API tools faq
paste
Advertisement
paladin316

Exes_4ff217cd_exe.json

paladin316
Jun 17th, 2019
1,314
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 74.45 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_4ff217cd.exe"
  7. [*] File Size: 355840
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010"
  10. [*] MD5: "6b20559ddfc38ecaff9a92ef76d7f5d6"
  11. [*] SHA1: "d4658c9a119729e8b24cfe4c042dbee2760a1c7e"
  12. [*] SHA512: "58013ac1c2d71acc63d0b2534e271b508093c17892732c0661f8118e808e036c05f51d0d79b72f01cfcd5a8838a957da5b15271bfca7b9f5806dcfd7480b63d3"
  13. [*] CRC32: "4FF217CD"
  14. [*] SSDEEP: "6144:YF4n3T7bqP8m3k3uAC3CS2KJ0Juxh/IycOzaaHJ68ximXrAlgFI8FGeeQOKcr:Yan3T72tKC3CS2CXJcOeaU8xi5V8F"
  15.  
  16. [*] Process Execution: [
  17. "Exes_4ff217cd.exe",
  18. "Exes_4ff217cd.exe"
  19. ]
  20.  
  21. [*] Signatures Detected: [
  22. {
  23. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
  24. "Details": [
  25. {
  26. "IP": "197.210.60.176:5552"
  27. }
  28. ]
  29. },
  30. {
  31. "Description": "Creates RWX memory",
  32. "Details": []
  33. },
  34. {
  35. "Description": "A process attempted to delay the analysis task.",
  36. "Details": [
  37. {
  38. "Process": "Exes_4ff217cd.exe tried to sleep 820 seconds, actually delayed analysis time by 0 seconds"
  39. }
  40. ]
  41. },
  42. {
  43. "Description": "A process created a hidden window",
  44. "Details": [
  45. {
  46. "Process": "Exes_4ff217cd.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe"
  47. }
  48. ]
  49. },
  50. {
  51. "Description": "Performs some HTTP requests",
  52. "Details": [
  53. {
  54. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe"
  55. },
  56. {
  57. "url": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes"
  58. },
  59. {
  60. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  61. },
  62. {
  63. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  64. },
  65. {
  66. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  67. }
  68. ]
  69. },
  70. {
  71. "Description": "The binary likely contains encrypted or compressed data.",
  72. "Details": [
  73. {
  74. "section": "name: .text, entropy: 7.58, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00056400, virtual_size: 0x000563d4"
  75. }
  76. ]
  77. },
  78. {
  79. "Description": "Attempts to remove evidence of file being downloaded from the Internet",
  80. "Details": [
  81. {
  82. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe:Zone.Identifier"
  83. }
  84. ]
  85. },
  86. {
  87. "Description": "Executed a process and injected code into it, probably while unpacking",
  88. "Details": [
  89. {
  90. "Injection": "Exes_4ff217cd.exe(1136) -> Exes_4ff217cd.exe(1772)"
  91. }
  92. ]
  93. },
  94. {
  95. "Description": "Installs itself for autorun at Windows startup",
  96. "Details": [
  97. {
  98. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
  99. },
  100. {
  101. "data": "\"C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe\",explorer.exe"
  102. }
  103. ]
  104. },
  105. {
  106. "Description": "Creates a hidden or system file",
  107. "Details": [
  108. {
  109. "file": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U"
  110. },
  111. {
  112. "file": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
  113. }
  114. ]
  115. },
  116. {
  117. "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
  118. "Details": [
  119. {
  120. "MicroWorld-eScan": "Gen:Variant.MSILPerseus.189870"
  121. },
  122. {
  123. "FireEye": "Generic.mg.6b20559ddfc38eca"
  124. },
  125. {
  126. "Cylance": "Unsafe"
  127. },
  128. {
  129. "CrowdStrike": "win/malicious_confidence_80% (D)"
  130. },
  131. {
  132. "Invincea": "heuristic"
  133. },
  134. {
  135. "Symantec": "ML.Attribute.HighConfidence"
  136. },
  137. {
  138. "APEX": "Malicious"
  139. },
  140. {
  141. "Paloalto": "generic.ml"
  142. },
  143. {
  144. "GData": "Gen:Variant.MSILPerseus.189870"
  145. },
  146. {
  147. "Kaspersky": "HEUR:Trojan.MSIL.APosT.gen"
  148. },
  149. {
  150. "BitDefender": "Gen:Variant.MSILPerseus.189870"
  151. },
  152. {
  153. "Tencent": "Win32.Trojan.Inject.Auto"
  154. },
  155. {
  156. "Endgame": "malicious (high confidence)"
  157. },
  158. {
  159. "Emsisoft": "Gen:Variant.MSILPerseus.189870 (B)"
  160. },
  161. {
  162. "F-Secure": "Heuristic.HEUR/AGEN.1035809"
  163. },
  164. {
  165. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.fc"
  166. },
  167. {
  168. "Trapmine": "malicious.moderate.ml.score"
  169. },
  170. {
  171. "Avira": "HEUR/AGEN.1035809"
  172. },
  173. {
  174. "MAX": "malware (ai score=83)"
  175. },
  176. {
  177. "Microsoft": "Trojan:Win32/Genasep.A"
  178. },
  179. {
  180. "Arcabit": "Trojan.MSILPerseus.D2E5AE"
  181. },
  182. {
  183. "ZoneAlarm": "HEUR:Trojan.MSIL.APosT.gen"
  184. },
  185. {
  186. "ESET-NOD32": "a variant of MSIL/Kryptik.QME"
  187. },
  188. {
  189. "Ad-Aware": "Gen:Variant.MSILPerseus.189870"
  190. },
  191. {
  192. "Rising": "Trojan.Generic!8.C3 (TFE:C:4Z7h57iZN6F)"
  193. },
  194. {
  195. "SentinelOne": "DFI - Suspicious PE"
  196. },
  197. {
  198. "Webroot": "W32.Malware.Gen"
  199. },
  200. {
  201. "AVG": "FileRepMetagen [Malware]"
  202. },
  203. {
  204. "Cybereason": "malicious.a11972"
  205. },
  206. {
  207. "Panda": "Trj/GdSda.A"
  208. },
  209. {
  210. "Qihoo-360": "HEUR/QVM03.0.D681.Malware.Gen"
  211. }
  212. ]
  213. },
  214. {
  215. "Description": "Creates a copy of itself",
  216. "Details": [
  217. {
  218. "copy": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
  219. }
  220. ]
  221. }
  222. ]
  223.  
  224. [*] Started Service: []
  225.  
  226. [*] Executed Commands: [
  227. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe\""
  228. ]
  229.  
  230. [*] Mutexes: [
  231. "Global\\CLR_PerfMon_WrapMutex",
  232. "Global\\CLR_CASOFF_MUTEX",
  233. "17B4580626B0CC38D4E5E2CEE8453500",
  234. "-"
  235. ]
  236.  
  237. [*] Modified Files: [
  238. "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
  239. "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
  240. ]
  241.  
  242. [*] Deleted Files: [
  243. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe:Zone.Identifier"
  244. ]
  245.  
  246. [*] Modified Registry Keys: [
  247. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
  248. ]
  249.  
  250. [*] Deleted Registry Keys: []
  251.  
  252. [*] DNS Communications: [
  253. {
  254. "type": "A",
  255. "request": "info1.nowddns.com",
  256. "answers": [
  257. {
  258. "data": "197.210.60.176",
  259. "type": "A"
  260. }
  261. ]
  262. }
  263. ]
  264.  
  265. [*] Domains: [
  266. {
  267. "ip": "197.210.60.176",
  268. "domain": "info1.nowddns.com"
  269. }
  270. ]
  271.  
  272. [*] Network Communication - ICMP: []
  273.  
  274. [*] Network Communication - HTTP: [
  275. {
  276. "count": 1,
  277. "body": "",
  278. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  279. "user-agent": "Microsoft BITS/7.5",
  280. "method": "HEAD",
  281. "host": "redirector.gvt1.com",
  282. "version": "1.1",
  283. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  284. "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  285. "port": 80
  286. },
  287. {
  288. "count": 1,
  289. "body": "",
  290. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  291. "user-agent": "Microsoft BITS/7.5",
  292. "method": "HEAD",
  293. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  294. "version": "1.1",
  295. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  296. "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  297. "port": 80
  298. },
  299. {
  300. "count": 1,
  301. "body": "",
  302. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  303. "user-agent": "Microsoft-CryptoAPI/6.1",
  304. "method": "GET",
  305. "host": "ocsp.digicert.com",
  306. "version": "1.1",
  307. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  308. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  309. "port": 80
  310. },
  311. {
  312. "count": 1,
  313. "body": "",
  314. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  315. "user-agent": "Microsoft-CryptoAPI/6.1",
  316. "method": "GET",
  317. "host": "ocsp.digicert.com",
  318. "version": "1.1",
  319. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  320. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  321. "port": 80
  322. },
  323. {
  324. "count": 1,
  325. "body": "",
  326. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  327. "user-agent": "Microsoft-CryptoAPI/6.1",
  328. "method": "GET",
  329. "host": "ocsp.digicert.com",
  330. "version": "1.1",
  331. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  332. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  333. "port": 80
  334. },
  335. {
  336. "count": 1,
  337. "body": "",
  338. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  339. "user-agent": "Microsoft BITS/7.5",
  340. "method": "GET",
  341. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  342. "version": "1.1",
  343. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  344. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=0-6825\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  345. "port": 80
  346. },
  347. {
  348. "count": 1,
  349. "body": "",
  350. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  351. "user-agent": "Microsoft BITS/7.5",
  352. "method": "GET",
  353. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  354. "version": "1.1",
  355. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  356. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=6826-16126\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  357. "port": 80
  358. },
  359. {
  360. "count": 1,
  361. "body": "",
  362. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  363. "user-agent": "Microsoft BITS/7.5",
  364. "method": "GET",
  365. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  366. "version": "1.1",
  367. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  368. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=16127-25295\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  369. "port": 80
  370. },
  371. {
  372. "count": 1,
  373. "body": "",
  374. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  375. "user-agent": "Microsoft BITS/7.5",
  376. "method": "GET",
  377. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  378. "version": "1.1",
  379. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  380. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=25296-34292\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  381. "port": 80
  382. },
  383. {
  384. "count": 1,
  385. "body": "",
  386. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  387. "user-agent": "Microsoft BITS/7.5",
  388. "method": "GET",
  389. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  390. "version": "1.1",
  391. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  392. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=34293-54223\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  393. "port": 80
  394. },
  395. {
  396. "count": 1,
  397. "body": "",
  398. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  399. "user-agent": "Microsoft BITS/7.5",
  400. "method": "GET",
  401. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  402. "version": "1.1",
  403. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  404. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=54224-96085\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  405. "port": 80
  406. },
  407. {
  408. "count": 1,
  409. "body": "",
  410. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  411. "user-agent": "Microsoft BITS/7.5",
  412. "method": "GET",
  413. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  414. "version": "1.1",
  415. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  416. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=96086-182941\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  417. "port": 80
  418. },
  419. {
  420. "count": 1,
  421. "body": "",
  422. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  423. "user-agent": "Microsoft BITS/7.5",
  424. "method": "GET",
  425. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  426. "version": "1.1",
  427. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  428. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=182942-360143\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  429. "port": 80
  430. },
  431. {
  432. "count": 1,
  433. "body": "",
  434. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  435. "user-agent": "Microsoft BITS/7.5",
  436. "method": "GET",
  437. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  438. "version": "1.1",
  439. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  440. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=360144-716809\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  441. "port": 80
  442. },
  443. {
  444. "count": 1,
  445. "body": "",
  446. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  447. "user-agent": "Microsoft BITS/7.5",
  448. "method": "GET",
  449. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  450. "version": "1.1",
  451. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  452. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=716810-1433630\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  453. "port": 80
  454. },
  455. {
  456. "count": 1,
  457. "body": "",
  458. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  459. "user-agent": "Microsoft BITS/7.5",
  460. "method": "GET",
  461. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  462. "version": "1.1",
  463. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  464. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=1433631-2871276\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  465. "port": 80
  466. },
  467. {
  468. "count": 1,
  469. "body": "",
  470. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  471. "user-agent": "Microsoft BITS/7.5",
  472. "method": "GET",
  473. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  474. "version": "1.1",
  475. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  476. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=2871277-5750717\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  477. "port": 80
  478. },
  479. {
  480. "count": 1,
  481. "body": "",
  482. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  483. "user-agent": "Microsoft BITS/7.5",
  484. "method": "GET",
  485. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  486. "version": "1.1",
  487. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  488. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=5750718-11529539\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  489. "port": 80
  490. },
  491. {
  492. "count": 1,
  493. "body": "",
  494. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  495. "user-agent": "Microsoft BITS/7.5",
  496. "method": "GET",
  497. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  498. "version": "1.1",
  499. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  500. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=11529540-23107972\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  501. "port": 80
  502. },
  503. {
  504. "count": 1,
  505. "body": "",
  506. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  507. "user-agent": "Microsoft BITS/7.5",
  508. "method": "GET",
  509. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  510. "version": "1.1",
  511. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
  512. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=23107973-30355199\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  513. "port": 80
  514. }
  515. ]
  516.  
  517. [*] Network Communication - SMTP: []
  518.  
  519. [*] Network Communication - Hosts: []
  520.  
  521. [*] Network Communication - IRC: []
  522.  
  523. [*] Static Analysis: {
  524. "dotnet": {
  525. "customattrs": null,
  526. "assemblyinfo": {
  527. "version": "1.0.0.0",
  528. "name": "NpmTaskRunner"
  529. },
  530. "assemblyrefs": [
  531. {
  532. "version": "2.0.0.0",
  533. "name": "mscorlib"
  534. },
  535. {
  536. "version": "2.0.0.0",
  537. "name": "System.Windows.Forms"
  538. },
  539. {
  540. "version": "2.0.0.0",
  541. "name": "System"
  542. },
  543. {
  544. "version": "2.0.0.0",
  545. "name": "System.Drawing"
  546. }
  547. ],
  548. "typerefs": [
  549. {
  550. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  551. "assembly": "System"
  552. },
  553. {
  554. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  555. "assembly": "System"
  556. },
  557. {
  558. "typename": "System.ComponentModel.EditorBrowsableState",
  559. "assembly": "System"
  560. },
  561. {
  562. "typename": "System.ComponentModel.IContainer",
  563. "assembly": "System"
  564. },
  565. {
  566. "typename": "System.Configuration.ApplicationSettingsBase",
  567. "assembly": "System"
  568. },
  569. {
  570. "typename": "System.Configuration.SettingsBase",
  571. "assembly": "System"
  572. },
  573. {
  574. "typename": "System.Drawing.Point",
  575. "assembly": "System.Drawing"
  576. },
  577. {
  578. "typename": "System.Drawing.Size",
  579. "assembly": "System.Drawing"
  580. },
  581. {
  582. "typename": "System.Drawing.SizeF",
  583. "assembly": "System.Drawing"
  584. },
  585. {
  586. "typename": "System.Windows.Forms.Application",
  587. "assembly": "System.Windows.Forms"
  588. },
  589. {
  590. "typename": "System.Windows.Forms.AutoScaleMode",
  591. "assembly": "System.Windows.Forms"
  592. },
  593. {
  594. "typename": "System.Windows.Forms.Button",
  595. "assembly": "System.Windows.Forms"
  596. },
  597. {
  598. "typename": "System.Windows.Forms.ButtonBase",
  599. "assembly": "System.Windows.Forms"
  600. },
  601. {
  602. "typename": "System.Windows.Forms.CommonDialog",
  603. "assembly": "System.Windows.Forms"
  604. },
  605. {
  606. "typename": "System.Windows.Forms.ContainerControl",
  607. "assembly": "System.Windows.Forms"
  608. },
  609. {
  610. "typename": "System.Windows.Forms.Control",
  611. "assembly": "System.Windows.Forms"
  612. },
  613. {
  614. "typename": "System.Windows.Forms.Control/ControlCollection",
  615. "assembly": "System.Windows.Forms"
  616. },
  617. {
  618. "typename": "System.Windows.Forms.DialogResult",
  619. "assembly": "System.Windows.Forms"
  620. },
  621. {
  622. "typename": "System.Windows.Forms.FileDialog",
  623. "assembly": "System.Windows.Forms"
  624. },
  625. {
  626. "typename": "System.Windows.Forms.Form",
  627. "assembly": "System.Windows.Forms"
  628. },
  629. {
  630. "typename": "System.Windows.Forms.GroupBox",
  631. "assembly": "System.Windows.Forms"
  632. },
  633. {
  634. "typename": "System.Windows.Forms.ListView",
  635. "assembly": "System.Windows.Forms"
  636. },
  637. {
  638. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  639. "assembly": "System.Windows.Forms"
  640. },
  641. {
  642. "typename": "System.Windows.Forms.ListViewItem",
  643. "assembly": "System.Windows.Forms"
  644. },
  645. {
  646. "typename": "System.Windows.Forms.OpenFileDialog",
  647. "assembly": "System.Windows.Forms"
  648. },
  649. {
  650. "typename": "System.Windows.Forms.TextBox",
  651. "assembly": "System.Windows.Forms"
  652. },
  653. {
  654. "typename": "System.Action`1",
  655. "assembly": "mscorlib"
  656. },
  657. {
  658. "typename": "System.Activator",
  659. "assembly": "mscorlib"
  660. },
  661. {
  662. "typename": "System.ArgumentNullException",
  663. "assembly": "mscorlib"
  664. },
  665. {
  666. "typename": "System.Array",
  667. "assembly": "mscorlib"
  668. },
  669. {
  670. "typename": "System.Attribute",
  671. "assembly": "mscorlib"
  672. },
  673. {
  674. "typename": "System.BadImageFormatException",
  675. "assembly": "mscorlib"
  676. },
  677. {
  678. "typename": "System.Byte",
  679. "assembly": "mscorlib"
  680. },
  681. {
  682. "typename": "System.Collections.DictionaryEntry",
  683. "assembly": "mscorlib"
  684. },
  685. {
  686. "typename": "System.Collections.Generic.Dictionary`2",
  687. "assembly": "mscorlib"
  688. },
  689. {
  690. "typename": "System.Collections.Generic.IEnumerable`1",
  691. "assembly": "mscorlib"
  692. },
  693. {
  694. "typename": "System.Collections.Generic.IEnumerator`1",
  695. "assembly": "mscorlib"
  696. },
  697. {
  698. "typename": "System.Collections.Generic.List`1",
  699. "assembly": "mscorlib"
  700. },
  701. {
  702. "typename": "System.Collections.Generic.List`1/Enumerator",
  703. "assembly": "mscorlib"
  704. },
  705. {
  706. "typename": "System.Collections.ICollection",
  707. "assembly": "mscorlib"
  708. },
  709. {
  710. "typename": "System.Collections.IDictionaryEnumerator",
  711. "assembly": "mscorlib"
  712. },
  713. {
  714. "typename": "System.Collections.IEnumerable",
  715. "assembly": "mscorlib"
  716. },
  717. {
  718. "typename": "System.Collections.IEnumerator",
  719. "assembly": "mscorlib"
  720. },
  721. {
  722. "typename": "System.Collections.IList",
  723. "assembly": "mscorlib"
  724. },
  725. {
  726. "typename": "System.Delegate",
  727. "assembly": "mscorlib"
  728. },
  729. {
  730. "typename": "System.Diagnostics.DebuggableAttribute",
  731. "assembly": "mscorlib"
  732. },
  733. {
  734. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  735. "assembly": "mscorlib"
  736. },
  737. {
  738. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  739. "assembly": "mscorlib"
  740. },
  741. {
  742. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  743. "assembly": "mscorlib"
  744. },
  745. {
  746. "typename": "System.Environment",
  747. "assembly": "mscorlib"
  748. },
  749. {
  750. "typename": "System.EventArgs",
  751. "assembly": "mscorlib"
  752. },
  753. {
  754. "typename": "System.EventHandler",
  755. "assembly": "mscorlib"
  756. },
  757. {
  758. "typename": "System.Globalization.CultureInfo",
  759. "assembly": "mscorlib"
  760. },
  761. {
  762. "typename": "System.IDisposable",
  763. "assembly": "mscorlib"
  764. },
  765. {
  766. "typename": "System.IO.MemoryStream",
  767. "assembly": "mscorlib"
  768. },
  769. {
  770. "typename": "System.IO.SeekOrigin",
  771. "assembly": "mscorlib"
  772. },
  773. {
  774. "typename": "System.IO.Stream",
  775. "assembly": "mscorlib"
  776. },
  777. {
  778. "typename": "System.IO.StreamReader",
  779. "assembly": "mscorlib"
  780. },
  781. {
  782. "typename": "System.IO.TextReader",
  783. "assembly": "mscorlib"
  784. },
  785. {
  786. "typename": "System.NotSupportedException",
  787. "assembly": "mscorlib"
  788. },
  789. {
  790. "typename": "System.Object",
  791. "assembly": "mscorlib"
  792. },
  793. {
  794. "typename": "System.Predicate`1",
  795. "assembly": "mscorlib"
  796. },
  797. {
  798. "typename": "System.Random",
  799. "assembly": "mscorlib"
  800. },
  801. {
  802. "typename": "System.Reflection.Assembly",
  803. "assembly": "mscorlib"
  804. },
  805. {
  806. "typename": "System.Reflection.AssemblyCompanyAttribute",
  807. "assembly": "mscorlib"
  808. },
  809. {
  810. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  811. "assembly": "mscorlib"
  812. },
  813. {
  814. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  815. "assembly": "mscorlib"
  816. },
  817. {
  818. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  819. "assembly": "mscorlib"
  820. },
  821. {
  822. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  823. "assembly": "mscorlib"
  824. },
  825. {
  826. "typename": "System.Reflection.AssemblyProductAttribute",
  827. "assembly": "mscorlib"
  828. },
  829. {
  830. "typename": "System.Reflection.AssemblyTitleAttribute",
  831. "assembly": "mscorlib"
  832. },
  833. {
  834. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  835. "assembly": "mscorlib"
  836. },
  837. {
  838. "typename": "System.Resources.ResourceManager",
  839. "assembly": "mscorlib"
  840. },
  841. {
  842. "typename": "System.Resources.ResourceSet",
  843. "assembly": "mscorlib"
  844. },
  845. {
  846. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  847. "assembly": "mscorlib"
  848. },
  849. {
  850. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  851. "assembly": "mscorlib"
  852. },
  853. {
  854. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  855. "assembly": "mscorlib"
  856. },
  857. {
  858. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  859. "assembly": "mscorlib"
  860. },
  861. {
  862. "typename": "System.Runtime.InteropServices.GuidAttribute",
  863. "assembly": "mscorlib"
  864. },
  865. {
  866. "typename": "System.RuntimeTypeHandle",
  867. "assembly": "mscorlib"
  868. },
  869. {
  870. "typename": "System.STAThreadAttribute",
  871. "assembly": "mscorlib"
  872. },
  873. {
  874. "typename": "System.Security.UnverifiableCodeAttribute",
  875. "assembly": "mscorlib"
  876. },
  877. {
  878. "typename": "System.Threading.Monitor",
  879. "assembly": "mscorlib"
  880. },
  881. {
  882. "typename": "System.Threading.Thread",
  883. "assembly": "mscorlib"
  884. },
  885. {
  886. "typename": "System.Threading.ThreadStart",
  887. "assembly": "mscorlib"
  888. },
  889. {
  890. "typename": "System.Type",
  891. "assembly": "mscorlib"
  892. }
  893. ]
  894. },
  895. "pe": {
  896. "peid_signatures": null,
  897. "imports": [
  898. {
  899. "imports": [
  900. {
  901. "name": "_CorExeMain",
  902. "address": "0x402000"
  903. }
  904. ],
  905. "dll": "mscoree.dll"
  906. }
  907. ],
  908. "digital_signers": null,
  909. "exported_dll_name": null,
  910. "actual_checksum": "0x000643a0",
  911. "overlay": null,
  912. "imagebase": "0x00400000",
  913. "reported_checksum": "0x000643a0",
  914. "icon_hash": null,
  915. "entrypoint": "0x004583ce",
  916. "timestamp": "2019-06-09 13:20:02",
  917. "osversion": "4.0",
  918. "sections": [
  919. {
  920. "name": ".text",
  921. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  922. "virtual_address": "0x00002000",
  923. "size_of_data": "0x00056400",
  924. "entropy": "7.58",
  925. "raw_address": "0x00000200",
  926. "virtual_size": "0x000563d4",
  927. "characteristics_raw": "0x60000020"
  928. },
  929. {
  930. "name": ".rsrc",
  931. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  932. "virtual_address": "0x0005a000",
  933. "size_of_data": "0x00000600",
  934. "entropy": "4.17",
  935. "raw_address": "0x00056600",
  936. "virtual_size": "0x000005e0",
  937. "characteristics_raw": "0x40000040"
  938. },
  939. {
  940. "name": ".reloc",
  941. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  942. "virtual_address": "0x0005c000",
  943. "size_of_data": "0x00000200",
  944. "entropy": "0.10",
  945. "raw_address": "0x00056c00",
  946. "virtual_size": "0x0000000c",
  947. "characteristics_raw": "0x42000040"
  948. }
  949. ],
  950. "resources": [],
  951. "dirents": [
  952. {
  953. "virtual_address": "0x00000000",
  954. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  955. "size": "0x00000000"
  956. },
  957. {
  958. "virtual_address": "0x00058380",
  959. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  960. "size": "0x0000004b"
  961. },
  962. {
  963. "virtual_address": "0x0005a000",
  964. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  965. "size": "0x000005e0"
  966. },
  967. {
  968. "virtual_address": "0x00000000",
  969. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  970. "size": "0x00000000"
  971. },
  972. {
  973. "virtual_address": "0x00000000",
  974. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  975. "size": "0x00000000"
  976. },
  977. {
  978. "virtual_address": "0x0005c000",
  979. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  980. "size": "0x0000000c"
  981. },
  982. {
  983. "virtual_address": "0x00000000",
  984. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  985. "size": "0x00000000"
  986. },
  987. {
  988. "virtual_address": "0x00000000",
  989. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  990. "size": "0x00000000"
  991. },
  992. {
  993. "virtual_address": "0x00000000",
  994. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  995. "size": "0x00000000"
  996. },
  997. {
  998. "virtual_address": "0x00000000",
  999. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1000. "size": "0x00000000"
  1001. },
  1002. {
  1003. "virtual_address": "0x00000000",
  1004. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1005. "size": "0x00000000"
  1006. },
  1007. {
  1008. "virtual_address": "0x00000000",
  1009. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1010. "size": "0x00000000"
  1011. },
  1012. {
  1013. "virtual_address": "0x00002000",
  1014. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1015. "size": "0x00000008"
  1016. },
  1017. {
  1018. "virtual_address": "0x00000000",
  1019. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1020. "size": "0x00000000"
  1021. },
  1022. {
  1023. "virtual_address": "0x00002008",
  1024. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1025. "size": "0x00000048"
  1026. },
  1027. {
  1028. "virtual_address": "0x00000000",
  1029. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1030. "size": "0x00000000"
  1031. }
  1032. ],
  1033. "exports": [],
  1034. "guest_signers": {},
  1035. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1036. "icon_fuzzy": null,
  1037. "icon": null,
  1038. "pdbpath": null,
  1039. "imported_dll_count": 1,
  1040. "versioninfo": []
  1041. }
  1042. }
  1043.  
  1044. [*] Resolved APIs: [
  1045. "advapi32.dll.RegOpenKeyExW",
  1046. "advapi32.dll.RegQueryInfoKeyW",
  1047. "advapi32.dll.RegEnumKeyExW",
  1048. "advapi32.dll.RegEnumValueW",
  1049. "advapi32.dll.RegCloseKey",
  1050. "advapi32.dll.RegQueryValueExW",
  1051. "kernel32.dll.QueryActCtxW",
  1052. "shlwapi.dll.UrlIsW",
  1053. "kernel32.dll.FlsAlloc",
  1054. "kernel32.dll.FlsGetValue",
  1055. "kernel32.dll.FlsSetValue",
  1056. "kernel32.dll.FlsFree",
  1057. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
  1058. "kernel32.dll.IsProcessorFeaturePresent",
  1059. "msvcrt.dll._set_error_mode",
  1060. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
  1061. "kernel32.dll.FindActCtxSectionStringW",
  1062. "kernel32.dll.GetSystemWindowsDirectoryW",
  1063. "mscoree.dll.GetProcessExecutableHeap",
  1064. "mscorwks.dll._CorExeMain",
  1065. "mscorwks.dll.GetCLRFunction",
  1066. "advapi32.dll.RegisterTraceGuidsW",
  1067. "advapi32.dll.UnregisterTraceGuids",
  1068. "advapi32.dll.GetTraceLoggerHandle",
  1069. "advapi32.dll.GetTraceEnableLevel",
  1070. "advapi32.dll.GetTraceEnableFlags",
  1071. "advapi32.dll.TraceEvent",
  1072. "mscoree.dll.IEE",
  1073. "mscorwks.dll.IEE",
  1074. "mscoree.dll.GetStartupFlags",
  1075. "mscoree.dll.GetHostConfigurationFile",
  1076. "mscoree.dll.GetCORSystemDirectory",
  1077. "ntdll.dll.RtlUnwind",
  1078. "kernel32.dll.IsWow64Process",
  1079. "advapi32.dll.AllocateAndInitializeSid",
  1080. "advapi32.dll.OpenProcessToken",
  1081. "advapi32.dll.GetTokenInformation",
  1082. "advapi32.dll.InitializeAcl",
  1083. "advapi32.dll.AddAccessAllowedAce",
  1084. "advapi32.dll.FreeSid",
  1085. "kernel32.dll.SetThreadStackGuarantee",
  1086. "kernel32.dll.AddVectoredContinueHandler",
  1087. "kernel32.dll.RemoveVectoredContinueHandler",
  1088. "advapi32.dll.ConvertSidToStringSidW",
  1089. "shell32.dll.SHGetFolderPathW",
  1090. "kernel32.dll.FlushProcessWriteBuffers",
  1091. "kernel32.dll.GetWriteWatch",
  1092. "kernel32.dll.ResetWriteWatch",
  1093. "kernel32.dll.CreateMemoryResourceNotification",
  1094. "kernel32.dll.QueryMemoryResourceNotification",
  1095. "ole32.dll.CoInitializeEx",
  1096. "cryptbase.dll.SystemFunction036",
  1097. "uxtheme.dll.ThemeInitApiHook",
  1098. "user32.dll.IsProcessDPIAware",
  1099. "ole32.dll.CoGetContextToken",
  1100. "kernel32.dll.GetFullPathNameW",
  1101. "kernel32.dll.GetVersionExW",
  1102. "advapi32.dll.CryptAcquireContextA",
  1103. "advapi32.dll.CryptReleaseContext",
  1104. "advapi32.dll.CryptCreateHash",
  1105. "advapi32.dll.CryptDestroyHash",
  1106. "advapi32.dll.CryptHashData",
  1107. "advapi32.dll.CryptGetHashParam",
  1108. "advapi32.dll.CryptImportKey",
  1109. "advapi32.dll.CryptExportKey",
  1110. "advapi32.dll.CryptGenKey",
  1111. "advapi32.dll.CryptGetKeyParam",
  1112. "advapi32.dll.CryptDestroyKey",
  1113. "advapi32.dll.CryptVerifySignatureA",
  1114. "advapi32.dll.CryptSignHashA",
  1115. "advapi32.dll.CryptGetProvParam",
  1116. "advapi32.dll.CryptGetUserKey",
  1117. "advapi32.dll.CryptEnumProvidersA",
  1118. "mscoree.dll.GetMetaDataInternalInterface",
  1119. "mscorwks.dll.GetMetaDataInternalInterface",
  1120. "mscorjit.dll.getJit",
  1121. "uxtheme.dll.IsAppThemed",
  1122. "kernel32.dll.CreateActCtxA",
  1123. "ole32.dll.CoTaskMemAlloc",
  1124. "ole32.dll.CoTaskMemFree",
  1125. "user32.dll.RegisterWindowMessageW",
  1126. "user32.dll.GetSystemMetrics",
  1127. "user32.dll.AdjustWindowRectEx",
  1128. "kernel32.dll.GetCurrentProcess",
  1129. "kernel32.dll.GetCurrentThread",
  1130. "kernel32.dll.DuplicateHandle",
  1131. "kernel32.dll.GetCurrentThreadId",
  1132. "kernel32.dll.GetCurrentActCtx",
  1133. "kernel32.dll.ActivateActCtx",
  1134. "kernel32.dll.lstrlen",
  1135. "kernel32.dll.lstrlenW",
  1136. "kernel32.dll.GetModuleHandleW",
  1137. "kernel32.dll.GetProcAddress",
  1138. "user32.dll.DefWindowProcW",
  1139. "gdi32.dll.GetStockObject",
  1140. "kernel32.dll.GetUserDefaultUILanguage",
  1141. "user32.dll.RegisterClassW",
  1142. "user32.dll.CreateWindowExW",
  1143. "user32.dll.SetWindowLongW",
  1144. "user32.dll.GetWindowLongW",
  1145. "user32.dll.CallWindowProcW",
  1146. "user32.dll.GetClientRect",
  1147. "user32.dll.GetWindowRect",
  1148. "user32.dll.GetParent",
  1149. "kernel32.dll.DeactivateActCtx",
  1150. "kernel32.dll.GetSystemDefaultLCID",
  1151. "gdi32.dll.GetObjectW",
  1152. "user32.dll.GetDC",
  1153. "kernel32.dll.GetCurrentProcessId",
  1154. "kernel32.dll.FindAtomW",
  1155. "kernel32.dll.AddAtomW",
  1156. "mscoree.dll.LoadLibraryShim",
  1157. "gdiplus.dll.GdiplusStartup",
  1158. "user32.dll.GetWindowInfo",
  1159. "user32.dll.GetAncestor",
  1160. "user32.dll.GetMonitorInfoA",
  1161. "user32.dll.EnumDisplayMonitors",
  1162. "user32.dll.EnumDisplayDevicesA",
  1163. "gdi32.dll.ExtTextOutW",
  1164. "gdi32.dll.GdiIsMetaPrintDC",
  1165. "gdiplus.dll.GdipCreateFontFromLogfontW",
  1166. "kernel32.dll.RegOpenKeyExW",
  1167. "kernel32.dll.RegQueryInfoKeyA",
  1168. "kernel32.dll.RegCloseKey",
  1169. "kernel32.dll.RegCreateKeyExW",
  1170. "kernel32.dll.RegQueryValueExW",
  1171. "kernel32.dll.RegEnumValueW",
  1172. "kernel32.dll.RegQueryInfoKeyW",
  1173. "mscoree.dll.ND_RI2",
  1174. "mscoree.dll.ND_RU1",
  1175. "gdiplus.dll.GdipGetFontUnit",
  1176. "gdiplus.dll.GdipGetFontSize",
  1177. "gdiplus.dll.GdipGetFontStyle",
  1178. "gdiplus.dll.GdipGetFamily",
  1179. "user32.dll.ReleaseDC",
  1180. "gdiplus.dll.GdipCreateFromHDC",
  1181. "gdiplus.dll.GdipGetDpiY",
  1182. "gdiplus.dll.GdipGetFontHeight",
  1183. "gdiplus.dll.GdipGetEmHeight",
  1184. "gdiplus.dll.GdipGetLineSpacing",
  1185. "gdiplus.dll.GdipDeleteGraphics",
  1186. "gdiplus.dll.GdipCreateFont",
  1187. "gdiplus.dll.GdipDeleteFont",
  1188. "gdiplus.dll.GdipGetLogFontW",
  1189. "mscoree.dll.ND_WU1",
  1190. "gdi32.dll.CreateFontIndirectW",
  1191. "user32.dll.GetProcessWindowStation",
  1192. "user32.dll.GetUserObjectInformationA",
  1193. "kernel32.dll.SetConsoleCtrlHandler",
  1194. "user32.dll.GetClassInfoW",
  1195. "user32.dll.GetSysColor",
  1196. "gdi32.dll.CreateCompatibleDC",
  1197. "gdi32.dll.SelectObject",
  1198. "gdi32.dll.GetTextMetricsW",
  1199. "gdi32.dll.GetTextExtentPoint32W",
  1200. "gdi32.dll.DeleteDC",
  1201. "dwmapi.dll.DwmIsCompositionEnabled",
  1202. "user32.dll.SetWindowTextW",
  1203. "kernel32.dll.GetStartupInfoW",
  1204. "gdi32.dll.GetDeviceCaps",
  1205. "user32.dll.CreateIconFromResourceEx",
  1206. "user32.dll.SendMessageW",
  1207. "gdi32.dll.GetLayout",
  1208. "gdi32.dll.GdiRealizationInfo",
  1209. "gdi32.dll.FontIsLinked",
  1210. "gdi32.dll.GetTextFaceAliasW",
  1211. "gdi32.dll.GetFontAssocStatus",
  1212. "advapi32.dll.RegQueryValueExA",
  1213. "user32.dll.GetSystemMenu",
  1214. "user32.dll.GetWindowPlacement",
  1215. "user32.dll.EnableMenuItem",
  1216. "user32.dll.GetWindowTextLengthW",
  1217. "user32.dll.GetWindowTextW",
  1218. "user32.dll.SetWindowPos",
  1219. "user32.dll.RedrawWindow",
  1220. "user32.dll.ShowWindow",
  1221. "comctl32.dll.InitCommonControlsEx",
  1222. "uxtheme.dll.OpenThemeData",
  1223. "uxtheme.dll.GetThemeBool",
  1224. "uxtheme.dll.IsThemePartDefined",
  1225. "comctl32.dll.RegisterClassNameW",
  1226. "uxtheme.dll.GetThemeColor",
  1227. "uxtheme.dll.GetThemeMargins",
  1228. "uxtheme.dll.GetThemeFont",
  1229. "user32.dll.GetWindow",
  1230. "user32.dll.MapWindowPoints",
  1231. "user32.dll.InvalidateRect",
  1232. "imm32.dll.ImmIsIME",
  1233. "uxtheme.dll.EnableThemeDialogTexture",
  1234. "kernel32.dll.SwitchToThread",
  1235. "ole32.dll.CoUninitialize",
  1236. "ole32.dll.CoWaitForMultipleHandles",
  1237. "sechost.dll.LookupAccountNameLocalW",
  1238. "advapi32.dll.LookupAccountSidW",
  1239. "sechost.dll.LookupAccountSidLocalW",
  1240. "cryptsp.dll.CryptAcquireContextW",
  1241. "cryptsp.dll.CryptGenRandom",
  1242. "ole32.dll.NdrOleInitializeExtension",
  1243. "ole32.dll.CoGetClassObject",
  1244. "ole32.dll.CoGetMarshalSizeMax",
  1245. "ole32.dll.CoMarshalInterface",
  1246. "ole32.dll.CoUnmarshalInterface",
  1247. "ole32.dll.StringFromIID",
  1248. "ole32.dll.CoGetPSClsid",
  1249. "ole32.dll.CoCreateInstance",
  1250. "ole32.dll.CoReleaseMarshalData",
  1251. "ole32.dll.DcomChannelSetHResult",
  1252. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  1253. "kernel32.dll.SetErrorMode",
  1254. "kernel32.dll.GetFileAttributesExW",
  1255. "culture.dll.ConvertLangIdToCultureName",
  1256. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
  1257. "kernel32.dll.CloseHandle",
  1258. "advapi32.dll.LookupPrivilegeValueW",
  1259. "advapi32.dll.AdjustTokenPrivileges",
  1260. "kernel32.dll.OpenProcess",
  1261. "psapi.dll.EnumProcessModules",
  1262. "psapi.dll.GetModuleInformation",
  1263. "psapi.dll.GetModuleBaseNameW",
  1264. "psapi.dll.GetModuleFileNameExW",
  1265. "kernel32.dll.ReleaseMutex",
  1266. "kernel32.dll.CreateMutexW",
  1267. "kernel32.dll.GetExitCodeProcess",
  1268. "advapi32.dll.LookupPrivilegeValueA",
  1269. "advapi32.dll.GetKernelObjectSecurity",
  1270. "advapi32.dll.CreateWellKnownSid",
  1271. "advapi32.dll.SetKernelObjectSecurity",
  1272. "kernel32.dll.DeleteFileA",
  1273. "kernel32.dll.QueryPerformanceFrequency",
  1274. "kernel32.dll.QueryPerformanceCounter",
  1275. "kernel32.dll.GlobalMemoryStatusEx",
  1276. "shfolder.dll.SHGetFolderPathW",
  1277. "kernel32.dll.CreateDirectoryW",
  1278. "kernel32.dll.SetFileAttributesW",
  1279. "kernel32.dll.CopyFileW",
  1280. "advapi32.dll.RegSetValueExW",
  1281. "kernel32.dll.CreateProcessA",
  1282. "psapi.dll.EnumProcesses",
  1283. "kernel32.dll.GetThreadContext",
  1284. "kernel32.dll.ReadProcessMemory",
  1285. "kernel32.dll.VirtualAllocEx",
  1286. "kernel32.dll.WriteProcessMemory",
  1287. "kernel32.dll.SetThreadContext",
  1288. "kernel32.dll.ResumeThread",
  1289. "kernel32.dll.CreateFileW",
  1290. "kernel32.dll.GetFileType",
  1291. "kernel32.dll.GetFileSize",
  1292. "kernel32.dll.ReadFile",
  1293. "user32.dll.RegisterRawInputDevices",
  1294. "user32.dll.GetRawInputData"
  1295. ]
  1296.  
  1297. [*] Static Analysis: {
  1298. "dotnet": {
  1299. "customattrs": null,
  1300. "assemblyinfo": {
  1301. "version": "1.0.0.0",
  1302. "name": "NpmTaskRunner"
  1303. },
  1304. "assemblyrefs": [
  1305. {
  1306. "version": "2.0.0.0",
  1307. "name": "mscorlib"
  1308. },
  1309. {
  1310. "version": "2.0.0.0",
  1311. "name": "System.Windows.Forms"
  1312. },
  1313. {
  1314. "version": "2.0.0.0",
  1315. "name": "System"
  1316. },
  1317. {
  1318. "version": "2.0.0.0",
  1319. "name": "System.Drawing"
  1320. }
  1321. ],
  1322. "typerefs": [
  1323. {
  1324. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  1325. "assembly": "System"
  1326. },
  1327. {
  1328. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  1329. "assembly": "System"
  1330. },
  1331. {
  1332. "typename": "System.ComponentModel.EditorBrowsableState",
  1333. "assembly": "System"
  1334. },
  1335. {
  1336. "typename": "System.ComponentModel.IContainer",
  1337. "assembly": "System"
  1338. },
  1339. {
  1340. "typename": "System.Configuration.ApplicationSettingsBase",
  1341. "assembly": "System"
  1342. },
  1343. {
  1344. "typename": "System.Configuration.SettingsBase",
  1345. "assembly": "System"
  1346. },
  1347. {
  1348. "typename": "System.Drawing.Point",
  1349. "assembly": "System.Drawing"
  1350. },
  1351. {
  1352. "typename": "System.Drawing.Size",
  1353. "assembly": "System.Drawing"
  1354. },
  1355. {
  1356. "typename": "System.Drawing.SizeF",
  1357. "assembly": "System.Drawing"
  1358. },
  1359. {
  1360. "typename": "System.Windows.Forms.Application",
  1361. "assembly": "System.Windows.Forms"
  1362. },
  1363. {
  1364. "typename": "System.Windows.Forms.AutoScaleMode",
  1365. "assembly": "System.Windows.Forms"
  1366. },
  1367. {
  1368. "typename": "System.Windows.Forms.Button",
  1369. "assembly": "System.Windows.Forms"
  1370. },
  1371. {
  1372. "typename": "System.Windows.Forms.ButtonBase",
  1373. "assembly": "System.Windows.Forms"
  1374. },
  1375. {
  1376. "typename": "System.Windows.Forms.CommonDialog",
  1377. "assembly": "System.Windows.Forms"
  1378. },
  1379. {
  1380. "typename": "System.Windows.Forms.ContainerControl",
  1381. "assembly": "System.Windows.Forms"
  1382. },
  1383. {
  1384. "typename": "System.Windows.Forms.Control",
  1385. "assembly": "System.Windows.Forms"
  1386. },
  1387. {
  1388. "typename": "System.Windows.Forms.Control/ControlCollection",
  1389. "assembly": "System.Windows.Forms"
  1390. },
  1391. {
  1392. "typename": "System.Windows.Forms.DialogResult",
  1393. "assembly": "System.Windows.Forms"
  1394. },
  1395. {
  1396. "typename": "System.Windows.Forms.FileDialog",
  1397. "assembly": "System.Windows.Forms"
  1398. },
  1399. {
  1400. "typename": "System.Windows.Forms.Form",
  1401. "assembly": "System.Windows.Forms"
  1402. },
  1403. {
  1404. "typename": "System.Windows.Forms.GroupBox",
  1405. "assembly": "System.Windows.Forms"
  1406. },
  1407. {
  1408. "typename": "System.Windows.Forms.ListView",
  1409. "assembly": "System.Windows.Forms"
  1410. },
  1411. {
  1412. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  1413. "assembly": "System.Windows.Forms"
  1414. },
  1415. {
  1416. "typename": "System.Windows.Forms.ListViewItem",
  1417. "assembly": "System.Windows.Forms"
  1418. },
  1419. {
  1420. "typename": "System.Windows.Forms.OpenFileDialog",
  1421. "assembly": "System.Windows.Forms"
  1422. },
  1423. {
  1424. "typename": "System.Windows.Forms.TextBox",
  1425. "assembly": "System.Windows.Forms"
  1426. },
  1427. {
  1428. "typename": "System.Action`1",
  1429. "assembly": "mscorlib"
  1430. },
  1431. {
  1432. "typename": "System.Activator",
  1433. "assembly": "mscorlib"
  1434. },
  1435. {
  1436. "typename": "System.ArgumentNullException",
  1437. "assembly": "mscorlib"
  1438. },
  1439. {
  1440. "typename": "System.Array",
  1441. "assembly": "mscorlib"
  1442. },
  1443. {
  1444. "typename": "System.Attribute",
  1445. "assembly": "mscorlib"
  1446. },
  1447. {
  1448. "typename": "System.BadImageFormatException",
  1449. "assembly": "mscorlib"
  1450. },
  1451. {
  1452. "typename": "System.Byte",
  1453. "assembly": "mscorlib"
  1454. },
  1455. {
  1456. "typename": "System.Collections.DictionaryEntry",
  1457. "assembly": "mscorlib"
  1458. },
  1459. {
  1460. "typename": "System.Collections.Generic.Dictionary`2",
  1461. "assembly": "mscorlib"
  1462. },
  1463. {
  1464. "typename": "System.Collections.Generic.IEnumerable`1",
  1465. "assembly": "mscorlib"
  1466. },
  1467. {
  1468. "typename": "System.Collections.Generic.IEnumerator`1",
  1469. "assembly": "mscorlib"
  1470. },
  1471. {
  1472. "typename": "System.Collections.Generic.List`1",
  1473. "assembly": "mscorlib"
  1474. },
  1475. {
  1476. "typename": "System.Collections.Generic.List`1/Enumerator",
  1477. "assembly": "mscorlib"
  1478. },
  1479. {
  1480. "typename": "System.Collections.ICollection",
  1481. "assembly": "mscorlib"
  1482. },
  1483. {
  1484. "typename": "System.Collections.IDictionaryEnumerator",
  1485. "assembly": "mscorlib"
  1486. },
  1487. {
  1488. "typename": "System.Collections.IEnumerable",
  1489. "assembly": "mscorlib"
  1490. },
  1491. {
  1492. "typename": "System.Collections.IEnumerator",
  1493. "assembly": "mscorlib"
  1494. },
  1495. {
  1496. "typename": "System.Collections.IList",
  1497. "assembly": "mscorlib"
  1498. },
  1499. {
  1500. "typename": "System.Delegate",
  1501. "assembly": "mscorlib"
  1502. },
  1503. {
  1504. "typename": "System.Diagnostics.DebuggableAttribute",
  1505. "assembly": "mscorlib"
  1506. },
  1507. {
  1508. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  1509. "assembly": "mscorlib"
  1510. },
  1511. {
  1512. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  1513. "assembly": "mscorlib"
  1514. },
  1515. {
  1516. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  1517. "assembly": "mscorlib"
  1518. },
  1519. {
  1520. "typename": "System.Environment",
  1521. "assembly": "mscorlib"
  1522. },
  1523. {
  1524. "typename": "System.EventArgs",
  1525. "assembly": "mscorlib"
  1526. },
  1527. {
  1528. "typename": "System.EventHandler",
  1529. "assembly": "mscorlib"
  1530. },
  1531. {
  1532. "typename": "System.Globalization.CultureInfo",
  1533. "assembly": "mscorlib"
  1534. },
  1535. {
  1536. "typename": "System.IDisposable",
  1537. "assembly": "mscorlib"
  1538. },
  1539. {
  1540. "typename": "System.IO.MemoryStream",
  1541. "assembly": "mscorlib"
  1542. },
  1543. {
  1544. "typename": "System.IO.SeekOrigin",
  1545. "assembly": "mscorlib"
  1546. },
  1547. {
  1548. "typename": "System.IO.Stream",
  1549. "assembly": "mscorlib"
  1550. },
  1551. {
  1552. "typename": "System.IO.StreamReader",
  1553. "assembly": "mscorlib"
  1554. },
  1555. {
  1556. "typename": "System.IO.TextReader",
  1557. "assembly": "mscorlib"
  1558. },
  1559. {
  1560. "typename": "System.NotSupportedException",
  1561. "assembly": "mscorlib"
  1562. },
  1563. {
  1564. "typename": "System.Object",
  1565. "assembly": "mscorlib"
  1566. },
  1567. {
  1568. "typename": "System.Predicate`1",
  1569. "assembly": "mscorlib"
  1570. },
  1571. {
  1572. "typename": "System.Random",
  1573. "assembly": "mscorlib"
  1574. },
  1575. {
  1576. "typename": "System.Reflection.Assembly",
  1577. "assembly": "mscorlib"
  1578. },
  1579. {
  1580. "typename": "System.Reflection.AssemblyCompanyAttribute",
  1581. "assembly": "mscorlib"
  1582. },
  1583. {
  1584. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  1585. "assembly": "mscorlib"
  1586. },
  1587. {
  1588. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  1589. "assembly": "mscorlib"
  1590. },
  1591. {
  1592. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  1593. "assembly": "mscorlib"
  1594. },
  1595. {
  1596. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  1597. "assembly": "mscorlib"
  1598. },
  1599. {
  1600. "typename": "System.Reflection.AssemblyProductAttribute",
  1601. "assembly": "mscorlib"
  1602. },
  1603. {
  1604. "typename": "System.Reflection.AssemblyTitleAttribute",
  1605. "assembly": "mscorlib"
  1606. },
  1607. {
  1608. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  1609. "assembly": "mscorlib"
  1610. },
  1611. {
  1612. "typename": "System.Resources.ResourceManager",
  1613. "assembly": "mscorlib"
  1614. },
  1615. {
  1616. "typename": "System.Resources.ResourceSet",
  1617. "assembly": "mscorlib"
  1618. },
  1619. {
  1620. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1621. "assembly": "mscorlib"
  1622. },
  1623. {
  1624. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1625. "assembly": "mscorlib"
  1626. },
  1627. {
  1628. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1629. "assembly": "mscorlib"
  1630. },
  1631. {
  1632. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1633. "assembly": "mscorlib"
  1634. },
  1635. {
  1636. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1637. "assembly": "mscorlib"
  1638. },
  1639. {
  1640. "typename": "System.RuntimeTypeHandle",
  1641. "assembly": "mscorlib"
  1642. },
  1643. {
  1644. "typename": "System.STAThreadAttribute",
  1645. "assembly": "mscorlib"
  1646. },
  1647. {
  1648. "typename": "System.Security.UnverifiableCodeAttribute",
  1649. "assembly": "mscorlib"
  1650. },
  1651. {
  1652. "typename": "System.Threading.Monitor",
  1653. "assembly": "mscorlib"
  1654. },
  1655. {
  1656. "typename": "System.Threading.Thread",
  1657. "assembly": "mscorlib"
  1658. },
  1659. {
  1660. "typename": "System.Threading.ThreadStart",
  1661. "assembly": "mscorlib"
  1662. },
  1663. {
  1664. "typename": "System.Type",
  1665. "assembly": "mscorlib"
  1666. }
  1667. ]
  1668. },
  1669. "pe": {
  1670. "peid_signatures": null,
  1671. "imports": [
  1672. {
  1673. "imports": [
  1674. {
  1675. "name": "_CorExeMain",
  1676. "address": "0x402000"
  1677. }
  1678. ],
  1679. "dll": "mscoree.dll"
  1680. }
  1681. ],
  1682. "digital_signers": null,
  1683. "exported_dll_name": null,
  1684. "actual_checksum": "0x000643a0",
  1685. "overlay": null,
  1686. "imagebase": "0x00400000",
  1687. "reported_checksum": "0x000643a0",
  1688. "icon_hash": null,
  1689. "entrypoint": "0x004583ce",
  1690. "timestamp": "2019-06-09 13:20:02",
  1691. "osversion": "4.0",
  1692. "sections": [
  1693. {
  1694. "name": ".text",
  1695. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1696. "virtual_address": "0x00002000",
  1697. "size_of_data": "0x00056400",
  1698. "entropy": "7.58",
  1699. "raw_address": "0x00000200",
  1700. "virtual_size": "0x000563d4",
  1701. "characteristics_raw": "0x60000020"
  1702. },
  1703. {
  1704. "name": ".rsrc",
  1705. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1706. "virtual_address": "0x0005a000",
  1707. "size_of_data": "0x00000600",
  1708. "entropy": "4.17",
  1709. "raw_address": "0x00056600",
  1710. "virtual_size": "0x000005e0",
  1711. "characteristics_raw": "0x40000040"
  1712. },
  1713. {
  1714. "name": ".reloc",
  1715. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1716. "virtual_address": "0x0005c000",
  1717. "size_of_data": "0x00000200",
  1718. "entropy": "0.10",
  1719. "raw_address": "0x00056c00",
  1720. "virtual_size": "0x0000000c",
  1721. "characteristics_raw": "0x42000040"
  1722. }
  1723. ],
  1724. "resources": [],
  1725. "dirents": [
  1726. {
  1727. "virtual_address": "0x00000000",
  1728. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1729. "size": "0x00000000"
  1730. },
  1731. {
  1732. "virtual_address": "0x00058380",
  1733. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1734. "size": "0x0000004b"
  1735. },
  1736. {
  1737. "virtual_address": "0x0005a000",
  1738. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1739. "size": "0x000005e0"
  1740. },
  1741. {
  1742. "virtual_address": "0x00000000",
  1743. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1744. "size": "0x00000000"
  1745. },
  1746. {
  1747. "virtual_address": "0x00000000",
  1748. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1749. "size": "0x00000000"
  1750. },
  1751. {
  1752. "virtual_address": "0x0005c000",
  1753. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1754. "size": "0x0000000c"
  1755. },
  1756. {
  1757. "virtual_address": "0x00000000",
  1758. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1759. "size": "0x00000000"
  1760. },
  1761. {
  1762. "virtual_address": "0x00000000",
  1763. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1764. "size": "0x00000000"
  1765. },
  1766. {
  1767. "virtual_address": "0x00000000",
  1768. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1769. "size": "0x00000000"
  1770. },
  1771. {
  1772. "virtual_address": "0x00000000",
  1773. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1774. "size": "0x00000000"
  1775. },
  1776. {
  1777. "virtual_address": "0x00000000",
  1778. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1779. "size": "0x00000000"
  1780. },
  1781. {
  1782. "virtual_address": "0x00000000",
  1783. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1784. "size": "0x00000000"
  1785. },
  1786. {
  1787. "virtual_address": "0x00002000",
  1788. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1789. "size": "0x00000008"
  1790. },
  1791. {
  1792. "virtual_address": "0x00000000",
  1793. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1794. "size": "0x00000000"
  1795. },
  1796. {
  1797. "virtual_address": "0x00002008",
  1798. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1799. "size": "0x00000048"
  1800. },
  1801. {
  1802. "virtual_address": "0x00000000",
  1803. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1804. "size": "0x00000000"
  1805. }
  1806. ],
  1807. "exports": [],
  1808. "guest_signers": {},
  1809. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1810. "icon_fuzzy": null,
  1811. "icon": null,
  1812. "pdbpath": null,
  1813. "imported_dll_count": 1,
  1814. "versioninfo": []
  1815. }
  1816. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!