtapi.dll.EvtRender",
- "wevtapi.dll.EvtNext",
- "wevtapi.dll.EvtClose",
- "wevtapi.dll.EvtQuery",
- "wevtapi.dll.EvtCreateRenderContext",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.RpcBindingSetOption",
- "ole32.dll.CoCreateFreeThreadedMarshaler",
- "ole32.dll.CreateStreamOnHGlobal",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.RegSetValueExW",
- "kernelbase.dll.InitializeAcl",
- "kernelbase.dll.AddAce",
- "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "kernel32.dll.IsThreadAFiber",
- "kernel32.dll.OpenProcessToken",
- "kernelbase.dll.GetTokenInformation",
- "kernelbase.dll.DuplicateTokenEx",
- "kernelbase.dll.AdjustTokenPrivileges",
- "kernelbase.dll.AllocateAndInitializeSid",
- "kernelbase.dll.CheckTokenMembership",
- "kernel32.dll.SetThreadToken",
- "ole32.dll.CLSIDFromString",
- "oleaut32.dll.#285",
- "oleaut32.dll.#12",
- "oleaut32.dll.#286",
- "oleaut32.dll.#17",
- "oleaut32.dll.#20",
- "oleaut32.dll.#19",
- "oleaut32.dll.#25",
- "authz.dll.AuthzInitializeContextFromSid",
- "ole32.dll.CoRevertToSelf",
- "advapi32.dll.LogonUserExExW",
- "sspicli.dll.LogonUserExExW",
- "ole32.dll.CoGetCallContext",
- "ole32.dll.CoImpersonateClient",
- "advapi32.dll.OpenThreadToken",
- "oleaut32.dll.#8",
- "ole32.dll.CoSwitchCallContext",
- "oleaut32.dll.#287",
- "oleaut32.dll.#288",
- "oleaut32.dll.#289",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "ntmarta.dll.GetMartaExtensionInterface",
- "fastprox.dll.DllGetClassObject",
- "fastprox.dll.DllCanUnloadNow",
- "oleaut32.dll.#290",
- "wmi.dll.WmiQueryAllDataW",
- "wmi.dll.WmiQuerySingleInstanceW",
- "wmi.dll.WmiSetSingleItemW",
- "wmi.dll.WmiSetSingleInstanceW",
- "wmi.dll.WmiExecuteMethodW",
- "wmi.dll.WmiNotificationRegistrationW",
- "wmi.dll.WmiMofEnumerateResourcesW",
- "wmi.dll.WmiFileHandleToInstanceNameW",
- "wmi.dll.WmiDevInstToInstanceNameW",
- "wmi.dll.WmiQueryGuidInformation",
- "wmi.dll.WmiOpenBlock",
- "wmi.dll.WmiCloseBlock",
- "wmi.dll.WmiFreeBuffer",
- "wmi.dll.WmiEnumerateGuids",
- "lpk.dll.LpkEditControl",
- "comctl32.dll.InitCommonControlsEx",
- "kernel32.dll.HeapSetInformation",
- "advapi32.dll.CheckTokenMembership",
- "ole32.dll.CoInitializeSecurity",
- "kernel32.dll.CreateWaitableTimerW",
- "kernel32.dll.SetWaitableTimer",
- "ole32.dll.CLSIDFromOle1Class",
- "clbcatq.dll.GetCatalogObject",
- "clbcatq.dll.GetCatalogObject2",
- "msi.dll.QueryInstanceCount",
- "kernel32.dll.CancelWaitableTimer",
- "msi.dll.DllGetClassObject",
- "msi.dll.DllCanUnloadNow",
- "rpcrt4.dll.I_RpcBindingInqLocalClientPID",
- "userenv.dll.CreateEnvironmentBlock",
- "userenv.dll.DestroyEnvironmentBlock",
- "ntdll.dll.WinSqmIsOptedIn",
- "kernel32.dll.WTSGetActiveConsoleSessionId",
- "ole32.dll.CoInitialize",
- "netapi32.dll.NetGetJoinInformation",
- "netapi32.dll.NetApiBufferFree",
- "ole32.dll.StgOpenStorage",
- "ole32.dll.CoGetMalloc",
- "advapi32.dll.SaferCreateLevel",
- "advapi32.dll.SaferCloseLevel",
- "apphelp.dll.SdbInitDatabase",
- "apphelp.dll.SdbFindFirstMsiPackage_Str",
- "apphelp.dll.SdbReleaseDatabase",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "kernel32.dll.SetThreadExecutionState",
- "sfc.dll.SfcIsKeyProtected",
- "kernel32.dll.LCMapStringEx",
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.InitOnceExecuteOnce",
- "kernel32.dll.CreateEventExW",
- "kernel32.dll.CreateSemaphoreW",
- "kernel32.dll.CreateSemaphoreExW",
- "kernel32.dll.CreateThreadpoolTimer",
- "kernel32.dll.SetThreadpoolTimer",
- "kernel32.dll.WaitForThreadpoolTimerCallbacks",
- "kernel32.dll.CloseThreadpoolTimer",
- "kernel32.dll.CreateThreadpoolWait",
- "kernel32.dll.SetThreadpoolWait",
- "kernel32.dll.CloseThreadpoolWait",
- "kernel32.dll.FreeLibraryWhenCallbackReturns",
- "kernel32.dll.GetCurrentProcessorNumber",
- "kernel32.dll.CreateSymbolicLinkW",
- "kernel32.dll.GetTickCount64",
- "kernel32.dll.GetFileInformationByHandleEx",
- "kernel32.dll.InitializeConditionVariable",
- "kernel32.dll.WakeConditionVariable",
- "kernel32.dll.WakeAllConditionVariable",
- "kernel32.dll.SleepConditionVariableCS",
- "kernel32.dll.TryAcquireSRWLockExclusive",
- "kernel32.dll.SleepConditionVariableSRW",
- "kernel32.dll.CreateThreadpoolWork",
- "kernel32.dll.SubmitThreadpoolWork",
- "kernel32.dll.CloseThreadpoolWork",
- "kernel32.dll.CompareStringEx",
- "goopdate.dll.DllEntry",
- "kernel32.dll.RtlCaptureStackBackTrace",
- "wkscli.dll.NetWkstaGetInfo",
- "cscapi.dll.CscNetApiGetInterface",
- "kernel32.dll.CreateMutexExW",
- "dbghelp.dll.MiniDumpWriteDump",
- "rpcrt4.dll.UuidCreate",
- "psmachine.dll.DllGetClassObject",
- "psmachine.dll.DllCanUnloadNow",
- "ntdll.dll.RtlGetVersion",
- "kernel32.dll.GetNativeSystemInfo",
- "winhttp.dll.WinHttpAddRequestHeaders",
- "winhttp.dll.WinHttpCheckPlatform",
- "winhttp.dll.WinHttpCloseHandle",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpCrackUrl",
- "winhttp.dll.WinHttpCreateUrl",
- "winhttp.dll.WinHttpDetectAutoProxyConfigUrl",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpGetProxyForUrl",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpQueryAuthSchemes",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpQueryHeaders",
- "winhttp.dll.WinHttpQueryOption",
- "winhttp.dll.WinHttpReadData",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpSendRequest",
- "winhttp.dll.WinHttpSetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpSetCredentials",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpSetStatusCallback",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpWriteData",
- "shlwapi.dll.StrCmpNW",
- "shlwapi.dll.#153",
- "ws2_32.dll.GetAddrInfoW",
- "ws2_32.dll.#2",
- "ws2_32.dll.#21",
- "ws2_32.dll.#9",
- "ws2_32.dll.FreeAddrInfoW",
- "ws2_32.dll.#6",
- "ws2_32.dll.#5",
- "schannel.dll.SpUserModeInitialize",
- "ws2_32.dll.WSASend",
- "ws2_32.dll.WSARecv",
- "advapi32.dll.RevertToSelf",
- "secur32.dll.FreeContextBuffer",
- "ncrypt.dll.SslOpenProvider",
- "ncrypt.dll.GetSChannelInterface",
- "bcryptprimitives.dll.GetHashInterface",
- "ncrypt.dll.SslIncrementProviderReferenceCount",
- "ncrypt.dll.SslImportKey",
- "bcryptprimitives.dll.GetCipherInterface",
- "ncrypt.dll.SslLookupCipherSuiteInfo",
- "user32.dll.LoadStringW",
- "ncrypt.dll.BCryptOpenAlgorithmProvider",
- "ncrypt.dll.BCryptGetProperty",
- "ncrypt.dll.BCryptCreateHash",
- "ncrypt.dll.BCryptHashData",
- "ncrypt.dll.BCryptFinishHash",
- "ncrypt.dll.BCryptDestroyHash",
- "crypt32.dll.CertGetCertificateChain",
- "userenv.dll.GetUserProfileDirectoryW",
- "sechost.dll.ConvertSidToStringSidW",
- "sechost.dll.ConvertStringSidToSidW",
- "userenv.dll.RegisterGPNotification",
- "gpapi.dll.RegisterGPNotificationInternal",
- "sechost.dll.QueryServiceConfigW",
- "winsta.dll.WinStationRegisterNotificationEvent",
- "rpcrt4.dll.RpcAsyncInitializeHandle",
- "rpcrt4.dll.NdrClientCall2",
- "rpcrt4.dll.NdrAsyncClientCall",
- "cryptsp.dll.CryptVerifySignatureA",
- "cryptsp.dll.CryptDestroyKey",
- "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
- "ncrypt.dll.BCryptImportKeyPair",
- "ncrypt.dll.BCryptVerifySignature",
- "ncrypt.dll.BCryptDestroyKey",
- "crypt32.dll.CertVerifyCertificateChainPolicy",
- "crypt32.dll.CertFreeCertificateChain",
- "crypt32.dll.CertDuplicateCertificateContext",
- "ncrypt.dll.SslEncryptPacket",
- "ncrypt.dll.SslDecryptPacket",
- "winsta.dll.WinStationEnumerateW",
- "rpcrt4.dll.I_RpcExceptionFilter",
- "winsta.dll.WinStationFreeMemory",
- "winsta.dll.WinStationQueryInformationW",
- "qmgr.dll.ServiceMain",
- "advapi32.dll.SetEntriesInAclW",
- "ws2_32.dll.#115",
- "ws2_32.dll.#111",
- "bitsigd.dll.InitializeEx",
- "upnp.dll.DllGetClassObject",
- "upnp.dll.DllCanUnloadNow",
- "rpcrt4.dll.RpcStringBindingComposeA",
- "rpcrt4.dll.RpcBindingFromStringBindingA",
- "rpcrt4.dll.RpcStringFreeA",
- "oleaut32.dll.DllGetClassObject",
- "oleaut32.dll.DllCanUnloadNow",
- "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
- "oleaut32.dll.BSTR_UserSize",
- "oleaut32.dll.BSTR_UserMarshal",
- "oleaut32.dll.BSTR_UserUnmarshal",
- "oleaut32.dll.BSTR_UserFree",
- "oleaut32.dll.VARIANT_UserSize",
- "oleaut32.dll.VARIANT_UserMarshal",
- "oleaut32.dll.VARIANT_UserUnmarshal",
- "oleaut32.dll.VARIANT_UserFree",
- "oleaut32.dll.LPSAFEARRAY_UserSize",
- "oleaut32.dll.LPSAFEARRAY_UserMarshal",
- "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
- "oleaut32.dll.LPSAFEARRAY_UserFree",
- "advapi32.dll.LogonUserW",
- "wtsapi32.dll.WTSQueryUserToken",
- "wtsapi32.dll.WTSEnumerateSessionsW",
- "wtsapi32.dll.WTSFreeMemory",
- "advapi32.dll.QueryAllTracesW",
- "samlib.dll.SamEnumerateDomainsInSamServer",
- "samlib.dll.SamLookupDomainInSamServer",
- "ole32.dll.CoRegisterClassObject",
- "rpcrt4.dll.UuidFromStringW",
- "radarrs.dll.WdiDiagnosticModuleMain",
- "radarrs.dll.WdiHandleInstance",
- "radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion",
- "advapi32.dll.RegGetValueW",
- "advapi32.dll.DuplicateToken"
- ]
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "0.0.0.0",
- "name": "SDIRHJLUZXOVXTKUOOBHSEMYYCCSWXREPFLGTZKB_20190612012740816"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "8.0.0.0",
- "name": "Microsoft.VisualBasic"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Management"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Security"
- }
- ],
- "typerefs": [
- {
- "typename": "Microsoft.VisualBasic.AppWinStyle",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.User",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompareMethod",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Conversion",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Computer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Keyboard",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.FileAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.FileSystem",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Information",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Interaction",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenAccess",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.OpenShare",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Strings",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.DefaultValueAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.FileVersionInfo",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.Process",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessModule",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessStartInfo",
- "assembly": "System"
- },
- {
- "typename": "System.Diagnostics.ProcessWindowStyle",
- "assembly": "System"
- },
- {
- "typename": "System.Net.CredentialCache",
- "assembly": "System"
- },
- {
- "typename": "System.Net.FtpWebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.HttpWebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.ICredentials",
- "assembly": "System"
- },
- {
- "typename": "System.Net.ICredentialsByHost",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.Attachment",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.AttachmentCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.MailAddress",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.MailMessage",
- "assembly": "System"
- },
- {
- "typename": "System.Net.Mail.SmtpClient",
- "assembly": "System"
- },
- {
- "typename": "System.Net.NetworkCredential",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebClient",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebRequest",
- "assembly": "System"
- },
- {
- "typename": "System.Net.WebResponse",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Capture",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Group",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.GroupCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Match",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.MatchCollection",
- "assembly": "System"
- },
- {
- "typename": "System.Text.RegularExpressions.Regex",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.ElapsedEventArgs",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.ElapsedEventHandler",
- "assembly": "System"
- },
- {
- "typename": "System.Timers.Timer",
- "assembly": "System"
- },
- {
- "typename": "System.Uri",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Bitmap",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Graphics",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Image",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.Encoder",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.EncoderParameter",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.EncoderParameters",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.ImageCodecInfo",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Imaging.ImageFormat",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Rectangle",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Management.ManagementBaseObject",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementClass",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObject",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectCollection",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.ManagementObjectSearcher",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.PropertyData",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Management.PropertyDataCollection",
- "assembly": "System.Management"
- },
- {
- "typename": "System.Security.Cryptography.DataProtectionScope",
- "assembly": "System.Security"
- },
- {
- "typename": "System.Security.Cryptography.ProtectedData",
- "assembly": "System.Security"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CreateParams",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Keys",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Message",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.MouseButtons",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.NativeWindow",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Screen",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.SystemInformation",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "Microsoft.Win32.Registry",
- "assembly": "mscorlib"
- },
- {
- "typename": "Microsoft.Win32.RegistryKey",
- "assembly": "mscorlib"
- },
- {
- "typename": "Microsoft.Win32.RegistryValueKind",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentOutOfRangeException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.AsyncCallback",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BitConverter",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Boolean",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Buffer",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Char",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.KeyValuePair`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ObjectModel.Collection`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Convert",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.DateTime",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Decimal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Double",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Enum",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment/SpecialFolder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Exception",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.FlagsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.NumberStyles",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Guid",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IAsyncResult",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IFormatProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.BinaryReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Directory",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DirectoryInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DriveInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.DriveType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.File",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileAttributes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.FileSystemInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Path",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SearchOption",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int16",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int64",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IntPtr",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Math",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.MulticastDelegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.OperatingSystem",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.FieldInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.MethodBase",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.MethodInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Module",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.Cer",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.Consistency",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.Marshal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.SafeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeFieldHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.AceFlags",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.AceQualifier",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.CommonAce",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.GenericAce",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.RawAcl",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.AccessControl.RawSecurityDescriptor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.CipherMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HMACSHA1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HashAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.ICryptoTransform",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.PaddingMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.Rijndael",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SymmetricAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDES",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.SecurityIdentifier",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WellKnownSidType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsBuiltInRole",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsIdentity",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Principal.WindowsPrincipal",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.String",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.StringComparison",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Decoder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.StringBuilder",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.UTF8Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ThreadStaticAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Mutex",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.UInt32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.UInt64",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ValueType",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Version",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0004a07f",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x0044608e",
- "timestamp": "2019-06-11 22:27:40",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00044200",
- "entropy": "6.60",
- "raw_address": "0x00000200",
- "virtual_size": "0x00044094",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00048000",
- "size_of_data": "0x00000400",
- "entropy": "2.97",
- "raw_address": "0x00044400",
- "virtual_size": "0x00000370",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0004a000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00044800",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00046038",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000053"
- },
- {
- "virtual_address": "0x00048000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000370"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0004a000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement