SHARE
TWEET

Exes_b215bf8c_exe.json

paladin316 Jun 17th, 2019 57 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_b215bf8c.exe"
  7. [*] File Size: 505856
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "1792447f573eed39047c1d6e84eceb929181f6c06e1bee03d211b3800edd375c"
  10. [*] MD5: "5d5098208db4cf92ec8d046c275145a5"
  11. [*] SHA1: "6a280c2b35c184735fa2fca4058afa8a88942f97"
  12. [*] SHA512: "dd57a8fe880a5352cb0c2761f6a609493a944f9713138f4c20becc88a368a188a920201ec597264907386b9f744a1400aca88dd535ad66551fb9612b32558232"
  13. [*] CRC32: "B215BF8C"
  14. [*] SSDEEP: "12288:227guhSzueoaaiL5m4epfw06htLkGe493zn4FSyEc:7QykyJaJxzn4"
  15.  
  16. [*] Process Execution: [
  17.     "Exes_b215bf8c.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21.     {
  22.         "Description": "Performs some HTTP requests",
  23.         "Details": [
  24.             {
  25.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  26.             },
  27.             {
  28.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  29.             },
  30.             {
  31.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  32.             },
  33.             {
  34.                 "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe"
  35.             },
  36.             {
  37.                 "url": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes"
  38.             }
  39.         ]
  40.     },
  41.     {
  42.         "Description": "The binary likely contains encrypted or compressed data.",
  43.         "Details": [
  44.             {
  45.                 "section": "name: .text, entropy: 7.51, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0006a400, virtual_size: 0x0006a3f4"
  46.             }
  47.         ]
  48.     },
  49.     {
  50.         "Description": "File has been identified by 47 Antiviruses on VirusTotal as malicious",
  51.         "Details": [
  52.             {
  53.                 "K7AntiVirus": "Trojan ( 0054dc911 )"
  54.             },
  55.             {
  56.                 "MicroWorld-eScan": "Trojan.GenericKD.31999571"
  57.             },
  58.             {
  59.                 "FireEye": "Generic.mg.5d5098208db4cf92"
  60.             },
  61.             {
  62.                 "CAT-QuickHeal": "TrojanSpy.MSIL"
  63.             },
  64.             {
  65.                 "ALYac": "Trojan.GenericKD.31999571"
  66.             },
  67.             {
  68.                 "Cylance": "Unsafe"
  69.             },
  70.             {
  71.                 "Alibaba": "Trojan:Win32/Malmail.ali1000112"
  72.             },
  73.             {
  74.                 "K7GW": "Trojan ( 0054dc911 )"
  75.             },
  76.             {
  77.                 "Arcabit": "Trojan.Generic.D1E84653"
  78.             },
  79.             {
  80.                 "Invincea": "heuristic"
  81.             },
  82.             {
  83.                 "NANO-Antivirus": "Trojan.Win32.Noon.fqpbpx"
  84.             },
  85.             {
  86.                 "Symantec": "Trojan.Gen.2"
  87.             },
  88.             {
  89.                 "APEX": "Malicious"
  90.             },
  91.             {
  92.                 "Paloalto": "generic.ml"
  93.             },
  94.             {
  95.                 "Kaspersky": "HEUR:Trojan-Spy.MSIL.Noon.gen"
  96.             },
  97.             {
  98.                 "BitDefender": "Trojan.GenericKD.31999571"
  99.             },
  100.             {
  101.                 "AegisLab": "Trojan.MSIL.Noon.4!c"
  102.             },
  103.             {
  104.                 "Avast": "Win32:Malware-gen"
  105.             },
  106.             {
  107.                 "Tencent": "Win32.Trojan.Inject.Auto"
  108.             },
  109.             {
  110.                 "Ad-Aware": "Trojan.GenericKD.31999571"
  111.             },
  112.             {
  113.                 "Emsisoft": "Trojan.GenericKD.31999571 (B)"
  114.             },
  115.             {
  116.                 "Comodo": "Malware@#9sv84nck7fut"
  117.             },
  118.             {
  119.                 "F-Secure": "Trojan.TR/Injector.dbwxn"
  120.             },
  121.             {
  122.                 "DrWeb": "Trojan.PWS.Banker1.31584"
  123.             },
  124.             {
  125.                 "TrendMicro": "TROJ_GEN.R011C0REP19"
  126.             },
  127.             {
  128.                 "McAfee-GW-Edition": "RDN/Generic.grp"
  129.             },
  130.             {
  131.                 "Sophos": "Troj/Formboo-NO"
  132.             },
  133.             {
  134.                 "Ikarus": "Trojan.Inject"
  135.             },
  136.             {
  137.                 "Avira": "TR/Injector.dbwxn"
  138.             },
  139.             {
  140.                 "Microsoft": "Trojan:Win32/Tiggre!rfn"
  141.             },
  142.             {
  143.                 "ZoneAlarm": "HEUR:Trojan-Spy.MSIL.Noon.gen"
  144.             },
  145.             {
  146.                 "GData": "MSIL.Packed.Skaldring.D"
  147.             },
  148.             {
  149.                 "AhnLab-V3": "Trojan/Win32.Swotter.C3264744"
  150.             },
  151.             {
  152.                 "Acronis": "suspicious"
  153.             },
  154.             {
  155.                 "McAfee": "RDN/Generic.grp"
  156.             },
  157.             {
  158.                 "Malwarebytes": "Trojan.PCrypt.MSIL.Generic"
  159.             },
  160.             {
  161.                 "ESET-NOD32": "a variant of MSIL/Injector.UJO"
  162.             },
  163.             {
  164.                 "TrendMicro-HouseCall": "TROJ_GEN.R011C0REP19"
  165.             },
  166.             {
  167.                 "Rising": "Spyware.Noon!8.E7C9 (CLOUD)"
  168.             },
  169.             {
  170.                 "Yandex": "Trojan.Injector!l8ygDYjEUUY"
  171.             },
  172.             {
  173.                 "SentinelOne": "DFI - Suspicious PE"
  174.             },
  175.             {
  176.                 "Fortinet": "MSIL/Kryptik.RPR!tr"
  177.             },
  178.             {
  179.                 "AVG": "Win32:Malware-gen"
  180.             },
  181.             {
  182.                 "Cybereason": "malicious.b35c18"
  183.             },
  184.             {
  185.                 "Panda": "Trj/GdSda.A"
  186.             },
  187.             {
  188.                 "CrowdStrike": "win/malicious_confidence_80% (W)"
  189.             },
  190.             {
  191.                 "Qihoo-360": "Win32/Trojan.Spy.beb"
  192.             }
  193.         ]
  194.     }
  195. ]
  196.  
  197. [*] Started Service: []
  198.  
  199. [*] Created Services: []
  200.  
  201. [*] Mutexes: []
  202.  
  203. [*] Modified Files: []
  204.  
  205. [*] Deleted Files: []
  206.  
  207. [*] Modified Registry Keys: []
  208.  
  209. [*] Deleted Registry Keys: []
  210.  
  211. [*] DNS Communications: []
  212.  
  213. [*] Domains: []
  214.  
  215. [*] Network Communication - ICMP: []
  216.  
  217. [*] Network Communication - HTTP: [
  218.     {
  219.         "count": 1,
  220.         "body": "",
  221.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  222.         "user-agent": "Microsoft-CryptoAPI/6.1",
  223.         "method": "GET",
  224.         "host": "ocsp.digicert.com",
  225.         "version": "1.1",
  226.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  227.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  228.         "port": 80
  229.     },
  230.     {
  231.         "count": 1,
  232.         "body": "",
  233.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  234.         "user-agent": "Microsoft-CryptoAPI/6.1",
  235.         "method": "GET",
  236.         "host": "ocsp.digicert.com",
  237.         "version": "1.1",
  238.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  239.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  240.         "port": 80
  241.     },
  242.     {
  243.         "count": 1,
  244.         "body": "",
  245.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  246.         "user-agent": "Microsoft-CryptoAPI/6.1",
  247.         "method": "GET",
  248.         "host": "ocsp.digicert.com",
  249.         "version": "1.1",
  250.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  251.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  252.         "port": 80
  253.     },
  254.     {
  255.         "count": 1,
  256.         "body": "",
  257.         "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  258.         "user-agent": "Microsoft BITS/7.5",
  259.         "method": "HEAD",
  260.         "host": "redirector.gvt1.com",
  261.         "version": "1.1",
  262.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  263.         "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  264.         "port": 80
  265.     },
  266.     {
  267.         "count": 1,
  268.         "body": "",
  269.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  270.         "user-agent": "Microsoft BITS/7.5",
  271.         "method": "HEAD",
  272.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  273.         "version": "1.1",
  274.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  275.         "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  276.         "port": 80
  277.     },
  278.     {
  279.         "count": 1,
  280.         "body": "",
  281.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  282.         "user-agent": "Microsoft BITS/7.5",
  283.         "method": "GET",
  284.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  285.         "version": "1.1",
  286.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  287.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=0-6861\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  288.         "port": 80
  289.     },
  290.     {
  291.         "count": 1,
  292.         "body": "",
  293.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  294.         "user-agent": "Microsoft BITS/7.5",
  295.         "method": "GET",
  296.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  297.         "version": "1.1",
  298.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  299.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=6862-17735\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  300.         "port": 80
  301.     },
  302.     {
  303.         "count": 1,
  304.         "body": "",
  305.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  306.         "user-agent": "Microsoft BITS/7.5",
  307.         "method": "GET",
  308.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  309.         "version": "1.1",
  310.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  311.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=17736-27923\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  312.         "port": 80
  313.     },
  314.     {
  315.         "count": 1,
  316.         "body": "",
  317.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  318.         "user-agent": "Microsoft BITS/7.5",
  319.         "method": "GET",
  320.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  321.         "version": "1.1",
  322.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  323.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=27924-37541\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  324.         "port": 80
  325.     },
  326.     {
  327.         "count": 1,
  328.         "body": "",
  329.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  330.         "user-agent": "Microsoft BITS/7.5",
  331.         "method": "GET",
  332.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  333.         "version": "1.1",
  334.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  335.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=37542-58190\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  336.         "port": 80
  337.     },
  338.     {
  339.         "count": 1,
  340.         "body": "",
  341.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  342.         "user-agent": "Microsoft BITS/7.5",
  343.         "method": "GET",
  344.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  345.         "version": "1.1",
  346.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  347.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=58191-100988\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  348.         "port": 80
  349.     },
  350.     {
  351.         "count": 2,
  352.         "body": "",
  353.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  354.         "user-agent": "Microsoft BITS/7.5",
  355.         "method": "GET",
  356.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  357.         "version": "1.1",
  358.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  359.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=100989-187631\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  360.         "port": 80
  361.     },
  362.     {
  363.         "count": 1,
  364.         "body": "",
  365.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  366.         "user-agent": "Microsoft BITS/7.5",
  367.         "method": "GET",
  368.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  369.         "version": "1.1",
  370.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  371.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=187632-301768\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  372.         "port": 80
  373.     },
  374.     {
  375.         "count": 1,
  376.         "body": "",
  377.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  378.         "user-agent": "Microsoft BITS/7.5",
  379.         "method": "GET",
  380.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  381.         "version": "1.1",
  382.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  383.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=301769-663639\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  384.         "port": 80
  385.     },
  386.     {
  387.         "count": 1,
  388.         "body": "",
  389.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  390.         "user-agent": "Microsoft BITS/7.5",
  391.         "method": "GET",
  392.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  393.         "version": "1.1",
  394.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  395.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=663640-1384313\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  396.         "port": 80
  397.     },
  398.     {
  399.         "count": 1,
  400.         "body": "",
  401.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  402.         "user-agent": "Microsoft BITS/7.5",
  403.         "method": "GET",
  404.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  405.         "version": "1.1",
  406.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  407.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=1384314-2823009\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  408.         "port": 80
  409.     },
  410.     {
  411.         "count": 1,
  412.         "body": "",
  413.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  414.         "user-agent": "Microsoft BITS/7.5",
  415.         "method": "GET",
  416.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  417.         "version": "1.1",
  418.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  419.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=2823010-5702506\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  420.         "port": 80
  421.     },
  422.     {
  423.         "count": 1,
  424.         "body": "",
  425.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  426.         "user-agent": "Microsoft BITS/7.5",
  427.         "method": "GET",
  428.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  429.         "version": "1.1",
  430.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  431.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=5702507-11464364\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  432.         "port": 80
  433.     },
  434.     {
  435.         "count": 1,
  436.         "body": "",
  437.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  438.         "user-agent": "Microsoft BITS/7.5",
  439.         "method": "GET",
  440.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  441.         "version": "1.1",
  442.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  443.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=11464365-22962936\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  444.         "port": 80
  445.     },
  446.     {
  447.         "count": 1,
  448.         "body": "",
  449.         "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  450.         "user-agent": "Microsoft BITS/7.5",
  451.         "method": "GET",
  452.         "host": "r2---sn-bvvbax-2ims.gvt1.com",
  453.         "version": "1.1",
  454.         "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes",
  455.         "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560729320&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=22962937-30355199\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  456.         "port": 80
  457.     }
  458. ]
  459.  
  460. [*] Network Communication - SMTP: []
  461.  
  462. [*] Network Communication - Hosts: []
  463.  
  464. [*] Network Communication - IRC: []
  465.  
  466. [*] Static Analysis: {
  467.     "dotnet": {
  468.         "customattrs": [
  469.             {
  470.                 "type": "Assembly",
  471.                 "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  472.                 "value": "ilozodexakavam"
  473.             },
  474.             {
  475.                 "type": "Assembly",
  476.                 "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  477.                 "value": "unazadul"
  478.             },
  479.             {
  480.                 "type": "Assembly",
  481.                 "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  482.                 "value": "yvwqazadul"
  483.             },
  484.             {
  485.                 "type": "Assembly",
  486.                 "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  487.                 "value": "imumipewidicoolo"
  488.             },
  489.             {
  490.                 "type": "Assembly",
  491.                 "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  492.                 "value": "e4e6f603-77ab-4ebf-babc-13f3f31371"
  493.             },
  494.             {
  495.                 "type": "Assembly",
  496.                 "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  497.                 "value": "594.8.11."
  498.             },
  499.             {
  500.                 "type": "Assembly",
  501.                 "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  502.                 "value": "Copyright \\xc2\\xa9 90"
  503.             }
  504.         ],
  505.         "assemblyinfo": {
  506.             "version": "1.0.0.3",
  507.             "name": "dE2HoeeALlYtVNBe2DafTC8="
  508.         },
  509.         "assemblyrefs": [
  510.             {
  511.                 "version": "4.0.0.0",
  512.                 "name": "mscorlib"
  513.             },
  514.             {
  515.                 "version": "4.0.0.0",
  516.                 "name": "System"
  517.             },
  518.             {
  519.                 "version": "1.0.0.1",
  520.                 "name": "gdi32"
  521.             }
  522.         ],
  523.         "typerefs": [
  524.             {
  525.                 "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  526.                 "assembly": "System"
  527.             },
  528.             {
  529.                 "typename": "System.ComponentModel.EditorBrowsableAttribute",
  530.                 "assembly": "System"
  531.             },
  532.             {
  533.                 "typename": "System.ComponentModel.EditorBrowsableState",
  534.                 "assembly": "System"
  535.             },
  536.             {
  537.                 "typename": "System.Configuration.ApplicationSettingsBase",
  538.                 "assembly": "System"
  539.             },
  540.             {
  541.                 "typename": "System.Configuration.SettingsBase",
  542.                 "assembly": "System"
  543.             },
  544.             {
  545.                 "typename": "gdi32.Program",
  546.                 "assembly": "gdi32"
  547.             },
  548.             {
  549.                 "typename": "System.AppDomain",
  550.                 "assembly": "mscorlib"
  551.             },
  552.             {
  553.                 "typename": "System.Array",
  554.                 "assembly": "mscorlib"
  555.             },
  556.             {
  557.                 "typename": "System.Boolean",
  558.                 "assembly": "mscorlib"
  559.             },
  560.             {
  561.                 "typename": "System.Buffer",
  562.                 "assembly": "mscorlib"
  563.             },
  564.             {
  565.                 "typename": "System.Byte",
  566.                 "assembly": "mscorlib"
  567.             },
  568.             {
  569.                 "typename": "System.Char",
  570.                 "assembly": "mscorlib"
  571.             },
  572.             {
  573.                 "typename": "System.CharEnumerator",
  574.                 "assembly": "mscorlib"
  575.             },
  576.             {
  577.                 "typename": "System.Collections.Generic.IEnumerable`1",
  578.                 "assembly": "mscorlib"
  579.             },
  580.             {
  581.                 "typename": "System.Console",
  582.                 "assembly": "mscorlib"
  583.             },
  584.             {
  585.                 "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  586.                 "assembly": "mscorlib"
  587.             },
  588.             {
  589.                 "typename": "System.Exception",
  590.                 "assembly": "mscorlib"
  591.             },
  592.             {
  593.                 "typename": "System.Globalization.CompareOptions",
  594.                 "assembly": "mscorlib"
  595.             },
  596.             {
  597.                 "typename": "System.Globalization.CultureInfo",
  598.                 "assembly": "mscorlib"
  599.             },
  600.             {
  601.                 "typename": "System.Globalization.NumberStyles",
  602.                 "assembly": "mscorlib"
  603.             },
  604.             {
  605.                 "typename": "System.ICloneable",
  606.                 "assembly": "mscorlib"
  607.             },
  608.             {
  609.                 "typename": "System.IConvertible",
  610.                 "assembly": "mscorlib"
  611.             },
  612.             {
  613.                 "typename": "System.IFormatProvider",
  614.                 "assembly": "mscorlib"
  615.             },
  616.             {
  617.                 "typename": "System.Int32",
  618.                 "assembly": "mscorlib"
  619.             },
  620.             {
  621.                 "typename": "System.Object",
  622.                 "assembly": "mscorlib"
  623.             },
  624.             {
  625.                 "typename": "System.Reflection.Assembly",
  626.                 "assembly": "mscorlib"
  627.             },
  628.             {
  629.                 "typename": "System.Reflection.AssemblyCompanyAttribute",
  630.                 "assembly": "mscorlib"
  631.             },
  632.             {
  633.                 "typename": "System.Reflection.AssemblyConfigurationAttribute",
  634.                 "assembly": "mscorlib"
  635.             },
  636.             {
  637.                 "typename": "System.Reflection.AssemblyCopyrightAttribute",
  638.                 "assembly": "mscorlib"
  639.             },
  640.             {
  641.                 "typename": "System.Reflection.AssemblyDescriptionAttribute",
  642.                 "assembly": "mscorlib"
  643.             },
  644.             {
  645.                 "typename": "System.Reflection.AssemblyFileVersionAttribute",
  646.                 "assembly": "mscorlib"
  647.             },
  648.             {
  649.                 "typename": "System.Reflection.AssemblyName",
  650.                 "assembly": "mscorlib"
  651.             },
  652.             {
  653.                 "typename": "System.Reflection.AssemblyProductAttribute",
  654.                 "assembly": "mscorlib"
  655.             },
  656.             {
  657.                 "typename": "System.Reflection.AssemblyTitleAttribute",
  658.                 "assembly": "mscorlib"
  659.             },
  660.             {
  661.                 "typename": "System.Reflection.AssemblyTrademarkAttribute",
  662.                 "assembly": "mscorlib"
  663.             },
  664.             {
  665.                 "typename": "System.Reflection.BindingFlags",
  666.                 "assembly": "mscorlib"
  667.             },
  668.             {
  669.                 "typename": "System.Reflection.IReflect",
  670.                 "assembly": "mscorlib"
  671.             },
  672.             {
  673.                 "typename": "System.Reflection.MemberInfo",
  674.                 "assembly": "mscorlib"
  675.             },
  676.             {
  677.                 "typename": "System.Reflection.MethodBase",
  678.                 "assembly": "mscorlib"
  679.             },
  680.             {
  681.                 "typename": "System.Reflection.ParameterInfo",
  682.                 "assembly": "mscorlib"
  683.             },
  684.             {
  685.                 "typename": "System.Reflection.ParameterModifier",
  686.                 "assembly": "mscorlib"
  687.             },
  688.             {
  689.                 "typename": "System.Reflection.PropertyInfo",
  690.                 "assembly": "mscorlib"
  691.             },
  692.             {
  693.                 "typename": "System.ResolveEventArgs",
  694.                 "assembly": "mscorlib"
  695.             },
  696.             {
  697.                 "typename": "System.ResolveEventHandler",
  698.                 "assembly": "mscorlib"
  699.             },
  700.             {
  701.                 "typename": "System.Resources.ResourceManager",
  702.                 "assembly": "mscorlib"
  703.             },
  704.             {
  705.                 "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  706.                 "assembly": "mscorlib"
  707.             },
  708.             {
  709.                 "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  710.                 "assembly": "mscorlib"
  711.             },
  712.             {
  713.                 "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  714.                 "assembly": "mscorlib"
  715.             },
  716.             {
  717.                 "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  718.                 "assembly": "mscorlib"
  719.             },
  720.             {
  721.                 "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  722.                 "assembly": "mscorlib"
  723.             },
  724.             {
  725.                 "typename": "System.Runtime.InteropServices.GuidAttribute",
  726.                 "assembly": "mscorlib"
  727.             },
  728.             {
  729.                 "typename": "System.Runtime.Remoting.ObjectHandle",
  730.                 "assembly": "mscorlib"
  731.             },
  732.             {
  733.                 "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  734.                 "assembly": "mscorlib"
  735.             },
  736.             {
  737.                 "typename": "System.RuntimeFieldHandle",
  738.                 "assembly": "mscorlib"
  739.             },
  740.             {
  741.                 "typename": "System.RuntimeTypeHandle",
  742.                 "assembly": "mscorlib"
  743.             },
  744.             {
  745.                 "typename": "System.STAThreadAttribute",
  746.                 "assembly": "mscorlib"
  747.             },
  748.             {
  749.                 "typename": "System.String",
  750.                 "assembly": "mscorlib"
  751.             },
  752.             {
  753.                 "typename": "System.StringComparison",
  754.                 "assembly": "mscorlib"
  755.             },
  756.             {
  757.                 "typename": "System.StringSplitOptions",
  758.                 "assembly": "mscorlib"
  759.             },
  760.             {
  761.                 "typename": "System.Text.NormalizationForm",
  762.                 "assembly": "mscorlib"
  763.             },
  764.             {
  765.                 "typename": "System.Text.StringBuilder",
  766.                 "assembly": "mscorlib"
  767.             },
  768.             {
  769.                 "typename": "System.Threading.Thread",
  770.                 "assembly": "mscorlib"
  771.             },
  772.             {
  773.                 "typename": "System.Type",
  774.                 "assembly": "mscorlib"
  775.             },
  776.             {
  777.                 "typename": "System.TypeCode",
  778.                 "assembly": "mscorlib"
  779.             },
  780.             {
  781.                 "typename": "System.ValueType",
  782.                 "assembly": "mscorlib"
  783.             },
  784.             {
  785.                 "typename": "System.Void",
  786.                 "assembly": "mscorlib"
  787.             }
  788.         ]
  789.     },
  790.     "pe": {
  791.         "peid_signatures": null,
  792.         "imports": [
  793.             {
  794.                 "imports": [
  795.                     {
  796.                         "name": "_CorExeMain",
  797.                         "address": "0x402000"
  798.                     }
  799.                 ],
  800.                 "dll": "mscoree.dll"
  801.             }
  802.         ],
  803.         "digital_signers": null,
  804.         "exported_dll_name": null,
  805.         "actual_checksum": "0x0007b89f",
  806.         "overlay": null,
  807.         "imagebase": "0x00400000",
  808.         "reported_checksum": "0x00000000",
  809.         "icon_hash": null,
  810.         "entrypoint": "0x0046c3ee",
  811.         "timestamp": "2009-04-22 12:33:02",
  812.         "osversion": "4.0",
  813.         "sections": [
  814.             {
  815.                 "name": ".text",
  816.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  817.                 "virtual_address": "0x00002000",
  818.                 "size_of_data": "0x0006a400",
  819.                 "entropy": "7.51",
  820.                 "raw_address": "0x00000200",
  821.                 "virtual_size": "0x0006a3f4",
  822.                 "characteristics_raw": "0x60000020"
  823.             },
  824.             {
  825.                 "name": ".rsrc",
  826.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  827.                 "virtual_address": "0x0006e000",
  828.                 "size_of_data": "0x00011000",
  829.                 "entropy": "4.35",
  830.                 "raw_address": "0x0006a600",
  831.                 "virtual_size": "0x00011000",
  832.                 "characteristics_raw": "0x40000040"
  833.             },
  834.             {
  835.                 "name": ".reloc",
  836.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  837.                 "virtual_address": "0x00080000",
  838.                 "size_of_data": "0x00000200",
  839.                 "entropy": "0.10",
  840.                 "raw_address": "0x0007b600",
  841.                 "virtual_size": "0x0000000c",
  842.                 "characteristics_raw": "0x42000040"
  843.             }
  844.         ],
  845.         "resources": [],
  846.         "dirents": [
  847.             {
  848.                 "virtual_address": "0x00000000",
  849.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  850.                 "size": "0x00000000"
  851.             },
  852.             {
  853.                 "virtual_address": "0x0006c3a0",
  854.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  855.                 "size": "0x0000004b"
  856.             },
  857.             {
  858.                 "virtual_address": "0x0006e000",
  859.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  860.                 "size": "0x00011000"
  861.             },
  862.             {
  863.                 "virtual_address": "0x00000000",
  864.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  865.                 "size": "0x00000000"
  866.             },
  867.             {
  868.                 "virtual_address": "0x00000000",
  869.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  870.                 "size": "0x00000000"
  871.             },
  872.             {
  873.                 "virtual_address": "0x00080000",
  874.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  875.                 "size": "0x0000000c"
  876.             },
  877.             {
  878.                 "virtual_address": "0x00000000",
  879.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  880.                 "size": "0x00000000"
  881.             },
  882.             {
  883.                 "virtual_address": "0x00000000",
  884.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  885.                 "size": "0x00000000"
  886.             },
  887.             {
  888.                 "virtual_address": "0x00000000",
  889.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  890.                 "size": "0x00000000"
  891.             },
  892.             {
  893.                 "virtual_address": "0x00000000",
  894.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  895.                 "size": "0x00000000"
  896.             },
  897.             {
  898.                 "virtual_address": "0x00000000",
  899.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  900.                 "size": "0x00000000"
  901.             },
  902.             {
  903.                 "virtual_address": "0x00000000",
  904.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  905.                 "size": "0x00000000"
  906.             },
  907.             {
  908.                 "virtual_address": "0x00002000",
  909.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  910.                 "size": "0x00000008"
  911.             },
  912.             {
  913.                 "virtual_address": "0x00000000",
  914.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  915.                 "size": "0x00000000"
  916.             },
  917.             {
  918.                 "virtual_address": "0x00002008",
  919.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  920.                 "size": "0x00000048"
  921.             },
  922.             {
  923.                 "virtual_address": "0x00000000",
  924.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  925.                 "size": "0x00000000"
  926.             }
  927.         ],
  928.         "exports": [],
  929.         "guest_signers": {},
  930.         "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  931.         "icon_fuzzy": null,
  932.         "icon": null,
  933.         "pdbpath": null,
  934.         "imported_dll_count": 1,
  935.         "versioninfo": []
  936.     }
  937. }
  938.  
  939. [*] Resolved APIs: [
  940.     "advapi32.dll.RegOpenKeyExW",
  941.     "advapi32.dll.RegQueryInfoKeyW",
  942.     "advapi32.dll.RegEnumKeyExW",
  943.     "advapi32.dll.RegEnumValueW",
  944.     "advapi32.dll.RegCloseKey",
  945.     "advapi32.dll.RegQueryValueExW",
  946.     "kernel32.dll.QueryActCtxW",
  947.     "shlwapi.dll.UrlIsW"
  948. ]
  949.  
  950. [*] Static Analysis: {
  951.     "dotnet": {
  952.         "customattrs": [
  953.             {
  954.                 "type": "Assembly",
  955.                 "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  956.                 "value": "ilozodexakavam"
  957.             },
  958.             {
  959.                 "type": "Assembly",
  960.                 "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  961.                 "value": "unazadul"
  962.             },
  963.             {
  964.                 "type": "Assembly",
  965.                 "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  966.                 "value": "yvwqazadul"
  967.             },
  968.             {
  969.                 "type": "Assembly",
  970.                 "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  971.                 "value": "imumipewidicoolo"
  972.             },
  973.             {
  974.                 "type": "Assembly",
  975.                 "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  976.                 "value": "e4e6f603-77ab-4ebf-babc-13f3f31371"
  977.             },
  978.             {
  979.                 "type": "Assembly",
  980.                 "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  981.                 "value": "594.8.11."
  982.             },
  983.             {
  984.                 "type": "Assembly",
  985.                 "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  986.                 "value": "Copyright \\xc2\\xa9 90"
  987.             }
  988.         ],
  989.         "assemblyinfo": {
  990.             "version": "1.0.0.3",
  991.             "name": "dE2HoeeALlYtVNBe2DafTC8="
  992.         },
  993.         "assemblyrefs": [
  994.             {
  995.                 "version": "4.0.0.0",
  996.                 "name": "mscorlib"
  997.             },
  998.             {
  999.                 "version": "4.0.0.0",
  1000.                 "name": "System"
  1001.             },
  1002.             {
  1003.                 "version": "1.0.0.1",
  1004.                 "name": "gdi32"
  1005.             }
  1006.         ],
  1007.         "typerefs": [
  1008.             {
  1009.                 "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  1010.                 "assembly": "System"
  1011.             },
  1012.             {
  1013.                 "typename": "System.ComponentModel.EditorBrowsableAttribute",
  1014.                 "assembly": "System"
  1015.             },
  1016.             {
  1017.                 "typename": "System.ComponentModel.EditorBrowsableState",
  1018.                 "assembly": "System"
  1019.             },
  1020.             {
  1021.                 "typename": "System.Configuration.ApplicationSettingsBase",
  1022.                 "assembly": "System"
  1023.             },
  1024.             {
  1025.                 "typename": "System.Configuration.SettingsBase",
  1026.                 "assembly": "System"
  1027.             },
  1028.             {
  1029.                 "typename": "gdi32.Program",
  1030.                 "assembly": "gdi32"
  1031.             },
  1032.             {
  1033.                 "typename": "System.AppDomain",
  1034.                 "assembly": "mscorlib"
  1035.             },
  1036.             {
  1037.                 "typename": "System.Array",
  1038.                 "assembly": "mscorlib"
  1039.             },
  1040.             {
  1041.                 "typename": "System.Boolean",
  1042.                 "assembly": "mscorlib"
  1043.             },
  1044.             {
  1045.                 "typename": "System.Buffer",
  1046.                 "assembly": "mscorlib"
  1047.             },
  1048.             {
  1049.                 "typename": "System.Byte",
  1050.                 "assembly": "mscorlib"
  1051.             },
  1052.             {
  1053.                 "typename": "System.Char",
  1054.                 "assembly": "mscorlib"
  1055.             },
  1056.             {
  1057.                 "typename": "System.CharEnumerator",
  1058.                 "assembly": "mscorlib"
  1059.             },
  1060.             {
  1061.                 "typename": "System.Collections.Generic.IEnumerable`1",
  1062.                 "assembly": "mscorlib"
  1063.             },
  1064.             {
  1065.                 "typename": "System.Console",
  1066.                 "assembly": "mscorlib"
  1067.             },
  1068.             {
  1069.                 "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  1070.                 "assembly": "mscorlib"
  1071.             },
  1072.             {
  1073.                 "typename": "System.Exception",
  1074.                 "assembly": "mscorlib"
  1075.             },
  1076.             {
  1077.                 "typename": "System.Globalization.CompareOptions",
  1078.                 "assembly": "mscorlib"
  1079.             },
  1080.             {
  1081.                 "typename": "System.Globalization.CultureInfo",
  1082.                 "assembly": "mscorlib"
  1083.             },
  1084.             {
  1085.                 "typename": "System.Globalization.NumberStyles",
  1086.                 "assembly": "mscorlib"
  1087.             },
  1088.             {
  1089.                 "typename": "System.ICloneable",
  1090.                 "assembly": "mscorlib"
  1091.             },
  1092.             {
  1093.                 "typename": "System.IConvertible",
  1094.                 "assembly": "mscorlib"
  1095.             },
  1096.             {
  1097.                 "typename": "System.IFormatProvider",
  1098.                 "assembly": "mscorlib"
  1099.             },
  1100.             {
  1101.                 "typename": "System.Int32",
  1102.                 "assembly": "mscorlib"
  1103.             },
  1104.             {
  1105.                 "typename": "System.Object",
  1106.                 "assembly": "mscorlib"
  1107.             },
  1108.             {
  1109.                 "typename": "System.Reflection.Assembly",
  1110.                 "assembly": "mscorlib"
  1111.             },
  1112.             {
  1113.                 "typename": "System.Reflection.AssemblyCompanyAttribute",
  1114.                 "assembly": "mscorlib"
  1115.             },
  1116.             {
  1117.                 "typename": "System.Reflection.AssemblyConfigurationAttribute",
  1118.                 "assembly": "mscorlib"
  1119.             },
  1120.             {
  1121.                 "typename": "System.Reflection.AssemblyCopyrightAttribute",
  1122.                 "assembly": "mscorlib"
  1123.             },
  1124.             {
  1125.                 "typename": "System.Reflection.AssemblyDescriptionAttribute",
  1126.                 "assembly": "mscorlib"
  1127.             },
  1128.             {
  1129.                 "typename": "System.Reflection.AssemblyFileVersionAttribute",
  1130.                 "assembly": "mscorlib"
  1131.             },
  1132.             {
  1133.                 "typename": "System.Reflection.AssemblyName",
  1134.                 "assembly": "mscorlib"
  1135.             },
  1136.             {
  1137.                 "typename": "System.Reflection.AssemblyProductAttribute",
  1138.                 "assembly": "mscorlib"
  1139.             },
  1140.             {
  1141.                 "typename": "System.Reflection.AssemblyTitleAttribute",
  1142.                 "assembly": "mscorlib"
  1143.             },
  1144.             {
  1145.                 "typename": "System.Reflection.AssemblyTrademarkAttribute",
  1146.                 "assembly": "mscorlib"
  1147.             },
  1148.             {
  1149.                 "typename": "System.Reflection.BindingFlags",
  1150.                 "assembly": "mscorlib"
  1151.             },
  1152.             {
  1153.                 "typename": "System.Reflection.IReflect",
  1154.                 "assembly": "mscorlib"
  1155.             },
  1156.             {
  1157.                 "typename": "System.Reflection.MemberInfo",
  1158.                 "assembly": "mscorlib"
  1159.             },
  1160.             {
  1161.                 "typename": "System.Reflection.MethodBase",
  1162.                 "assembly": "mscorlib"
  1163.             },
  1164.             {
  1165.                 "typename": "System.Reflection.ParameterInfo",
  1166.                 "assembly": "mscorlib"
  1167.             },
  1168.             {
  1169.                 "typename": "System.Reflection.ParameterModifier",
  1170.                 "assembly": "mscorlib"
  1171.             },
  1172.             {
  1173.                 "typename": "System.Reflection.PropertyInfo",
  1174.                 "assembly": "mscorlib"
  1175.             },
  1176.             {
  1177.                 "typename": "System.ResolveEventArgs",
  1178.                 "assembly": "mscorlib"
  1179.             },
  1180.             {
  1181.                 "typename": "System.ResolveEventHandler",
  1182.                 "assembly": "mscorlib"
  1183.             },
  1184.             {
  1185.                 "typename": "System.Resources.ResourceManager",
  1186.                 "assembly": "mscorlib"
  1187.             },
  1188.             {
  1189.                 "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1190.                 "assembly": "mscorlib"
  1191.             },
  1192.             {
  1193.                 "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1194.                 "assembly": "mscorlib"
  1195.             },
  1196.             {
  1197.                 "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1198.                 "assembly": "mscorlib"
  1199.             },
  1200.             {
  1201.                 "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1202.                 "assembly": "mscorlib"
  1203.             },
  1204.             {
  1205.                 "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1206.                 "assembly": "mscorlib"
  1207.             },
  1208.             {
  1209.                 "typename": "System.Runtime.InteropServices.GuidAttribute",
  1210.                 "assembly": "mscorlib"
  1211.             },
  1212.             {
  1213.                 "typename": "System.Runtime.Remoting.ObjectHandle",
  1214.                 "assembly": "mscorlib"
  1215.             },
  1216.             {
  1217.                 "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  1218.                 "assembly": "mscorlib"
  1219.             },
  1220.             {
  1221.                 "typename": "System.RuntimeFieldHandle",
  1222.                 "assembly": "mscorlib"
  1223.             },
  1224.             {
  1225.                 "typename": "System.RuntimeTypeHandle",
  1226.                 "assembly": "mscorlib"
  1227.             },
  1228.             {
  1229.                 "typename": "System.STAThreadAttribute",
  1230.                 "assembly": "mscorlib"
  1231.             },
  1232.             {
  1233.                 "typename": "System.String",
  1234.                 "assembly": "mscorlib"
  1235.             },
  1236.             {
  1237.                 "typename": "System.StringComparison",
  1238.                 "assembly": "mscorlib"
  1239.             },
  1240.             {
  1241.                 "typename": "System.StringSplitOptions",
  1242.                 "assembly": "mscorlib"
  1243.             },
  1244.             {
  1245.                 "typename": "System.Text.NormalizationForm",
  1246.                 "assembly": "mscorlib"
  1247.             },
  1248.             {
  1249.                 "typename": "System.Text.StringBuilder",
  1250.                 "assembly": "mscorlib"
  1251.             },
  1252.             {
  1253.                 "typename": "System.Threading.Thread",
  1254.                 "assembly": "mscorlib"
  1255.             },
  1256.             {
  1257.                 "typename": "System.Type",
  1258.                 "assembly": "mscorlib"
  1259.             },
  1260.             {
  1261.                 "typename": "System.TypeCode",
  1262.                 "assembly": "mscorlib"
  1263.             },
  1264.             {
  1265.                 "typename": "System.ValueType",
  1266.                 "assembly": "mscorlib"
  1267.             },
  1268.             {
  1269.                 "typename": "System.Void",
  1270.                 "assembly": "mscorlib"
  1271.             }
  1272.         ]
  1273.     },
  1274.     "pe": {
  1275.         "peid_signatures": null,
  1276.         "imports": [
  1277.             {
  1278.                 "imports": [
  1279.                     {
  1280.                         "name": "_CorExeMain",
  1281.                         "address": "0x402000"
  1282.                     }
  1283.                 ],
  1284.                 "dll": "mscoree.dll"
  1285.             }
  1286.         ],
  1287.         "digital_signers": null,
  1288.         "exported_dll_name": null,
  1289.         "actual_checksum": "0x0007b89f",
  1290.         "overlay": null,
  1291.         "imagebase": "0x00400000",
  1292.         "reported_checksum": "0x00000000",
  1293.         "icon_hash": null,
  1294.         "entrypoint": "0x0046c3ee",
  1295.         "timestamp": "2009-04-22 12:33:02",
  1296.         "osversion": "4.0",
  1297.         "sections": [
  1298.             {
  1299.                 "name": ".text",
  1300.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1301.                 "virtual_address": "0x00002000",
  1302.                 "size_of_data": "0x0006a400",
  1303.                 "entropy": "7.51",
  1304.                 "raw_address": "0x00000200",
  1305.                 "virtual_size": "0x0006a3f4",
  1306.                 "characteristics_raw": "0x60000020"
  1307.             },
  1308.             {
  1309.                 "name": ".rsrc",
  1310.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1311.                 "virtual_address": "0x0006e000",
  1312.                 "size_of_data": "0x00011000",
  1313.                 "entropy": "4.35",
  1314.                 "raw_address": "0x0006a600",
  1315.                 "virtual_size": "0x00011000",
  1316.                 "characteristics_raw": "0x40000040"
  1317.             },
  1318.             {
  1319.                 "name": ".reloc",
  1320.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1321.                 "virtual_address": "0x00080000",
  1322.                 "size_of_data": "0x00000200",
  1323.                 "entropy": "0.10",
  1324.                 "raw_address": "0x0007b600",
  1325.                 "virtual_size": "0x0000000c",
  1326.                 "characteristics_raw": "0x42000040"
  1327.             }
  1328.         ],
  1329.         "resources": [],
  1330.         "dirents": [
  1331.             {
  1332.                 "virtual_address": "0x00000000",
  1333.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1334.                 "size": "0x00000000"
  1335.             },
  1336.             {
  1337.                 "virtual_address": "0x0006c3a0",
  1338.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1339.                 "size": "0x0000004b"
  1340.             },
  1341.             {
  1342.                 "virtual_address": "0x0006e000",
  1343.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1344.                 "size": "0x00011000"
  1345.             },
  1346.             {
  1347.                 "virtual_address": "0x00000000",
  1348.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1349.                 "size": "0x00000000"
  1350.             },
  1351.             {
  1352.                 "virtual_address": "0x00000000",
  1353.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1354.                 "size": "0x00000000"
  1355.             },
  1356.             {
  1357.                 "virtual_address": "0x00080000",
  1358.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1359.                 "size": "0x0000000c"
  1360.             },
  1361.             {
  1362.                 "virtual_address": "0x00000000",
  1363.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1364.                 "size": "0x00000000"
  1365.             },
  1366.             {
  1367.                 "virtual_address": "0x00000000",
  1368.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1369.                 "size": "0x00000000"
  1370.             },
  1371.             {
  1372.                 "virtual_address": "0x00000000",
  1373.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1374.                 "size": "0x00000000"
  1375.             },
  1376.             {
  1377.                 "virtual_address": "0x00000000",
  1378.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1379.                 "size": "0x00000000"
  1380.             },
  1381.             {
  1382.                 "virtual_address": "0x00000000",
  1383.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1384.                 "size": "0x00000000"
  1385.             },
  1386.             {
  1387.                 "virtual_address": "0x00000000",
  1388.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1389.                 "size": "0x00000000"
  1390.             },
  1391.             {
  1392.                 "virtual_address": "0x00002000",
  1393.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1394.                 "size": "0x00000008"
  1395.             },
  1396.             {
  1397.                 "virtual_address": "0x00000000",
  1398.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1399.                 "size": "0x00000000"
  1400.             },
  1401.             {
  1402.                 "virtual_address": "0x00002008",
  1403.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1404.                 "size": "0x00000048"
  1405.             },
  1406.             {
  1407.                 "virtual_address": "0x00000000",
  1408.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1409.                 "size": "0x00000000"
  1410.             }
  1411.         ],
  1412.         "exports": [],
  1413.         "guest_signers": {},
  1414.         "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1415.         "icon_fuzzy": null,
  1416.         "icon": null,
  1417.         "pdbpath": null,
  1418.         "imported_dll_count": 1,
  1419.         "versioninfo": []
  1420.     }
  1421. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top