Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_4ff217cd.exe"
- [*] File Size: 355840
- [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
- [*] SHA256: "407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010"
- [*] MD5: "6b20559ddfc38ecaff9a92ef76d7f5d6"
- [*] SHA1: "d4658c9a119729e8b24cfe4c042dbee2760a1c7e"
- [*] SHA512: "58013ac1c2d71acc63d0b2534e271b508093c17892732c0661f8118e808e036c05f51d0d79b72f01cfcd5a8838a957da5b15271bfca7b9f5806dcfd7480b63d3"
- [*] CRC32: "4FF217CD"
- [*] SSDEEP: "6144:YF4n3T7bqP8m3k3uAC3CS2KJ0Juxh/IycOzaaHJ68ximXrAlgFI8FGeeQOKcr:Yan3T72tKC3CS2CXJcOeaU8xi5V8F"
- [*] Process Execution: [
- "Exes_4ff217cd.exe",
- "Exes_4ff217cd.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "197.210.60.176:5552"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "Exes_4ff217cd.exe tried to sleep 820 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "Exes_4ff217cd.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe"
- },
- {
- "url": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .text, entropy: 7.58, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00056400, virtual_size: 0x000563d4"
- }
- ]
- },
- {
- "Description": "Attempts to remove evidence of file being downloaded from the Internet",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe:Zone.Identifier"
- }
- ]
- },
- {
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details": [
- {
- "Injection": "Exes_4ff217cd.exe(1136) -> Exes_4ff217cd.exe(1772)"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
- },
- {
- "data": "\"C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe\",explorer.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
- }
- ]
- },
- {
- "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "FireEye": "Generic.mg.6b20559ddfc38eca"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "CrowdStrike": "win/malicious_confidence_80% (D)"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "Symantec": "ML.Attribute.HighConfidence"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "GData": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Kaspersky": "HEUR:Trojan.MSIL.APosT.gen"
- },
- {
- "BitDefender": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Tencent": "Win32.Trojan.Inject.Auto"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Emsisoft": "Gen:Variant.MSILPerseus.189870 (B)"
- },
- {
- "F-Secure": "Heuristic.HEUR/AGEN.1035809"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.fc"
- },
- {
- "Trapmine": "malicious.moderate.ml.score"
- },
- {
- "Avira": "HEUR/AGEN.1035809"
- },
- {
- "MAX": "malware (ai score=83)"
- },
- {
- "Microsoft": "Trojan:Win32/Genasep.A"
- },
- {
- "Arcabit": "Trojan.MSILPerseus.D2E5AE"
- },
- {
- "ZoneAlarm": "HEUR:Trojan.MSIL.APosT.gen"
- },
- {
- "ESET-NOD32": "a variant of MSIL/Kryptik.QME"
- },
- {
- "Ad-Aware": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Rising": "Trojan.Generic!8.C3 (TFE:C:4Z7h57iZN6F)"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "Webroot": "W32.Malware.Gen"
- },
- {
- "AVG": "FileRepMetagen [Malware]"
- },
- {
- "Cybereason": "malicious.a11972"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "Qihoo-360": "HEUR/QVM03.0.D681.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe\""
- ]
- [*] Mutexes: [
- "Global\\CLR_PerfMon_WrapMutex",
- "Global\\CLR_CASOFF_MUTEX",
- "17B4580626B0CC38D4E5E2CEE8453500",
- "-"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
- "C:\\Users\\user\\AppData\\Roaming\\0hN5416i5n3doh1U\\IrSGxMtKEFwy.exe"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4ff217cd.exe:Zone.Identifier"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "info1.nowddns.com",
- "answers": [
- {
- "data": "197.210.60.176",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "197.210.60.176",
- "domain": "info1.nowddns.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=0-6825\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=6826-16126\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=16127-25295\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=25296-34292\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=34293-54223\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=54224-96085\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=96086-182941\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=182942-360143\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=360144-716809\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=716810-1433630\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=1433631-2871276\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=2871277-5750717\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=5750718-11529539\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=11529540-23107972\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560480271&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=23107973-30355199\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "NpmTaskRunner"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Button",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ButtonBase",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CommonDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control/ControlCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.DialogResult",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.FileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.GroupBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListViewItem",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.OpenFileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.TextBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Action`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentNullException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Attribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BadImageFormatException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.DictionaryEntry",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerator`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ICollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IDictionaryEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IList",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SeekOrigin",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.TextReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.NotSupportedException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Predicate`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyConfigurationAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceSet",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.UnverifiableCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000643a0",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000643a0",
- "icon_hash": null,
- "entrypoint": "0x004583ce",
- "timestamp": "2019-06-09 13:20:02",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00056400",
- "entropy": "7.58",
- "raw_address": "0x00000200",
- "virtual_size": "0x000563d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0005a000",
- "size_of_data": "0x00000600",
- "entropy": "4.17",
- "raw_address": "0x00056600",
- "virtual_size": "0x000005e0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0005c000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00056c00",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00058380",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000004b"
- },
- {
- "virtual_address": "0x0005a000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000005e0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0005c000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.IsProcessorFeaturePresent",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll._CorExeMain",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "ole32.dll.CoInitializeEx",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.GetVersionExW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "mscorjit.dll.getJit",
- "uxtheme.dll.IsAppThemed",
- "kernel32.dll.CreateActCtxA",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "user32.dll.RegisterWindowMessageW",
- "user32.dll.GetSystemMetrics",
- "user32.dll.AdjustWindowRectEx",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.GetCurrentActCtx",
- "kernel32.dll.ActivateActCtx",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.GetProcAddress",
- "user32.dll.DefWindowProcW",
- "gdi32.dll.GetStockObject",
- "kernel32.dll.GetUserDefaultUILanguage",
- "user32.dll.RegisterClassW",
- "user32.dll.CreateWindowExW",
- "user32.dll.SetWindowLongW",
- "user32.dll.GetWindowLongW",
- "user32.dll.CallWindowProcW",
- "user32.dll.GetClientRect",
- "user32.dll.GetWindowRect",
- "user32.dll.GetParent",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.GetSystemDefaultLCID",
- "gdi32.dll.GetObjectW",
- "user32.dll.GetDC",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.FindAtomW",
- "kernel32.dll.AddAtomW",
- "mscoree.dll.LoadLibraryShim",
- "gdiplus.dll.GdiplusStartup",
- "user32.dll.GetWindowInfo",
- "user32.dll.GetAncestor",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.EnumDisplayDevicesA",
- "gdi32.dll.ExtTextOutW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "gdiplus.dll.GdipCreateFontFromLogfontW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegQueryInfoKeyA",
- "kernel32.dll.RegCloseKey",
- "kernel32.dll.RegCreateKeyExW",
- "kernel32.dll.RegQueryValueExW",
- "kernel32.dll.RegEnumValueW",
- "kernel32.dll.RegQueryInfoKeyW",
- "mscoree.dll.ND_RI2",
- "mscoree.dll.ND_RU1",
- "gdiplus.dll.GdipGetFontUnit",
- "gdiplus.dll.GdipGetFontSize",
- "gdiplus.dll.GdipGetFontStyle",
- "gdiplus.dll.GdipGetFamily",
- "user32.dll.ReleaseDC",
- "gdiplus.dll.GdipCreateFromHDC",
- "gdiplus.dll.GdipGetDpiY",
- "gdiplus.dll.GdipGetFontHeight",
- "gdiplus.dll.GdipGetEmHeight",
- "gdiplus.dll.GdipGetLineSpacing",
- "gdiplus.dll.GdipDeleteGraphics",
- "gdiplus.dll.GdipCreateFont",
- "gdiplus.dll.GdipDeleteFont",
- "gdiplus.dll.GdipGetLogFontW",
- "mscoree.dll.ND_WU1",
- "gdi32.dll.CreateFontIndirectW",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.GetUserObjectInformationA",
- "kernel32.dll.SetConsoleCtrlHandler",
- "user32.dll.GetClassInfoW",
- "user32.dll.GetSysColor",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.SelectObject",
- "gdi32.dll.GetTextMetricsW",
- "gdi32.dll.GetTextExtentPoint32W",
- "gdi32.dll.DeleteDC",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "user32.dll.SetWindowTextW",
- "kernel32.dll.GetStartupInfoW",
- "gdi32.dll.GetDeviceCaps",
- "user32.dll.CreateIconFromResourceEx",
- "user32.dll.SendMessageW",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "gdi32.dll.GetTextFaceAliasW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "user32.dll.GetSystemMenu",
- "user32.dll.GetWindowPlacement",
- "user32.dll.EnableMenuItem",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.GetWindowTextW",
- "user32.dll.SetWindowPos",
- "user32.dll.RedrawWindow",
- "user32.dll.ShowWindow",
- "comctl32.dll.InitCommonControlsEx",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.GetThemeBool",
- "uxtheme.dll.IsThemePartDefined",
- "comctl32.dll.RegisterClassNameW",
- "uxtheme.dll.GetThemeColor",
- "uxtheme.dll.GetThemeMargins",
- "uxtheme.dll.GetThemeFont",
- "user32.dll.GetWindow",
- "user32.dll.MapWindowPoints",
- "user32.dll.InvalidateRect",
- "imm32.dll.ImmIsIME",
- "uxtheme.dll.EnableThemeDialogTexture",
- "kernel32.dll.SwitchToThread",
- "ole32.dll.CoUninitialize",
- "ole32.dll.CoWaitForMultipleHandles",
- "sechost.dll.LookupAccountNameLocalW",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "culture.dll.ConvertLangIdToCultureName",
- "bcrypt.dll.BCryptGetFipsAlgorithmMode",
- "kernel32.dll.CloseHandle",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.OpenProcess",
- "psapi.dll.EnumProcessModules",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.GetModuleFileNameExW",
- "kernel32.dll.ReleaseMutex",
- "kernel32.dll.CreateMutexW",
- "kernel32.dll.GetExitCodeProcess",
- "advapi32.dll.LookupPrivilegeValueA",
- "advapi32.dll.GetKernelObjectSecurity",
- "advapi32.dll.CreateWellKnownSid",
- "advapi32.dll.SetKernelObjectSecurity",
- "kernel32.dll.DeleteFileA",
- "kernel32.dll.QueryPerformanceFrequency",
- "kernel32.dll.QueryPerformanceCounter",
- "kernel32.dll.GlobalMemoryStatusEx",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.CopyFileW",
- "advapi32.dll.RegSetValueExW",
- "kernel32.dll.CreateProcessA",
- "psapi.dll.EnumProcesses",
- "kernel32.dll.GetThreadContext",
- "kernel32.dll.ReadProcessMemory",
- "kernel32.dll.VirtualAllocEx",
- "kernel32.dll.WriteProcessMemory",
- "kernel32.dll.SetThreadContext",
- "kernel32.dll.ResumeThread",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "user32.dll.RegisterRawInputDevices",
- "user32.dll.GetRawInputData"
- ]
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "NpmTaskRunner"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Button",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ButtonBase",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CommonDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control/ControlCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.DialogResult",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.FileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.GroupBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListViewItem",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.OpenFileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.TextBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Action`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentNullException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Attribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BadImageFormatException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.DictionaryEntry",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerator`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ICollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IDictionaryEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IList",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SeekOrigin",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.TextReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.NotSupportedException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Predicate`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyConfigurationAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceSet",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.UnverifiableCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000643a0",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000643a0",
- "icon_hash": null,
- "entrypoint": "0x004583ce",
- "timestamp": "2019-06-09 13:20:02",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00056400",
- "entropy": "7.58",
- "raw_address": "0x00000200",
- "virtual_size": "0x000563d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0005a000",
- "size_of_data": "0x00000600",
- "entropy": "4.17",
- "raw_address": "0x00056600",
- "virtual_size": "0x000005e0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0005c000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00056c00",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00058380",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000004b"
- },
- {
- "virtual_address": "0x0005a000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000005e0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0005c000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement