Exes_df973feb_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_df973feb.exe"
7. [*] File Size: 280576
8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
9. [*] SHA256: "fa33ae68769fa9d7df3409a764f693911d203001568f8c6b9fe31a3fa6128d4b"
10. [*] MD5: "7886893386697fe2941bed26704c783b"
11. [*] SHA1: "015854b47ee996a5bd7cdfdf5f20e5abc97c7b07"
12. [*] SHA512: "6f6ac6f8c46bd01c2ee8db399c9c11248047bb758c1654c02fabcc099c9b3c4b045ebae6234d994d2505394b73e40329bc991947004c42c582cf74330846b12e"
13. [*] CRC32: "DF973FEB"
14. [*] SSDEEP: "6144:gnv7glxE7TIXuMJzGwDqj0HXJ+KSc68wmbgM1+YpkmZqsbte:gnim7jMNGwDqj0HZq8wW1+Y7"
15.  
16. [*] Process Execution: [
17. "Exes_df973feb.exe",
18. "services.exe",
19. "svchost.exe",
20. "WmiPrvSE.exe",
21. "svchost.exe",
22. "svchost.exe",
23. "WMIADAP.exe",
24. "GoogleUpdate.exe",
25. "taskhost.exe",
26. "svchost.exe"
27. ]
28.  
29. [*] Signatures Detected: [
30. {
31. "Description": "Creates RWX memory",
32. "Details": []
33. },
34. {
35. "Description": "Anomalous .NET characteristics",
36. "Details": [
37. {
38. "anomalous_version": "Assembly version is set to 0"
39. }
40. ]
41. },
42. {
43. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
44. "Details": [
45. {
46. "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 16718809 times"
47. }
48. ]
49. },
50. {
51. "Description": "File has been identified by 52 Antiviruses on VirusTotal as malicious",
52. "Details": [
53. {
54. "MicroWorld-eScan": "Gen:Variant.Razy.490164"
55. },
56. {
57. "CAT-QuickHeal": "TrojanSpy.MSIL"
58. },
59. {
60. "Qihoo-360": "Win32/Trojan.Spy.0f3"
61. },
62. {
63. "McAfee": "GenericRXHJ-HR!788689338669"
64. },
65. {
66. "Cylance": "Unsafe"
67. },
68. {
69. "K7AntiVirus": "Spyware ( 004bf53c1 )"
70. },
71. {
72. "Alibaba": "TrojanSpy:MSIL/Agent.1fe1a8ef"
73. },
74. {
75. "K7GW": "Spyware ( 004bf53c1 )"
76. },
77. {
78. "Cybereason": "malicious.386697"
79. },
80. {
81. "TrendMicro": "TROJ_GEN.R002C0DF319"
82. },
83. {
84. "Cyren": "W32/Trojan.ZIAR-6311"
85. },
86. {
87. "Symantec": "Trojan.Gen.MBT"
88. },
89. {
90. "APEX": "Malicious"
91. },
92. {
93. "Paloalto": "generic.ml"
94. },
95. {
96. "ClamAV": "Win.Malware.Razy-6952874-0"
97. },
98. {
99. "Kaspersky": "Trojan-Spy.MSIL.Agent.tfqt"
100. },
101. {
102. "BitDefender": "Gen:Variant.Razy.490164"
103. },
104. {
105. "NANO-Antivirus": "Trojan.Win32.Stealer.fqxtrl"
106. },
107. {
108. "ViRobot": "Trojan.Win32.Z.Razy.280576.AG"
109. },
110. {
111. "AegisLab": "Trojan.MSIL.Agent.4!c"
112. },
113. {
114. "Rising": "Spyware.Agent!8.C6 (TFE:dGZlOg2Qz2WhGNYTrQ)"
115. },
116. {
117. "Endgame": "malicious (high confidence)"
118. },
119. {
120. "Sophos": "Mal/Generic-S"
121. },
122. {
123. "F-Secure": "Trojan.TR/Spy.Agent.lkofd"
124. },
125. {
126. "DrWeb": "Trojan.PWS.Stealer.19347"
127. },
128. {
129. "Invincea": "heuristic"
130. },
131. {
132. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.dh"
133. },
134. {
135. "Trapmine": "malicious.moderate.ml.score"
136. },
137. {
138. "FireEye": "Generic.mg.7886893386697fe2"
139. },
140. {
141. "Emsisoft": "Gen:Variant.Razy.490164 (B)"
142. },
143. {
144. "Ikarus": "Trojan-Spy.Keylogger.AgentTesla"
145. },
146. {
147. "Avira": "TR/Spy.Agent.lkofd"
148. },
149. {
150. "MAX": "malware (ai score=100)"
151. },
152. {
153. "Microsoft": "PWS:Win32/AgentTesla.YB!MTB"
154. },
155. {
156. "Arcabit": "Trojan.Razy.D77AB4"
157. },
158. {
159. "ZoneAlarm": "Trojan-Spy.MSIL.Agent.tfqt"
160. },
161. {
162. "GData": "Win32.Trojan-Stealer.Brilik.5FUM1D"
163. },
164. {
165. "ESET-NOD32": "a variant of MSIL/Spy.Agent.AES"
166. },
167. {
168. "VBA32": "TScope.Trojan.MSIL"
169. },
170. {
171. "ALYac": "Gen:Variant.Razy.490164"
172. },
173. {
174. "Ad-Aware": "Gen:Variant.Razy.490164"
175. },
176. {
177. "Malwarebytes": "Spyware.PasswordStealer.MSIL.Generic"
178. },
179. {
180. "Panda": "Trj/GdSda.A"
181. },
182. {
183. "TrendMicro-HouseCall": "TROJ_GEN.R002C0DF319"
184. },
185. {
186. "Tencent": "Msil.Trojan-spy.Agent.Aisc"
187. },
188. {
189. "Yandex": "TrojanSpy.Agent!/QVdvg0yv6k"
190. },
191. {
192. "SentinelOne": "DFI - Malicious PE"
193. },
194. {
195. "Fortinet": "MSIL/Stealer.AGI!tr"
196. },
197. {
198. "AVG": "MSIL:IELib-A [Trj]"
199. },
200. {
201. "Avast": "MSIL:IELib-A [Trj]"
202. },
203. {
204. "CrowdStrike": "win/malicious_confidence_100% (W)"
205. },
206. {
207. "MaxSecure": "Trojan.Malware.74168226.susgen"
208. }
209. ]
210. }
211. ]
212.  
213. [*] Started Service: [
214. "Winmgmt",
215. "gupdate"
216. ]
217.  
218. [*] Executed Commands: [
219. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
220. "C:\\Windows\\system32\\svchost.exe -k netsvcs",
221. "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /svc",
222. "taskhost.exe $(Arg0)",
223. "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup"
224. ]
225.  
226. [*] Mutexes: [
227. "Global\\CLR_CASOFF_MUTEX",
228. "Global\\ADAP_WMI_ENTRY",
229. "Global\\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}",
230. "Global\\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}",
231. "Global\\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}",
232. "Global\\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}"
233. ]
234.  
235. [*] Modified Files: [
236. "\\??\\PIPE\\samr",
237. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
238. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
239. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
240. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
241. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
242. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
243. "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
244. "C:\\Windows\\sysnative\\LogFiles\\Scm\\dd615e11-0917-41c8-bd35-0c672ca00d45",
245. "\\??\\WMIDataDevice",
246. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
247. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
248. "\\??\\PIPE\\wkssvc",
249. "\\??\\pipe\\GoogleCrashServices\\S-1-5-18"
250. ]
251.  
252. [*] Deleted Files: [
253. "C:\\Program Files (x86)\\Google\\Update\\Install\\{5E6C534E-BEB0-496F-AC30-74975E59C356}\\74.0.3729.169_73.0.3683.86_chrome_updater.exe",
254. "C:\\Program Files (x86)\\Google\\Update\\Install\\{5E6C534E-BEB0-496F-AC30-74975E59C356}"
255. ]
256.  
257. [*] Modified Registry Keys: [
258. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
259. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
260. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
261. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
262. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
263. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
264. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
265. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gupdate\\Type",
266. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
267. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID",
268. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ThrottleDrege",
269. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Parameters\\ServiceDllUnloadOnStop",
270. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStopMissed",
271. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
272. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{85A15855-1A90-4279-B579-BD845731958C}",
273. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{85A15855-1A90-4279-B579-BD845731958C}\\PersistedPingString",
274. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{85A15855-1A90-4279-B579-BD845731958C}\\PersistedPingTime",
275. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\pv",
276. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\pv",
277. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState",
278. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue"
279. ]
280.  
281. [*] Deleted Registry Keys: [
282. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\uid",
283. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\old-uid"
284. ]
285.  
286. [*] DNS Communications: []
287.  
288. [*] Domains: []
289.  
290. [*] Network Communication - ICMP: []
291.  
292. [*] Network Communication - HTTP: []
293.  
294. [*] Network Communication - SMTP: []
295.  
296. [*] Network Communication - Hosts: []
297.  
298. [*] Network Communication - IRC: []
299.  
300. [*] Static Analysis: {
301. "dotnet": {
302. "customattrs": null,
303. "assemblyinfo": {
304. "version": "0.0.0.0",
305. "name": "OXRHDHVVKIWVLSWWRJFMDYNFQVWQCJUUIDNTZFVC_20190603003432899"
306. },
307. "assemblyrefs": [
308. {
309. "version": "2.0.0.0",
310. "name": "mscorlib"
311. },
312. {
313. "version": "8.0.0.0",
314. "name": "Microsoft.VisualBasic"
315. },
316. {
317. "version": "2.0.0.0",
318. "name": "System.Drawing"
319. },
320. {
321. "version": "2.0.0.0",
322. "name": "System"
323. },
324. {
325. "version": "2.0.0.0",
326. "name": "System.Windows.Forms"
327. },
328. {
329. "version": "2.0.0.0",
330. "name": "System.Management"
331. },
332. {
333. "version": "2.0.0.0",
334. "name": "System.Security"
335. }
336. ],
337. "typerefs": [
338. {
339. "typename": "Microsoft.VisualBasic.AppWinStyle",
340. "assembly": "Microsoft.VisualBasic"
341. },
342. {
343. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
344. "assembly": "Microsoft.VisualBasic"
345. },
346. {
347. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
348. "assembly": "Microsoft.VisualBasic"
349. },
350. {
351. "typename": "Microsoft.VisualBasic.CompareMethod",
352. "assembly": "Microsoft.VisualBasic"
353. },
354. {
355. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
356. "assembly": "Microsoft.VisualBasic"
357. },
358. {
359. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
360. "assembly": "Microsoft.VisualBasic"
361. },
362. {
363. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
364. "assembly": "Microsoft.VisualBasic"
365. },
366. {
367. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
368. "assembly": "Microsoft.VisualBasic"
369. },
370. {
371. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
372. "assembly": "Microsoft.VisualBasic"
373. },
374. {
375. "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
376. "assembly": "Microsoft.VisualBasic"
377. },
378. {
379. "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
380. "assembly": "Microsoft.VisualBasic"
381. },
382. {
383. "typename": "Microsoft.VisualBasic.Conversion",
384. "assembly": "Microsoft.VisualBasic"
385. },
386. {
387. "typename": "Microsoft.VisualBasic.Devices.Computer",
388. "assembly": "Microsoft.VisualBasic"
389. },
390. {
391. "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
392. "assembly": "Microsoft.VisualBasic"
393. },
394. {
395. "typename": "Microsoft.VisualBasic.Devices.Keyboard",
396. "assembly": "Microsoft.VisualBasic"
397. },
398. {
399. "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
400. "assembly": "Microsoft.VisualBasic"
401. },
402. {
403. "typename": "Microsoft.VisualBasic.FileAttribute",
404. "assembly": "Microsoft.VisualBasic"
405. },
406. {
407. "typename": "Microsoft.VisualBasic.FileSystem",
408. "assembly": "Microsoft.VisualBasic"
409. },
410. {
411. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
412. "assembly": "Microsoft.VisualBasic"
413. },
414. {
415. "typename": "Microsoft.VisualBasic.Information",
416. "assembly": "Microsoft.VisualBasic"
417. },
418. {
419. "typename": "Microsoft.VisualBasic.Interaction",
420. "assembly": "Microsoft.VisualBasic"
421. },
422. {
423. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
424. "assembly": "Microsoft.VisualBasic"
425. },
426. {
427. "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
428. "assembly": "Microsoft.VisualBasic"
429. },
430. {
431. "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
432. "assembly": "Microsoft.VisualBasic"
433. },
434. {
435. "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
436. "assembly": "Microsoft.VisualBasic"
437. },
438. {
439. "typename": "Microsoft.VisualBasic.OpenAccess",
440. "assembly": "Microsoft.VisualBasic"
441. },
442. {
443. "typename": "Microsoft.VisualBasic.OpenMode",
444. "assembly": "Microsoft.VisualBasic"
445. },
446. {
447. "typename": "Microsoft.VisualBasic.OpenShare",
448. "assembly": "Microsoft.VisualBasic"
449. },
450. {
451. "typename": "Microsoft.VisualBasic.Strings",
452. "assembly": "Microsoft.VisualBasic"
453. },
454. {
455. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
456. "assembly": "System"
457. },
458. {
459. "typename": "System.ComponentModel.DefaultValueAttribute",
460. "assembly": "System"
461. },
462. {
463. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
464. "assembly": "System"
465. },
466. {
467. "typename": "System.ComponentModel.EditorBrowsableAttribute",
468. "assembly": "System"
469. },
470. {
471. "typename": "System.ComponentModel.EditorBrowsableState",
472. "assembly": "System"
473. },
474. {
475. "typename": "System.Diagnostics.FileVersionInfo",
476. "assembly": "System"
477. },
478. {
479. "typename": "System.Diagnostics.Process",
480. "assembly": "System"
481. },
482. {
483. "typename": "System.Diagnostics.ProcessModule",
484. "assembly": "System"
485. },
486. {
487. "typename": "System.Diagnostics.ProcessStartInfo",
488. "assembly": "System"
489. },
490. {
491. "typename": "System.Diagnostics.ProcessWindowStyle",
492. "assembly": "System"
493. },
494. {
495. "typename": "System.Net.CredentialCache",
496. "assembly": "System"
497. },
498. {
499. "typename": "System.Net.FtpWebRequest",
500. "assembly": "System"
501. },
502. {
503. "typename": "System.Net.HttpWebRequest",
504. "assembly": "System"
505. },
506. {
507. "typename": "System.Net.ICredentials",
508. "assembly": "System"
509. },
510. {
511. "typename": "System.Net.ICredentialsByHost",
512. "assembly": "System"
513. },
514. {
515. "typename": "System.Net.Mail.Attachment",
516. "assembly": "System"
517. },
518. {
519. "typename": "System.Net.Mail.AttachmentCollection",
520. "assembly": "System"
521. },
522. {
523. "typename": "System.Net.Mail.MailAddress",
524. "assembly": "System"
525. },
526. {
527. "typename": "System.Net.Mail.MailMessage",
528. "assembly": "System"
529. },
530. {
531. "typename": "System.Net.Mail.SmtpClient",
532. "assembly": "System"
533. },
534. {
535. "typename": "System.Net.NetworkCredential",
536. "assembly": "System"
537. },
538. {
539. "typename": "System.Net.WebClient",
540. "assembly": "System"
541. },
542. {
543. "typename": "System.Net.WebRequest",
544. "assembly": "System"
545. },
546. {
547. "typename": "System.Net.WebResponse",
548. "assembly": "System"
549. },
550. {
551. "typename": "System.Text.RegularExpressions.Capture",
552. "assembly": "System"
553. },
554. {
555. "typename": "System.Text.RegularExpressions.Group",
556. "assembly": "System"
557. },
558. {
559. "typename": "System.Text.RegularExpressions.GroupCollection",
560. "assembly": "System"
561. },
562. {
563. "typename": "System.Text.RegularExpressions.Match",
564. "assembly": "System"
565. },
566. {
567. "typename": "System.Text.RegularExpressions.MatchCollection",
568. "assembly": "System"
569. },
570. {
571. "typename": "System.Text.RegularExpressions.Regex",
572. "assembly": "System"
573. },
574. {
575. "typename": "System.Timers.ElapsedEventArgs",
576. "assembly": "System"
577. },
578. {
579. "typename": "System.Timers.ElapsedEventHandler",
580. "assembly": "System"
581. },
582. {
583. "typename": "System.Timers.Timer",
584. "assembly": "System"
585. },
586. {
587. "typename": "System.Uri",
588. "assembly": "System"
589. },
590. {
591. "typename": "System.Drawing.Bitmap",
592. "assembly": "System.Drawing"
593. },
594. {
595. "typename": "System.Drawing.Graphics",
596. "assembly": "System.Drawing"
597. },
598. {
599. "typename": "System.Drawing.Image",
600. "assembly": "System.Drawing"
601. },
602. {
603. "typename": "System.Drawing.Imaging.Encoder",
604. "assembly": "System.Drawing"
605. },
606. {
607. "typename": "System.Drawing.Imaging.EncoderParameter",
608. "assembly": "System.Drawing"
609. },
610. {
611. "typename": "System.Drawing.Imaging.EncoderParameters",
612. "assembly": "System.Drawing"
613. },
614. {
615. "typename": "System.Drawing.Imaging.ImageCodecInfo",
616. "assembly": "System.Drawing"
617. },
618. {
619. "typename": "System.Drawing.Imaging.ImageFormat",
620. "assembly": "System.Drawing"
621. },
622. {
623. "typename": "System.Drawing.Point",
624. "assembly": "System.Drawing"
625. },
626. {
627. "typename": "System.Drawing.Rectangle",
628. "assembly": "System.Drawing"
629. },
630. {
631. "typename": "System.Drawing.Size",
632. "assembly": "System.Drawing"
633. },
634. {
635. "typename": "System.Management.ManagementBaseObject",
636. "assembly": "System.Management"
637. },
638. {
639. "typename": "System.Management.ManagementClass",
640. "assembly": "System.Management"
641. },
642. {
643. "typename": "System.Management.ManagementObject",
644. "assembly": "System.Management"
645. },
646. {
647. "typename": "System.Management.ManagementObjectCollection",
648. "assembly": "System.Management"
649. },
650. {
651. "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
652. "assembly": "System.Management"
653. },
654. {
655. "typename": "System.Management.ManagementObjectSearcher",
656. "assembly": "System.Management"
657. },
658. {
659. "typename": "System.Management.PropertyData",
660. "assembly": "System.Management"
661. },
662. {
663. "typename": "System.Management.PropertyDataCollection",
664. "assembly": "System.Management"
665. },
666. {
667. "typename": "System.Security.Cryptography.DataProtectionScope",
668. "assembly": "System.Security"
669. },
670. {
671. "typename": "System.Security.Cryptography.ProtectedData",
672. "assembly": "System.Security"
673. },
674. {
675. "typename": "System.Windows.Forms.Application",
676. "assembly": "System.Windows.Forms"
677. },
678. {
679. "typename": "System.Windows.Forms.CreateParams",
680. "assembly": "System.Windows.Forms"
681. },
682. {
683. "typename": "System.Windows.Forms.Keys",
684. "assembly": "System.Windows.Forms"
685. },
686. {
687. "typename": "System.Windows.Forms.Message",
688. "assembly": "System.Windows.Forms"
689. },
690. {
691. "typename": "System.Windows.Forms.MouseButtons",
692. "assembly": "System.Windows.Forms"
693. },
694. {
695. "typename": "System.Windows.Forms.NativeWindow",
696. "assembly": "System.Windows.Forms"
697. },
698. {
699. "typename": "System.Windows.Forms.Screen",
700. "assembly": "System.Windows.Forms"
701. },
702. {
703. "typename": "System.Windows.Forms.SystemInformation",
704. "assembly": "System.Windows.Forms"
705. },
706. {
707. "typename": "Microsoft.Win32.Registry",
708. "assembly": "mscorlib"
709. },
710. {
711. "typename": "Microsoft.Win32.RegistryKey",
712. "assembly": "mscorlib"
713. },
714. {
715. "typename": "Microsoft.Win32.RegistryValueKind",
716. "assembly": "mscorlib"
717. },
718. {
719. "typename": "System.Activator",
720. "assembly": "mscorlib"
721. },
722. {
723. "typename": "System.ArgumentOutOfRangeException",
724. "assembly": "mscorlib"
725. },
726. {
727. "typename": "System.Array",
728. "assembly": "mscorlib"
729. },
730. {
731. "typename": "System.AsyncCallback",
732. "assembly": "mscorlib"
733. },
734. {
735. "typename": "System.BitConverter",
736. "assembly": "mscorlib"
737. },
738. {
739. "typename": "System.Boolean",
740. "assembly": "mscorlib"
741. },
742. {
743. "typename": "System.Buffer",
744. "assembly": "mscorlib"
745. },
746. {
747. "typename": "System.Byte",
748. "assembly": "mscorlib"
749. },
750. {
751. "typename": "System.Char",
752. "assembly": "mscorlib"
753. },
754. {
755. "typename": "System.Collections.Generic.Dictionary`2",
756. "assembly": "mscorlib"
757. },
758. {
759. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
760. "assembly": "mscorlib"
761. },
762. {
763. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
764. "assembly": "mscorlib"
765. },
766. {
767. "typename": "System.Collections.Generic.IEnumerable`1",
768. "assembly": "mscorlib"
769. },
770. {
771. "typename": "System.Collections.Generic.KeyValuePair`2",
772. "assembly": "mscorlib"
773. },
774. {
775. "typename": "System.Collections.Generic.List`1",
776. "assembly": "mscorlib"
777. },
778. {
779. "typename": "System.Collections.Generic.List`1/Enumerator",
780. "assembly": "mscorlib"
781. },
782. {
783. "typename": "System.Collections.IEnumerable",
784. "assembly": "mscorlib"
785. },
786. {
787. "typename": "System.Collections.IEnumerator",
788. "assembly": "mscorlib"
789. },
790. {
791. "typename": "System.Collections.ObjectModel.Collection`1",
792. "assembly": "mscorlib"
793. },
794. {
795. "typename": "System.Convert",
796. "assembly": "mscorlib"
797. },
798. {
799. "typename": "System.DateTime",
800. "assembly": "mscorlib"
801. },
802. {
803. "typename": "System.Decimal",
804. "assembly": "mscorlib"
805. },
806. {
807. "typename": "System.Delegate",
808. "assembly": "mscorlib"
809. },
810. {
811. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
812. "assembly": "mscorlib"
813. },
814. {
815. "typename": "System.Double",
816. "assembly": "mscorlib"
817. },
818. {
819. "typename": "System.Enum",
820. "assembly": "mscorlib"
821. },
822. {
823. "typename": "System.Environment",
824. "assembly": "mscorlib"
825. },
826. {
827. "typename": "System.Environment/SpecialFolder",
828. "assembly": "mscorlib"
829. },
830. {
831. "typename": "System.Exception",
832. "assembly": "mscorlib"
833. },
834. {
835. "typename": "System.FlagsAttribute",
836. "assembly": "mscorlib"
837. },
838. {
839. "typename": "System.Globalization.CultureInfo",
840. "assembly": "mscorlib"
841. },
842. {
843. "typename": "System.Globalization.NumberStyles",
844. "assembly": "mscorlib"
845. },
846. {
847. "typename": "System.Guid",
848. "assembly": "mscorlib"
849. },
850. {
851. "typename": "System.IAsyncResult",
852. "assembly": "mscorlib"
853. },
854. {
855. "typename": "System.IDisposable",
856. "assembly": "mscorlib"
857. },
858. {
859. "typename": "System.IFormatProvider",
860. "assembly": "mscorlib"
861. },
862. {
863. "typename": "System.IO.BinaryReader",
864. "assembly": "mscorlib"
865. },
866. {
867. "typename": "System.IO.Directory",
868. "assembly": "mscorlib"
869. },
870. {
871. "typename": "System.IO.DirectoryInfo",
872. "assembly": "mscorlib"
873. },
874. {
875. "typename": "System.IO.DriveInfo",
876. "assembly": "mscorlib"
877. },
878. {
879. "typename": "System.IO.DriveType",
880. "assembly": "mscorlib"
881. },
882. {
883. "typename": "System.IO.File",
884. "assembly": "mscorlib"
885. },
886. {
887. "typename": "System.IO.FileAttributes",
888. "assembly": "mscorlib"
889. },
890. {
891. "typename": "System.IO.FileInfo",
892. "assembly": "mscorlib"
893. },
894. {
895. "typename": "System.IO.FileMode",
896. "assembly": "mscorlib"
897. },
898. {
899. "typename": "System.IO.FileStream",
900. "assembly": "mscorlib"
901. },
902. {
903. "typename": "System.IO.FileSystemInfo",
904. "assembly": "mscorlib"
905. },
906. {
907. "typename": "System.IO.MemoryStream",
908. "assembly": "mscorlib"
909. },
910. {
911. "typename": "System.IO.Path",
912. "assembly": "mscorlib"
913. },
914. {
915. "typename": "System.IO.SearchOption",
916. "assembly": "mscorlib"
917. },
918. {
919. "typename": "System.IO.Stream",
920. "assembly": "mscorlib"
921. },
922. {
923. "typename": "System.IO.StreamReader",
924. "assembly": "mscorlib"
925. },
926. {
927. "typename": "System.Int16",
928. "assembly": "mscorlib"
929. },
930. {
931. "typename": "System.Int32",
932. "assembly": "mscorlib"
933. },
934. {
935. "typename": "System.Int64",
936. "assembly": "mscorlib"
937. },
938. {
939. "typename": "System.IntPtr",
940. "assembly": "mscorlib"
941. },
942. {
943. "typename": "System.Math",
944. "assembly": "mscorlib"
945. },
946. {
947. "typename": "System.MulticastDelegate",
948. "assembly": "mscorlib"
949. },
950. {
951. "typename": "System.Object",
952. "assembly": "mscorlib"
953. },
954. {
955. "typename": "System.OperatingSystem",
956. "assembly": "mscorlib"
957. },
958. {
959. "typename": "System.Random",
960. "assembly": "mscorlib"
961. },
962. {
963. "typename": "System.Reflection.Assembly",
964. "assembly": "mscorlib"
965. },
966. {
967. "typename": "System.Reflection.FieldInfo",
968. "assembly": "mscorlib"
969. },
970. {
971. "typename": "System.Reflection.MethodBase",
972. "assembly": "mscorlib"
973. },
974. {
975. "typename": "System.Reflection.MethodInfo",
976. "assembly": "mscorlib"
977. },
978. {
979. "typename": "System.Reflection.Module",
980. "assembly": "mscorlib"
981. },
982. {
983. "typename": "System.Resources.ResourceManager",
984. "assembly": "mscorlib"
985. },
986. {
987. "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
988. "assembly": "mscorlib"
989. },
990. {
991. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
992. "assembly": "mscorlib"
993. },
994. {
995. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
996. "assembly": "mscorlib"
997. },
998. {
999. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
1000. "assembly": "mscorlib"
1001. },
1002. {
1003. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
1004. "assembly": "mscorlib"
1005. },
1006. {
1007. "typename": "System.Runtime.ConstrainedExecution.Cer",
1008. "assembly": "mscorlib"
1009. },
1010. {
1011. "typename": "System.Runtime.ConstrainedExecution.Consistency",
1012. "assembly": "mscorlib"
1013. },
1014. {
1015. "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
1016. "assembly": "mscorlib"
1017. },
1018. {
1019. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
1020. "assembly": "mscorlib"
1021. },
1022. {
1023. "typename": "System.Runtime.InteropServices.Marshal",
1024. "assembly": "mscorlib"
1025. },
1026. {
1027. "typename": "System.Runtime.InteropServices.SafeHandle",
1028. "assembly": "mscorlib"
1029. },
1030. {
1031. "typename": "System.RuntimeFieldHandle",
1032. "assembly": "mscorlib"
1033. },
1034. {
1035. "typename": "System.RuntimeTypeHandle",
1036. "assembly": "mscorlib"
1037. },
1038. {
1039. "typename": "System.STAThreadAttribute",
1040. "assembly": "mscorlib"
1041. },
1042. {
1043. "typename": "System.Security.AccessControl.AceFlags",
1044. "assembly": "mscorlib"
1045. },
1046. {
1047. "typename": "System.Security.AccessControl.AceQualifier",
1048. "assembly": "mscorlib"
1049. },
1050. {
1051. "typename": "System.Security.AccessControl.CommonAce",
1052. "assembly": "mscorlib"
1053. },
1054. {
1055. "typename": "System.Security.AccessControl.GenericAce",
1056. "assembly": "mscorlib"
1057. },
1058. {
1059. "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
1060. "assembly": "mscorlib"
1061. },
1062. {
1063. "typename": "System.Security.AccessControl.RawAcl",
1064. "assembly": "mscorlib"
1065. },
1066. {
1067. "typename": "System.Security.AccessControl.RawSecurityDescriptor",
1068. "assembly": "mscorlib"
1069. },
1070. {
1071. "typename": "System.Security.Cryptography.CipherMode",
1072. "assembly": "mscorlib"
1073. },
1074. {
1075. "typename": "System.Security.Cryptography.HMACSHA1",
1076. "assembly": "mscorlib"
1077. },
1078. {
1079. "typename": "System.Security.Cryptography.HashAlgorithm",
1080. "assembly": "mscorlib"
1081. },
1082. {
1083. "typename": "System.Security.Cryptography.ICryptoTransform",
1084. "assembly": "mscorlib"
1085. },
1086. {
1087. "typename": "System.Security.Cryptography.MD5",
1088. "assembly": "mscorlib"
1089. },
1090. {
1091. "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
1092. "assembly": "mscorlib"
1093. },
1094. {
1095. "typename": "System.Security.Cryptography.PaddingMode",
1096. "assembly": "mscorlib"
1097. },
1098. {
1099. "typename": "System.Security.Cryptography.Rijndael",
1100. "assembly": "mscorlib"
1101. },
1102. {
1103. "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
1104. "assembly": "mscorlib"
1105. },
1106. {
1107. "typename": "System.Security.Cryptography.SymmetricAlgorithm",
1108. "assembly": "mscorlib"
1109. },
1110. {
1111. "typename": "System.Security.Cryptography.TripleDES",
1112. "assembly": "mscorlib"
1113. },
1114. {
1115. "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
1116. "assembly": "mscorlib"
1117. },
1118. {
1119. "typename": "System.Security.Principal.SecurityIdentifier",
1120. "assembly": "mscorlib"
1121. },
1122. {
1123. "typename": "System.Security.Principal.WellKnownSidType",
1124. "assembly": "mscorlib"
1125. },
1126. {
1127. "typename": "System.Security.Principal.WindowsBuiltInRole",
1128. "assembly": "mscorlib"
1129. },
1130. {
1131. "typename": "System.Security.Principal.WindowsIdentity",
1132. "assembly": "mscorlib"
1133. },
1134. {
1135. "typename": "System.Security.Principal.WindowsPrincipal",
1136. "assembly": "mscorlib"
1137. },
1138. {
1139. "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
1140. "assembly": "mscorlib"
1141. },
1142. {
1143. "typename": "System.String",
1144. "assembly": "mscorlib"
1145. },
1146. {
1147. "typename": "System.StringComparison",
1148. "assembly": "mscorlib"
1149. },
1150. {
1151. "typename": "System.Text.Decoder",
1152. "assembly": "mscorlib"
1153. },
1154. {
1155. "typename": "System.Text.Encoding",
1156. "assembly": "mscorlib"
1157. },
1158. {
1159. "typename": "System.Text.StringBuilder",
1160. "assembly": "mscorlib"
1161. },
1162. {
1163. "typename": "System.Text.UTF8Encoding",
1164. "assembly": "mscorlib"
1165. },
1166. {
1167. "typename": "System.ThreadStaticAttribute",
1168. "assembly": "mscorlib"
1169. },
1170. {
1171. "typename": "System.Threading.Monitor",
1172. "assembly": "mscorlib"
1173. },
1174. {
1175. "typename": "System.Threading.Mutex",
1176. "assembly": "mscorlib"
1177. },
1178. {
1179. "typename": "System.Threading.Thread",
1180. "assembly": "mscorlib"
1181. },
1182. {
1183. "typename": "System.Threading.ThreadStart",
1184. "assembly": "mscorlib"
1185. },
1186. {
1187. "typename": "System.Type",
1188. "assembly": "mscorlib"
1189. },
1190. {
1191. "typename": "System.UInt32",
1192. "assembly": "mscorlib"
1193. },
1194. {
1195. "typename": "System.UInt64",
1196. "assembly": "mscorlib"
1197. },
1198. {
1199. "typename": "System.ValueType",
1200. "assembly": "mscorlib"
1201. },
1202. {
1203. "typename": "System.Version",
1204. "assembly": "mscorlib"
1205. }
1206. ]
1207. },
1208. "pe": {
1209. "peid_signatures": null,
1210. "imports": [
1211. {
1212. "imports": [
1213. {
1214. "name": "_CorExeMain",
1215. "address": "0x402000"
1216. }
1217. ],
1218. "dll": "mscoree.dll"
1219. }
1220. ],
1221. "digital_signers": null,
1222. "exported_dll_name": null,
1223. "actual_checksum": "0x0004a8af",
1224. "overlay": null,
1225. "imagebase": "0x00400000",
1226. "reported_checksum": "0x00000000",
1227. "icon_hash": null,
1228. "entrypoint": "0x00445f3e",
1229. "timestamp": "2019-06-02 21:34:33",
1230. "osversion": "4.0",
1231. "sections": [
1232. {
1233. "name": ".text",
1234. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1235. "virtual_address": "0x00002000",
1236. "size_of_data": "0x00044000",
1237. "entropy": "6.60",
1238. "raw_address": "0x00000200",
1239. "virtual_size": "0x00043f44",
1240. "characteristics_raw": "0x60000020"
1241. },
1242. {
1243. "name": ".rsrc",
1244. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1245. "virtual_address": "0x00046000",
1246. "size_of_data": "0x00000400",
1247. "entropy": "2.94",
1248. "raw_address": "0x00044200",
1249. "virtual_size": "0x00000370",
1250. "characteristics_raw": "0x40000040"
1251. },
1252. {
1253. "name": ".reloc",
1254. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1255. "virtual_address": "0x00048000",
1256. "size_of_data": "0x00000200",
1257. "entropy": "0.10",
1258. "raw_address": "0x00044600",
1259. "virtual_size": "0x0000000c",
1260. "characteristics_raw": "0x42000040"
1261. }
1262. ],
1263. "resources": [],
1264. "dirents": [
1265. {
1266. "virtual_address": "0x00000000",
1267. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1268. "size": "0x00000000"
1269. },
1270. {
1271. "virtual_address": "0x00045eec",
1272. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1273. "size": "0x0000004f"
1274. },
1275. {
1276. "virtual_address": "0x00046000",
1277. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1278. "size": "0x00000370"
1279. },
1280. {
1281. "virtual_address": "0x00000000",
1282. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1283. "size": "0x00000000"
1284. },
1285. {
1286. "virtual_address": "0x00000000",
1287. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1288. "size": "0x00000000"
1289. },
1290. {
1291. "virtual_address": "0x00048000",
1292. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1293. "size": "0x0000000c"
1294. },
1295. {
1296. "virtual_address": "0x00000000",
1297. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1298. "size": "0x00000000"
1299. },
1300. {
1301. "virtual_address": "0x00000000",
1302. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1303. "size": "0x00000000"
1304. },
1305. {
1306. "virtual_address": "0x00000000",
1307. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1308. "size": "0x00000000"
1309. },
1310. {
1311. "virtual_address": "0x00000000",
1312. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1313. "size": "0x00000000"
1314. },
1315. {
1316. "virtual_address": "0x00000000",
1317. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1318. "size": "0x00000000"
1319. },
1320. {
1321. "virtual_address": "0x00000000",
1322. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1323. "size": "0x00000000"
1324. },
1325. {
1326. "virtual_address": "0x00002000",
1327. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1328. "size": "0x00000008"
1329. },
1330. {
1331. "virtual_address": "0x00000000",
1332. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1333. "size": "0x00000000"
1334. },
1335. {
1336. "virtual_address": "0x00002008",
1337. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1338. "size": "0x00000048"
1339. },
1340. {
1341. "virtual_address": "0x00000000",
1342. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1343. "size": "0x00000000"
1344. }
1345. ],
1346. "exports": [],
1347. "guest_signers": {},
1348. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
1349. "icon_fuzzy": null,
1350. "icon": null,
1351. "pdbpath": null,
1352. "imported_dll_count": 1,
1353. "versioninfo": []
1354. }
1355. }
1356.  
1357. [*] Resolved APIs: [
1358. "advapi32.dll.RegOpenKeyExW",
1359. "advapi32.dll.RegQueryInfoKeyW",
1360. "advapi32.dll.RegEnumKeyExW",
1361. "advapi32.dll.RegEnumValueW",
1362. "advapi32.dll.RegCloseKey",
1363. "advapi32.dll.RegQueryValueExW",
1364. "kernel32.dll.QueryActCtxW",
1365. "shlwapi.dll.UrlIsW",
1366. "kernel32.dll.FlsAlloc",
1367. "kernel32.dll.FlsGetValue",
1368. "kernel32.dll.FlsSetValue",
1369. "kernel32.dll.FlsFree",
1370. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
1371. "kernel32.dll.IsProcessorFeaturePresent",
1372. "msvcrt.dll._set_error_mode",
1373. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
1374. "kernel32.dll.FindActCtxSectionStringW",
1375. "kernel32.dll.GetSystemWindowsDirectoryW",
1376. "mscoree.dll.GetProcessExecutableHeap",
1377. "mscorwks.dll._CorExeMain",
1378. "mscorwks.dll.GetCLRFunction",
1379. "advapi32.dll.RegisterTraceGuidsW",
1380. "advapi32.dll.UnregisterTraceGuids",
1381. "advapi32.dll.GetTraceLoggerHandle",
1382. "advapi32.dll.GetTraceEnableLevel",
1383. "advapi32.dll.GetTraceEnableFlags",
1384. "advapi32.dll.TraceEvent",
1385. "mscoree.dll.IEE",
1386. "mscorwks.dll.IEE",
1387. "mscoree.dll.GetStartupFlags",
1388. "mscoree.dll.GetHostConfigurationFile",
1389. "mscoree.dll.GetCORSystemDirectory",
1390. "ntdll.dll.RtlUnwind",
1391. "kernel32.dll.IsWow64Process",
1392. "advapi32.dll.AllocateAndInitializeSid",
1393. "advapi32.dll.OpenProcessToken",
1394. "advapi32.dll.GetTokenInformation",
1395. "advapi32.dll.InitializeAcl",
1396. "advapi32.dll.AddAccessAllowedAce",
1397. "advapi32.dll.FreeSid",
1398. "kernel32.dll.SetThreadStackGuarantee",
1399. "kernel32.dll.AddVectoredContinueHandler",
1400. "kernel32.dll.RemoveVectoredContinueHandler",
1401. "advapi32.dll.ConvertSidToStringSidW",
1402. "shell32.dll.SHGetFolderPathW",
1403. "kernel32.dll.FlushProcessWriteBuffers",
1404. "kernel32.dll.GetWriteWatch",
1405. "kernel32.dll.ResetWriteWatch",
1406. "kernel32.dll.CreateMemoryResourceNotification",
1407. "kernel32.dll.QueryMemoryResourceNotification",
1408. "ole32.dll.CoInitializeEx",
1409. "cryptbase.dll.SystemFunction036",
1410. "uxtheme.dll.ThemeInitApiHook",
1411. "user32.dll.IsProcessDPIAware",
1412. "ole32.dll.CoGetContextToken",
1413. "kernel32.dll.GetVersionExW",
1414. "kernel32.dll.GetFullPathNameW",
1415. "advapi32.dll.CryptAcquireContextA",
1416. "advapi32.dll.CryptReleaseContext",
1417. "advapi32.dll.CryptCreateHash",
1418. "advapi32.dll.CryptDestroyHash",
1419. "advapi32.dll.CryptHashData",
1420. "advapi32.dll.CryptGetHashParam",
1421. "advapi32.dll.CryptImportKey",
1422. "advapi32.dll.CryptExportKey",
1423. "advapi32.dll.CryptGenKey",
1424. "advapi32.dll.CryptGetKeyParam",
1425. "advapi32.dll.CryptDestroyKey",
1426. "advapi32.dll.CryptVerifySignatureA",
1427. "advapi32.dll.CryptSignHashA",
1428. "advapi32.dll.CryptGetProvParam",
1429. "advapi32.dll.CryptGetUserKey",
1430. "advapi32.dll.CryptEnumProvidersA",
1431. "mscoree.dll.GetMetaDataInternalInterface",
1432. "mscorwks.dll.GetMetaDataInternalInterface",
1433. "mscorjit.dll.getJit",
1434. "kernel32.dll.lstrlen",
1435. "kernel32.dll.lstrlenW",
1436. "kernel32.dll.GetUserDefaultUILanguage",
1437. "kernel32.dll.SetErrorMode",
1438. "kernel32.dll.GetFileAttributesExW",
1439. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
1440. "kernel32.dll.GetEnvironmentVariableW",
1441. "cryptsp.dll.CryptAcquireContextW",
1442. "cryptsp.dll.CryptCreateHash",
1443. "ole32.dll.CreateBindCtx",
1444. "ole32.dll.CoGetObjectContext",
1445. "sechost.dll.LookupAccountNameLocalW",
1446. "advapi32.dll.LookupAccountSidW",
1447. "sechost.dll.LookupAccountSidLocalW",
1448. "cryptsp.dll.CryptGenRandom",
1449. "ole32.dll.NdrOleInitializeExtension",
1450. "ole32.dll.CoGetClassObject",
1451. "ole32.dll.CoGetMarshalSizeMax",
1452. "ole32.dll.CoMarshalInterface",
1453. "ole32.dll.CoUnmarshalInterface",
1454. "ole32.dll.StringFromIID",
1455. "ole32.dll.CoGetPSClsid",
1456. "ole32.dll.CoTaskMemAlloc",
1457. "ole32.dll.CoTaskMemFree",
1458. "ole32.dll.CoCreateInstance",
1459. "ole32.dll.CoReleaseMarshalData",
1460. "ole32.dll.DcomChannelSetHResult",
1461. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
1462. "ole32.dll.MkParseDisplayName",
1463. "oleaut32.dll.#2",
1464. "oleaut32.dll.#6",
1465. "kernel32.dll.GetThreadPreferredUILanguages",
1466. "kernel32.dll.SetThreadPreferredUILanguages",
1467. "kernel32.dll.LocaleNameToLCID",
1468. "kernel32.dll.GetLocaleInfoEx",
1469. "kernel32.dll.LCIDToLocaleName",
1470. "kernel32.dll.GetSystemDefaultLocaleName",
1471. "ole32.dll.BindMoniker",
1472. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
1473. "advapi32.dll.RegOpenKeyW",
1474. "advapi32.dll.RegEnumKeyW",
1475. "advapi32.dll.RegQueryValueW",
1476. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
1477. "sxs.dll.SxsLookupClrGuid",
1478. "kernel32.dll.ReleaseActCtx",
1479. "oleaut32.dll.#9",
1480. "oleaut32.dll.#4",
1481. "oleaut32.dll.#283",
1482. "oleaut32.dll.#284",
1483. "oleaut32.dll.#7",
1484. "kernel32.dll.CreateEventW",
1485. "kernel32.dll.CloseHandle",
1486. "kernel32.dll.SwitchToThread",
1487. "kernel32.dll.SetEvent",
1488. "ole32.dll.CoWaitForMultipleHandles",
1489. "ole32.dll.IIDFromString",
1490. "kernel32.dll.LoadLibraryA",
1491. "kernel32.dll.GetProcAddress",
1492. "wminet_utils.dll.ResetSecurity",
1493. "wminet_utils.dll.SetSecurity",
1494. "wminet_utils.dll.BlessIWbemServices",
1495. "wminet_utils.dll.BlessIWbemServicesObject",
1496. "wminet_utils.dll.GetPropertyHandle",
1497. "wminet_utils.dll.WritePropertyValue",
1498. "wminet_utils.dll.Clone",
1499. "wminet_utils.dll.VerifyClientKey",
1500. "wminet_utils.dll.GetQualifierSet",
1501. "wminet_utils.dll.Get",
1502. "wminet_utils.dll.Put",
1503. "wminet_utils.dll.Delete",
1504. "wminet_utils.dll.GetNames",
1505. "wminet_utils.dll.BeginEnumeration",
1506. "wminet_utils.dll.Next",
1507. "wminet_utils.dll.EndEnumeration",
1508. "wminet_utils.dll.GetPropertyQualifierSet",
1509. "wminet_utils.dll.GetObjectText",
1510. "wminet_utils.dll.SpawnDerivedClass",
1511. "wminet_utils.dll.SpawnInstance",
1512. "wminet_utils.dll.CompareTo",
1513. "wminet_utils.dll.GetPropertyOrigin",
1514. "wminet_utils.dll.InheritsFrom",
1515. "wminet_utils.dll.GetMethod",
1516. "wminet_utils.dll.PutMethod",
1517. "wminet_utils.dll.DeleteMethod",
1518. "wminet_utils.dll.BeginMethodEnumeration",
1519. "wminet_utils.dll.NextMethod",
1520. "wminet_utils.dll.EndMethodEnumeration",
1521. "wminet_utils.dll.GetMethodQualifierSet",
1522. "wminet_utils.dll.GetMethodOrigin",
1523. "wminet_utils.dll.QualifierSet_Get",
1524. "wminet_utils.dll.QualifierSet_Put",
1525. "wminet_utils.dll.QualifierSet_Delete",
1526. "wminet_utils.dll.QualifierSet_GetNames",
1527. "wminet_utils.dll.QualifierSet_BeginEnumeration",
1528. "wminet_utils.dll.QualifierSet_Next",
1529. "wminet_utils.dll.QualifierSet_EndEnumeration",
1530. "wminet_utils.dll.GetCurrentApartmentType",
1531. "wminet_utils.dll.GetDemultiplexedStub",
1532. "wminet_utils.dll.CreateInstanceEnumWmi",
1533. "wminet_utils.dll.CreateClassEnumWmi",
1534. "wminet_utils.dll.ExecQueryWmi",
1535. "wminet_utils.dll.ExecNotificationQueryWmi",
1536. "wminet_utils.dll.PutInstanceWmi",
1537. "wminet_utils.dll.PutClassWmi",
1538. "wminet_utils.dll.CloneEnumWbemClassObject",
1539. "wminet_utils.dll.ConnectServerWmi",
1540. "ole32.dll.CoUninitialize",
1541. "oleaut32.dll.#500",
1542. "oleaut32.dll.SysStringLen",
1543. "kernel32.dll.RtlZeroMemory",
1544. "kernel32.dll.RegOpenKeyExW",
1545. "vssapi.dll.CreateWriter",
1546. "advapi32.dll.LookupAccountNameW",
1547. "samcli.dll.NetLocalGroupGetMembers",
1548. "samlib.dll.SamConnect",
1549. "rpcrt4.dll.NdrClientCall3",
1550. "rpcrt4.dll.RpcStringBindingComposeW",
1551. "rpcrt4.dll.RpcBindingFromStringBindingW",
1552. "rpcrt4.dll.RpcStringFreeW",
1553. "rpcrt4.dll.RpcBindingFree",
1554. "samlib.dll.SamOpenDomain",
1555. "samlib.dll.SamLookupNamesInDomain",
1556. "samlib.dll.SamOpenAlias",
1557. "samlib.dll.SamFreeMemory",
1558. "samlib.dll.SamCloseHandle",
1559. "samlib.dll.SamGetMembersInAlias",
1560. "netutils.dll.NetApiBufferFree",
1561. "ole32.dll.CoCreateGuid",
1562. "ole32.dll.StringFromCLSID",
1563. "propsys.dll.VariantToPropVariant",
1564. "wbemcore.dll.Reinitialize",
1565. "wbemsvc.dll.DllGetClassObject",
1566. "wbemsvc.dll.DllCanUnloadNow",
1567. "authz.dll.AuthzInitializeContextFromToken",
1568. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
1569. "authz.dll.AuthzAccessCheck",
1570. "authz.dll.AuthzFreeAuditEvent",
1571. "authz.dll.AuthzFreeContext",
1572. "authz.dll.AuthzInitializeResourceManager",
1573. "authz.dll.AuthzFreeResourceManager",
1574. "rpcrt4.dll.RpcBindingCreateW",
1575. "rpcrt4.dll.RpcBindingBind",
1576. "rpcrt4.dll.I_RpcMapWin32Status",
1577. "advapi32.dll.EventRegister",
1578. "advapi32.dll.EventUnregister",
1579. "advapi32.dll.EventWrite",
1580. "kernel32.dll.RegCloseKey",
1581. "kernel32.dll.RegSetValueExW",
1582. "kernel32.dll.RegQueryValueExW",
1583. "wmisvc.dll.IsImproperShutdownDetected",
1584. "wevtapi.dll.EvtRender",
1585. "wevtapi.dll.EvtNext",
1586. "wevtapi.dll.EvtClose",
1587. "wevtapi.dll.EvtQuery",
1588. "wevtapi.dll.EvtCreateRenderContext",
1589. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
1590. "rpcrt4.dll.RpcBindingSetOption",
1591. "ole32.dll.CoCreateFreeThreadedMarshaler",
1592. "ole32.dll.CreateStreamOnHGlobal",
1593. "advapi32.dll.RegCreateKeyExW",
1594. "advapi32.dll.RegSetValueExW",
1595. "cryptsp.dll.CryptReleaseContext",
1596. "kernelbase.dll.InitializeAcl",
1597. "kernelbase.dll.AddAce",
1598. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
1599. "kernel32.dll.IsThreadAFiber",
1600. "kernel32.dll.OpenProcessToken",
1601. "kernelbase.dll.GetTokenInformation",
1602. "kernelbase.dll.DuplicateTokenEx",
1603. "kernelbase.dll.AdjustTokenPrivileges",
1604. "kernelbase.dll.AllocateAndInitializeSid",
1605. "kernelbase.dll.CheckTokenMembership",
1606. "kernel32.dll.SetThreadToken",
1607. "oleaut32.dll.#285",
1608. "oleaut32.dll.#12",
1609. "ole32.dll.CoInitializeSecurity",
1610. "kernel32.dll.SortGetHandle",
1611. "kernel32.dll.SortCloseHandle",
1612. "wmisvc.dll.ServiceMain",
1613. "sechost.dll.RegisterServiceCtrlHandlerExW",
1614. "sechost.dll.SetServiceStatus",
1615. "advapi32.dll.RegisterEventSourceW",
1616. "advapi32.dll.ReportEventW",
1617. "advapi32.dll.DeregisterEventSource",
1618. "advapi32.dll.WmiOpenBlock",
1619. "ole32.dll.CLSIDFromString",
1620. "oleaut32.dll.#17",
1621. "oleaut32.dll.#20",
1622. "oleaut32.dll.#19",
1623. "oleaut32.dll.#25",
1624. "authz.dll.AuthzInitializeContextFromSid",
1625. "oleaut32.dll.#286",
1626. "ole32.dll.CoGetCallContext",
1627. "ole32.dll.CoImpersonateClient",
1628. "advapi32.dll.OpenThreadToken",
1629. "ole32.dll.CoRevertToSelf",
1630. "oleaut32.dll.#8",
1631. "ole32.dll.CoSwitchCallContext",
1632. "advapi32.dll.LogonUserExExW",
1633. "sspicli.dll.LogonUserExExW",
1634. "advapi32.dll.WmiMofEnumerateResourcesW",
1635. "advapi32.dll.WmiFreeBuffer",
1636. "ntmarta.dll.GetMartaExtensionInterface",
1637. "fastprox.dll.DllGetClassObject",
1638. "fastprox.dll.DllCanUnloadNow",
1639. "kernel32.dll.LCMapStringEx",
1640. "kernel32.dll.InitializeCriticalSectionEx",
1641. "kernel32.dll.InitOnceExecuteOnce",
1642. "kernel32.dll.CreateEventExW",
1643. "kernel32.dll.CreateSemaphoreW",
1644. "kernel32.dll.CreateSemaphoreExW",
1645. "kernel32.dll.CreateThreadpoolTimer",
1646. "kernel32.dll.SetThreadpoolTimer",
1647. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
1648. "kernel32.dll.CloseThreadpoolTimer",
1649. "kernel32.dll.CreateThreadpoolWait",
1650. "kernel32.dll.SetThreadpoolWait",
1651. "kernel32.dll.CloseThreadpoolWait",
1652. "kernel32.dll.FreeLibraryWhenCallbackReturns",
1653. "kernel32.dll.GetCurrentProcessorNumber",
1654. "kernel32.dll.CreateSymbolicLinkW",
1655. "kernel32.dll.GetTickCount64",
1656. "kernel32.dll.GetFileInformationByHandleEx",
1657. "kernel32.dll.SetFileInformationByHandle",
1658. "kernel32.dll.InitializeConditionVariable",
1659. "kernel32.dll.WakeConditionVariable",
1660. "kernel32.dll.WakeAllConditionVariable",
1661. "kernel32.dll.SleepConditionVariableCS",
1662. "kernel32.dll.InitializeSRWLock",
1663. "kernel32.dll.AcquireSRWLockExclusive",
1664. "kernel32.dll.TryAcquireSRWLockExclusive",
1665. "kernel32.dll.ReleaseSRWLockExclusive",
1666. "kernel32.dll.SleepConditionVariableSRW",
1667. "kernel32.dll.CreateThreadpoolWork",
1668. "kernel32.dll.SubmitThreadpoolWork",
1669. "kernel32.dll.CloseThreadpoolWork",
1670. "kernel32.dll.CompareStringEx",
1671. "goopdate.dll.DllEntry",
1672. "kernel32.dll.RtlCaptureStackBackTrace",
1673. "wkscli.dll.NetWkstaGetInfo",
1674. "cscapi.dll.CscNetApiGetInterface",
1675. "kernel32.dll.CreateMutexExW",
1676. "dbghelp.dll.MiniDumpWriteDump",
1677. "rpcrt4.dll.UuidCreate",
1678. "psmachine.dll.DllGetClassObject",
1679. "psmachine.dll.DllCanUnloadNow",
1680. "ntdll.dll.RtlGetVersion",
1681. "kernel32.dll.GetNativeSystemInfo",
1682. "winhttp.dll.WinHttpAddRequestHeaders",
1683. "winhttp.dll.WinHttpCheckPlatform",
1684. "winhttp.dll.WinHttpCloseHandle",
1685. "winhttp.dll.WinHttpConnect",
1686. "winhttp.dll.WinHttpCrackUrl",
1687. "winhttp.dll.WinHttpCreateUrl",
1688. "winhttp.dll.WinHttpDetectAutoProxyConfigUrl",
1689. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
1690. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
1691. "winhttp.dll.WinHttpGetProxyForUrl",
1692. "winhttp.dll.WinHttpOpen",
1693. "winhttp.dll.WinHttpOpenRequest",
1694. "winhttp.dll.WinHttpQueryAuthSchemes",
1695. "winhttp.dll.WinHttpQueryDataAvailable",
1696. "winhttp.dll.WinHttpQueryHeaders",
1697. "winhttp.dll.WinHttpQueryOption",
1698. "winhttp.dll.WinHttpReadData",
1699. "winhttp.dll.WinHttpReceiveResponse",
1700. "winhttp.dll.WinHttpSendRequest",
1701. "winhttp.dll.WinHttpSetDefaultProxyConfiguration",
1702. "winhttp.dll.WinHttpSetCredentials",
1703. "winhttp.dll.WinHttpSetOption",
1704. "winhttp.dll.WinHttpSetStatusCallback",
1705. "winhttp.dll.WinHttpSetTimeouts",
1706. "winhttp.dll.WinHttpWriteData",
1707. "shlwapi.dll.StrCmpNW",
1708. "shlwapi.dll.#153",
1709. "ws2_32.dll.GetAddrInfoW"
1710. ]
1711.  
1712. [*] Static Analysis: {
1713. "dotnet": {
1714. "customattrs": null,
1715. "assemblyinfo": {
1716. "version": "0.0.0.0",
1717. "name": "OXRHDHVVKIWVLSWWRJFMDYNFQVWQCJUUIDNTZFVC_20190603003432899"
1718. },
1719. "assemblyrefs": [
1720. {
1721. "version": "2.0.0.0",
1722. "name": "mscorlib"
1723. },
1724. {
1725. "version": "8.0.0.0",
1726. "name": "Microsoft.VisualBasic"
1727. },
1728. {
1729. "version": "2.0.0.0",
1730. "name": "System.Drawing"
1731. },
1732. {
1733. "version": "2.0.0.0",
1734. "name": "System"
1735. },
1736. {
1737. "version": "2.0.0.0",
1738. "name": "System.Windows.Forms"
1739. },
1740. {
1741. "version": "2.0.0.0",
1742. "name": "System.Management"
1743. },
1744. {
1745. "version": "2.0.0.0",
1746. "name": "System.Security"
1747. }
1748. ],
1749. "typerefs": [
1750. {
1751. "typename": "Microsoft.VisualBasic.AppWinStyle",
1752. "assembly": "Microsoft.VisualBasic"
1753. },
1754. {
1755. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
1756. "assembly": "Microsoft.VisualBasic"
1757. },
1758. {
1759. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
1760. "assembly": "Microsoft.VisualBasic"
1761. },
1762. {
1763. "typename": "Microsoft.VisualBasic.CompareMethod",
1764. "assembly": "Microsoft.VisualBasic"
1765. },
1766. {
1767. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
1768. "assembly": "Microsoft.VisualBasic"
1769. },
1770. {
1771. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
1772. "assembly": "Microsoft.VisualBasic"
1773. },
1774. {
1775. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
1776. "assembly": "Microsoft.VisualBasic"
1777. },
1778. {
1779. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
1780. "assembly": "Microsoft.VisualBasic"
1781. },
1782. {
1783. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
1784. "assembly": "Microsoft.VisualBasic"
1785. },
1786. {
1787. "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
1788. "assembly": "Microsoft.VisualBasic"
1789. },
1790. {
1791. "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
1792. "assembly": "Microsoft.VisualBasic"
1793. },
1794. {
1795. "typename": "Microsoft.VisualBasic.Conversion",
1796. "assembly": "Microsoft.VisualBasic"
1797. },
1798. {
1799. "typename": "Microsoft.VisualBasic.Devices.Computer",
1800. "assembly": "Microsoft.VisualBasic"
1801. },
1802. {
1803. "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
1804. "assembly": "Microsoft.VisualBasic"
1805. },
1806. {
1807. "typename": "Microsoft.VisualBasic.Devices.Keyboard",
1808. "assembly": "Microsoft.VisualBasic"
1809. },
1810. {
1811. "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
1812. "assembly": "Microsoft.VisualBasic"
1813. },
1814. {
1815. "typename": "Microsoft.VisualBasic.FileAttribute",
1816. "assembly": "Microsoft.VisualBasic"
1817. },
1818. {
1819. "typename": "Microsoft.VisualBasic.FileSystem",
1820. "assembly": "Microsoft.VisualBasic"
1821. },
1822. {
1823. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
1824. "assembly": "Microsoft.VisualBasic"
1825. },
1826. {
1827. "typename": "Microsoft.VisualBasic.Information",
1828. "assembly": "Microsoft.VisualBasic"
1829. },
1830. {
1831. "typename": "Microsoft.VisualBasic.Interaction",
1832. "assembly": "Microsoft.VisualBasic"
1833. },
1834. {
1835. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
1836. "assembly": "Microsoft.VisualBasic"
1837. },
1838. {
1839. "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
1840. "assembly": "Microsoft.VisualBasic"
1841. },
1842. {
1843. "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
1844. "assembly": "Microsoft.VisualBasic"
1845. },
1846. {
1847. "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
1848. "assembly": "Microsoft.VisualBasic"
1849. },
1850. {
1851. "typename": "Microsoft.VisualBasic.OpenAccess",
1852. "assembly": "Microsoft.VisualBasic"
1853. },
1854. {
1855. "typename": "Microsoft.VisualBasic.OpenMode",
1856. "assembly": "Microsoft.VisualBasic"
1857. },
1858. {
1859. "typename": "Microsoft.VisualBasic.OpenShare",
1860. "assembly": "Microsoft.VisualBasic"
1861. },
1862. {
1863. "typename": "Microsoft.VisualBasic.Strings",
1864. "assembly": "Microsoft.VisualBasic"
1865. },
1866. {
1867. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
1868. "assembly": "System"
1869. },
1870. {
1871. "typename": "System.ComponentModel.DefaultValueAttribute",
1872. "assembly": "System"
1873. },
1874. {
1875. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
1876. "assembly": "System"
1877. },
1878. {
1879. "typename": "System.ComponentModel.EditorBrowsableAttribute",
1880. "assembly": "System"
1881. },
1882. {
1883. "typename": "System.ComponentModel.EditorBrowsableState",
1884. "assembly": "System"
1885. },
1886. {
1887. "typename": "System.Diagnostics.FileVersionInfo",
1888. "assembly": "System"
1889. },
1890. {
1891. "typename": "System.Diagnostics.Process",
1892. "assembly": "System"
1893. },
1894. {
1895. "typename": "System.Diagnostics.ProcessModule",
1896. "assembly": "System"
1897. },
1898. {
1899. "typename": "System.Diagnostics.ProcessStartInfo",
1900. "assembly": "System"
1901. },
1902. {
1903. "typename": "System.Diagnostics.ProcessWindowStyle",
1904. "assembly": "System"
1905. },
1906. {
1907. "typename": "System.Net.CredentialCache",
1908. "assembly": "System"
1909. },
1910. {
1911. "typename": "System.Net.FtpWebRequest",
1912. "assembly": "System"
1913. },
1914. {
1915. "typename": "System.Net.HttpWebRequest",
1916. "assembly": "System"
1917. },
1918. {
1919. "typename": "System.Net.ICredentials",
1920. "assembly": "System"
1921. },
1922. {
1923. "typename": "System.Net.ICredentialsByHost",
1924. "assembly": "System"
1925. },
1926. {
1927. "typename": "System.Net.Mail.Attachment",
1928. "assembly": "System"
1929. },
1930. {
1931. "typename": "System.Net.Mail.AttachmentCollection",
1932. "assembly": "System"
1933. },
1934. {
1935. "typename": "System.Net.Mail.MailAddress",
1936. "assembly": "System"
1937. },
1938. {
1939. "typename": "System.Net.Mail.MailMessage",
1940. "assembly": "System"
1941. },
1942. {
1943. "typename": "System.Net.Mail.SmtpClient",
1944. "assembly": "System"
1945. },
1946. {
1947. "typename": "System.Net.NetworkCredential",
1948. "assembly": "System"
1949. },
1950. {
1951. "typename": "System.Net.WebClient",
1952. "assembly": "System"
1953. },
1954. {
1955. "typename": "System.Net.WebRequest",
1956. "assembly": "System"
1957. },
1958. {
1959. "typename": "System.Net.WebResponse",
1960. "assembly": "System"
1961. },
1962. {
1963. "typename": "System.Text.RegularExpressions.Capture",
1964. "assembly": "System"
1965. },
1966. {
1967. "typename": "System.Text.RegularExpressions.Group",
1968. "assembly": "System"
1969. },
1970. {
1971. "typename": "System.Text.RegularExpressions.GroupCollection",
1972. "assembly": "System"
1973. },
1974. {
1975. "typename": "System.Text.RegularExpressions.Match",
1976. "assembly": "System"
1977. },
1978. {
1979. "typename": "System.Text.RegularExpressions.MatchCollection",
1980. "assembly": "System"
1981. },
1982. {
1983. "typename": "System.Text.RegularExpressions.Regex",
1984. "assembly": "System"
1985. },
1986. {
1987. "typename": "System.Timers.ElapsedEventArgs",
1988. "assembly": "System"
1989. },
1990. {
1991. "typename": "System.Timers.ElapsedEventHandler",
1992. "assembly": "System"
1993. },
1994. {
1995. "typename": "System.Timers.Timer",
1996. "assembly": "System"
1997. },
1998. {
1999. "typename": "System.Uri",
2000. "assembly": "System"
2001. },
2002. {
2003. "typename": "System.Drawing.Bitmap",
2004. "assembly": "System.Drawing"
2005. },
2006. {
2007. "typename": "System.Drawing.Graphics",
2008. "assembly": "System.Drawing"
2009. },
2010. {
2011. "typename": "System.Drawing.Image",
2012. "assembly": "System.Drawing"
2013. },
2014. {
2015. "typename": "System.Drawing.Imaging.Encoder",
2016. "assembly": "System.Drawing"
2017. },
2018. {
2019. "typename": "System.Drawing.Imaging.EncoderParameter",
2020. "assembly": "System.Drawing"
2021. },
2022. {
2023. "typename": "System.Drawing.Imaging.EncoderParameters",
2024. "assembly": "System.Drawing"
2025. },
2026. {
2027. "typename": "System.Drawing.Imaging.ImageCodecInfo",
2028. "assembly": "System.Drawing"
2029. },
2030. {
2031. "typename": "System.Drawing.Imaging.ImageFormat",
2032. "assembly": "System.Drawing"
2033. },
2034. {
2035. "typename": "System.Drawing.Point",
2036. "assembly": "System.Drawing"
2037. },
2038. {
2039. "typename": "System.Drawing.Rectangle",
2040. "assembly": "System.Drawing"
2041. },
2042. {
2043. "typename": "System.Drawing.Size",
2044. "assembly": "System.Drawing"
2045. },
2046. {
2047. "typename": "System.Management.ManagementBaseObject",
2048. "assembly": "System.Management"
2049. },
2050. {
2051. "typename": "System.Management.ManagementClass",
2052. "assembly": "System.Management"
2053. },
2054. {
2055. "typename": "System.Management.ManagementObject",
2056. "assembly": "System.Management"
2057. },
2058. {
2059. "typename": "System.Management.ManagementObjectCollection",
2060. "assembly": "System.Management"
2061. },
2062. {
2063. "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
2064. "assembly": "System.Management"
2065. },
2066. {
2067. "typename": "System.Management.ManagementObjectSearcher",
2068. "assembly": "System.Management"
2069. },
2070. {
2071. "typename": "System.Management.PropertyData",
2072. "assembly": "System.Management"
2073. },
2074. {
2075. "typename": "System.Management.PropertyDataCollection",
2076. "assembly": "System.Management"
2077. },
2078. {
2079. "typename": "System.Security.Cryptography.DataProtectionScope",
2080. "assembly": "System.Security"
2081. },
2082. {
2083. "typename": "System.Security.Cryptography.ProtectedData",
2084. "assembly": "System.Security"
2085. },
2086. {
2087. "typename": "System.Windows.Forms.Application",
2088. "assembly": "System.Windows.Forms"
2089. },
2090. {
2091. "typename": "System.Windows.Forms.CreateParams",
2092. "assembly": "System.Windows.Forms"
2093. },
2094. {
2095. "typename": "System.Windows.Forms.Keys",
2096. "assembly": "System.Windows.Forms"
2097. },
2098. {
2099. "typename": "System.Windows.Forms.Message",
2100. "assembly": "System.Windows.Forms"
2101. },
2102. {
2103. "typename": "System.Windows.Forms.MouseButtons",
2104. "assembly": "System.Windows.Forms"
2105. },
2106. {
2107. "typename": "System.Windows.Forms.NativeWindow",
2108. "assembly": "System.Windows.Forms"
2109. },
2110. {
2111. "typename": "System.Windows.Forms.Screen",
2112. "assembly": "System.Windows.Forms"
2113. },
2114. {
2115. "typename": "System.Windows.Forms.SystemInformation",
2116. "assembly": "System.Windows.Forms"
2117. },
2118. {
2119. "typename": "Microsoft.Win32.Registry",
2120. "assembly": "mscorlib"
2121. },
2122. {
2123. "typename": "Microsoft.Win32.RegistryKey",
2124. "assembly": "mscorlib"
2125. },
2126. {
2127. "typename": "Microsoft.Win32.RegistryValueKind",
2128. "assembly": "mscorlib"
2129. },
2130. {
2131. "typename": "System.Activator",
2132. "assembly": "mscorlib"
2133. },
2134. {
2135. "typename": "System.ArgumentOutOfRangeException",
2136. "assembly": "mscorlib"
2137. },
2138. {
2139. "typename": "System.Array",
2140. "assembly": "mscorlib"
2141. },
2142. {
2143. "typename": "System.AsyncCallback",
2144. "assembly": "mscorlib"
2145. },
2146. {
2147. "typename": "System.BitConverter",
2148. "assembly": "mscorlib"
2149. },
2150. {
2151. "typename": "System.Boolean",
2152. "assembly": "mscorlib"
2153. },
2154. {
2155. "typename": "System.Buffer",
2156. "assembly": "mscorlib"
2157. },
2158. {
2159. "typename": "System.Byte",
2160. "assembly": "mscorlib"
2161. },
2162. {
2163. "typename": "System.Char",
2164. "assembly": "mscorlib"
2165. },
2166. {
2167. "typename": "System.Collections.Generic.Dictionary`2",
2168. "assembly": "mscorlib"
2169. },
2170. {
2171. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
2172. "assembly": "mscorlib"
2173. },
2174. {
2175. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
2176. "assembly": "mscorlib"
2177. },
2178. {
2179. "typename": "System.Collections.Generic.IEnumerable`1",
2180. "assembly": "mscorlib"
2181. },
2182. {
2183. "typename": "System.Collections.Generic.KeyValuePair`2",
2184. "assembly": "mscorlib"
2185. },
2186. {
2187. "typename": "System.Collections.Generic.List`1",
2188. "assembly": "mscorlib"
2189. },
2190. {
2191. "typename": "System.Collections.Generic.List`1/Enumerator",
2192. "assembly": "mscorlib"
2193. },
2194. {
2195. "typename": "System.Collections.IEnumerable",
2196. "assembly": "mscorlib"
2197. },
2198. {
2199. "typename": "System.Collections.IEnumerator",
2200. "assembly": "mscorlib"
2201. },
2202. {
2203. "typename": "System.Collections.ObjectModel.Collection`1",
2204. "assembly": "mscorlib"
2205. },
2206. {
2207. "typename": "System.Convert",
2208. "assembly": "mscorlib"
2209. },
2210. {
2211. "typename": "System.DateTime",
2212. "assembly": "mscorlib"
2213. },
2214. {
2215. "typename": "System.Decimal",
2216. "assembly": "mscorlib"
2217. },
2218. {
2219. "typename": "System.Delegate",
2220. "assembly": "mscorlib"
2221. },
2222. {
2223. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
2224. "assembly": "mscorlib"
2225. },
2226. {
2227. "typename": "System.Double",
2228. "assembly": "mscorlib"
2229. },
2230. {
2231. "typename": "System.Enum",
2232. "assembly": "mscorlib"
2233. },
2234. {
2235. "typename": "System.Environment",
2236. "assembly": "mscorlib"
2237. },
2238. {
2239. "typename": "System.Environment/SpecialFolder",
2240. "assembly": "mscorlib"
2241. },
2242. {
2243. "typename": "System.Exception",
2244. "assembly": "mscorlib"
2245. },
2246. {
2247. "typename": "System.FlagsAttribute",
2248. "assembly": "mscorlib"
2249. },
2250. {
2251. "typename": "System.Globalization.CultureInfo",
2252. "assembly": "mscorlib"
2253. },
2254. {
2255. "typename": "System.Globalization.NumberStyles",
2256. "assembly": "mscorlib"
2257. },
2258. {
2259. "typename": "System.Guid",
2260. "assembly": "mscorlib"
2261. },
2262. {
2263. "typename": "System.IAsyncResult",
2264. "assembly": "mscorlib"
2265. },
2266. {
2267. "typename": "System.IDisposable",
2268. "assembly": "mscorlib"
2269. },
2270. {
2271. "typename": "System.IFormatProvider",
2272. "assembly": "mscorlib"
2273. },
2274. {
2275. "typename": "System.IO.BinaryReader",
2276. "assembly": "mscorlib"
2277. },
2278. {
2279. "typename": "System.IO.Directory",
2280. "assembly": "mscorlib"
2281. },
2282. {
2283. "typename": "System.IO.DirectoryInfo",
2284. "assembly": "mscorlib"
2285. },
2286. {
2287. "typename": "System.IO.DriveInfo",
2288. "assembly": "mscorlib"
2289. },
2290. {
2291. "typename": "System.IO.DriveType",
2292. "assembly": "mscorlib"
2293. },
2294. {
2295. "typename": "System.IO.File",
2296. "assembly": "mscorlib"
2297. },
2298. {
2299. "typename": "System.IO.FileAttributes",
2300. "assembly": "mscorlib"
2301. },
2302. {
2303. "typename": "System.IO.FileInfo",
2304. "assembly": "mscorlib"
2305. },
2306. {
2307. "typename": "System.IO.FileMode",
2308. "assembly": "mscorlib"
2309. },
2310. {
2311. "typename": "System.IO.FileStream",
2312. "assembly": "mscorlib"
2313. },
2314. {
2315. "typename": "System.IO.FileSystemInfo",
2316. "assembly": "mscorlib"
2317. },
2318. {
2319. "typename": "System.IO.MemoryStream",
2320. "assembly": "mscorlib"
2321. },
2322. {
2323. "typename": "System.IO.Path",
2324. "assembly": "mscorlib"
2325. },
2326. {
2327. "typename": "System.IO.SearchOption",
2328. "assembly": "mscorlib"
2329. },
2330. {
2331. "typename": "System.IO.Stream",
2332. "assembly": "mscorlib"
2333. },
2334. {
2335. "typename": "System.IO.StreamReader",
2336. "assembly": "mscorlib"
2337. },
2338. {
2339. "typename": "System.Int16",
2340. "assembly": "mscorlib"
2341. },
2342. {
2343. "typename": "System.Int32",
2344. "assembly": "mscorlib"
2345. },
2346. {
2347. "typename": "System.Int64",
2348. "assembly": "mscorlib"
2349. },
2350. {
2351. "typename": "System.IntPtr",
2352. "assembly": "mscorlib"
2353. },
2354. {
2355. "typename": "System.Math",
2356. "assembly": "mscorlib"
2357. },
2358. {
2359. "typename": "System.MulticastDelegate",
2360. "assembly": "mscorlib"
2361. },
2362. {
2363. "typename": "System.Object",
2364. "assembly": "mscorlib"
2365. },
2366. {
2367. "typename": "System.OperatingSystem",
2368. "assembly": "mscorlib"
2369. },
2370. {
2371. "typename": "System.Random",
2372. "assembly": "mscorlib"
2373. },
2374. {
2375. "typename": "System.Reflection.Assembly",
2376. "assembly": "mscorlib"
2377. },
2378. {
2379. "typename": "System.Reflection.FieldInfo",
2380. "assembly": "mscorlib"
2381. },
2382. {
2383. "typename": "System.Reflection.MethodBase",
2384. "assembly": "mscorlib"
2385. },
2386. {
2387. "typename": "System.Reflection.MethodInfo",
2388. "assembly": "mscorlib"
2389. },
2390. {
2391. "typename": "System.Reflection.Module",
2392. "assembly": "mscorlib"
2393. },
2394. {
2395. "typename": "System.Resources.ResourceManager",
2396. "assembly": "mscorlib"
2397. },
2398. {
2399. "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
2400. "assembly": "mscorlib"
2401. },
2402. {
2403. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
2404. "assembly": "mscorlib"
2405. },
2406. {
2407. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
2408. "assembly": "mscorlib"
2409. },
2410. {
2411. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
2412. "assembly": "mscorlib"
2413. },
2414. {
2415. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
2416. "assembly": "mscorlib"
2417. },
2418. {
2419. "typename": "System.Runtime.ConstrainedExecution.Cer",
2420. "assembly": "mscorlib"
2421. },
2422. {
2423. "typename": "System.Runtime.ConstrainedExecution.Consistency",
2424. "assembly": "mscorlib"
2425. },
2426. {
2427. "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
2428. "assembly": "mscorlib"
2429. },
2430. {
2431. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
2432. "assembly": "mscorlib"
2433. },
2434. {
2435. "typename": "System.Runtime.InteropServices.Marshal",
2436. "assembly": "mscorlib"
2437. },
2438. {
2439. "typename": "System.Runtime.InteropServices.SafeHandle",
2440. "assembly": "mscorlib"
2441. },
2442. {
2443. "typename": "System.RuntimeFieldHandle",
2444. "assembly": "mscorlib"
2445. },
2446. {
2447. "typename": "System.RuntimeTypeHandle",
2448. "assembly": "mscorlib"
2449. },
2450. {
2451. "typename": "System.STAThreadAttribute",
2452. "assembly": "mscorlib"
2453. },
2454. {
2455. "typename": "System.Security.AccessControl.AceFlags",
2456. "assembly": "mscorlib"
2457. },
2458. {
2459. "typename": "System.Security.AccessControl.AceQualifier",
2460. "assembly": "mscorlib"
2461. },
2462. {
2463. "typename": "System.Security.AccessControl.CommonAce",
2464. "assembly": "mscorlib"
2465. },
2466. {
2467. "typename": "System.Security.AccessControl.GenericAce",
2468. "assembly": "mscorlib"
2469. },
2470. {
2471. "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
2472. "assembly": "mscorlib"
2473. },
2474. {
2475. "typename": "System.Security.AccessControl.RawAcl",
2476. "assembly": "mscorlib"
2477. },
2478. {
2479. "typename": "System.Security.AccessControl.RawSecurityDescriptor",
2480. "assembly": "mscorlib"
2481. },
2482. {
2483. "typename": "System.Security.Cryptography.CipherMode",
2484. "assembly": "mscorlib"
2485. },
2486. {
2487. "typename": "System.Security.Cryptography.HMACSHA1",
2488. "assembly": "mscorlib"
2489. },
2490. {
2491. "typename": "System.Security.Cryptography.HashAlgorithm",
2492. "assembly": "mscorlib"
2493. },
2494. {
2495. "typename": "System.Security.Cryptography.ICryptoTransform",
2496. "assembly": "mscorlib"
2497. },
2498. {
2499. "typename": "System.Security.Cryptography.MD5",
2500. "assembly": "mscorlib"
2501. },
2502. {
2503. "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
2504. "assembly": "mscorlib"
2505. },
2506. {
2507. "typename": "System.Security.Cryptography.PaddingMode",
2508. "assembly": "mscorlib"
2509. },
2510. {
2511. "typename": "System.Security.Cryptography.Rijndael",
2512. "assembly": "mscorlib"
2513. },
2514. {
2515. "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
2516. "assembly": "mscorlib"
2517. },
2518. {
2519. "typename": "System.Security.Cryptography.SymmetricAlgorithm",
2520. "assembly": "mscorlib"
2521. },
2522. {
2523. "typename": "System.Security.Cryptography.TripleDES",
2524. "assembly": "mscorlib"
2525. },
2526. {
2527. "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
2528. "assembly": "mscorlib"
2529. },
2530. {
2531. "typename": "System.Security.Principal.SecurityIdentifier",
2532. "assembly": "mscorlib"
2533. },
2534. {
2535. "typename": "System.Security.Principal.WellKnownSidType",
2536. "assembly": "mscorlib"
2537. },
2538. {
2539. "typename": "System.Security.Principal.WindowsBuiltInRole",
2540. "assembly": "mscorlib"
2541. },
2542. {
2543. "typename": "System.Security.Principal.WindowsIdentity",
2544. "assembly": "mscorlib"
2545. },
2546. {
2547. "typename": "System.Security.Principal.WindowsPrincipal",
2548. "assembly": "mscorlib"
2549. },
2550. {
2551. "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
2552. "assembly": "mscorlib"
2553. },
2554. {
2555. "typename": "System.String",
2556. "assembly": "mscorlib"
2557. },
2558. {
2559. "typename": "System.StringComparison",
2560. "assembly": "mscorlib"
2561. },
2562. {
2563. "typename": "System.Text.Decoder",
2564. "assembly": "mscorlib"
2565. },
2566. {
2567. "typename": "System.Text.Encoding",
2568. "assembly": "mscorlib"
2569. },
2570. {
2571. "typename": "System.Text.StringBuilder",
2572. "assembly": "mscorlib"
2573. },
2574. {
2575. "typename": "System.Text.UTF8Encoding",
2576. "assembly": "mscorlib"
2577. },
2578. {
2579. "typename": "System.ThreadStaticAttribute",
2580. "assembly": "mscorlib"
2581. },
2582. {
2583. "typename": "System.Threading.Monitor",
2584. "assembly": "mscorlib"
2585. },
2586. {
2587. "typename": "System.Threading.Mutex",
2588. "assembly": "mscorlib"
2589. },
2590. {
2591. "typename": "System.Threading.Thread",
2592. "assembly": "mscorlib"
2593. },
2594. {
2595. "typename": "System.Threading.ThreadStart",
2596. "assembly": "mscorlib"
2597. },
2598. {
2599. "typename": "System.Type",
2600. "assembly": "mscorlib"
2601. },
2602. {
2603. "typename": "System.UInt32",
2604. "assembly": "mscorlib"
2605. },
2606. {
2607. "typename": "System.UInt64",
2608. "assembly": "mscorlib"
2609. },
2610. {
2611. "typename": "System.ValueType",
2612. "assembly": "mscorlib"
2613. },
2614. {
2615. "typename": "System.Version",
2616. "assembly": "mscorlib"
2617. }
2618. ]
2619. },
2620. "pe": {
2621. "peid_signatures": null,
2622. "imports": [
2623. {
2624. "imports": [
2625. {
2626. "name": "_CorExeMain",
2627. "address": "0x402000"
2628. }
2629. ],
2630. "dll": "mscoree.dll"
2631. }
2632. ],
2633. "digital_signers": null,
2634. "exported_dll_name": null,
2635. "actual_checksum": "0x0004a8af",
2636. "overlay": null,
2637. "imagebase": "0x00400000",
2638. "reported_checksum": "0x00000000",
2639. "icon_hash": null,
2640. "entrypoint": "0x00445f3e",
2641. "timestamp": "2019-06-02 21:34:33",
2642. "osversion": "4.0",
2643. "sections": [
2644. {
2645. "name": ".text",
2646. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2647. "virtual_address": "0x00002000",
2648. "size_of_data": "0x00044000",
2649. "entropy": "6.60",
2650. "raw_address": "0x00000200",
2651. "virtual_size": "0x00043f44",
2652. "characteristics_raw": "0x60000020"
2653. },
2654. {
2655. "name": ".rsrc",
2656. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2657. "virtual_address": "0x00046000",
2658. "size_of_data": "0x00000400",
2659. "entropy": "2.94",
2660. "raw_address": "0x00044200",
2661. "virtual_size": "0x00000370",
2662. "characteristics_raw": "0x40000040"
2663. },
2664. {
2665. "name": ".reloc",
2666. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
2667. "virtual_address": "0x00048000",
2668. "size_of_data": "0x00000200",
2669. "entropy": "0.10",
2670. "raw_address": "0x00044600",
2671. "virtual_size": "0x0000000c",
2672. "characteristics_raw": "0x42000040"
2673. }
2674. ],
2675. "resources": [],
2676. "dirents": [
2677. {
2678. "virtual_address": "0x00000000",
2679. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2680. "size": "0x00000000"
2681. },
2682. {
2683. "virtual_address": "0x00045eec",
2684. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2685. "size": "0x0000004f"
2686. },
2687. {
2688. "virtual_address": "0x00046000",
2689. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2690. "size": "0x00000370"
2691. },
2692. {
2693. "virtual_address": "0x00000000",
2694. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2695. "size": "0x00000000"
2696. },
2697. {
2698. "virtual_address": "0x00000000",
2699. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2700. "size": "0x00000000"
2701. },
2702. {
2703. "virtual_address": "0x00048000",
2704. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2705. "size": "0x0000000c"
2706. },
2707. {
2708. "virtual_address": "0x00000000",
2709. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2710. "size": "0x00000000"
2711. },
2712. {
2713. "virtual_address": "0x00000000",
2714. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2715. "size": "0x00000000"
2716. },
2717. {
2718. "virtual_address": "0x00000000",
2719. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2720. "size": "0x00000000"
2721. },
2722. {
2723. "virtual_address": "0x00000000",
2724. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2725. "size": "0x00000000"
2726. },
2727. {
2728. "virtual_address": "0x00000000",
2729. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2730. "size": "0x00000000"
2731. },
2732. {
2733. "virtual_address": "0x00000000",
2734. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2735. "size": "0x00000000"
2736. },
2737. {
2738. "virtual_address": "0x00002000",
2739. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2740. "size": "0x00000008"
2741. },
2742. {
2743. "virtual_address": "0x00000000",
2744. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2745. "size": "0x00000000"
2746. },
2747. {
2748. "virtual_address": "0x00002008",
2749. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2750. "size": "0x00000048"
2751. },
2752. {
2753. "virtual_address": "0x00000000",
2754. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2755. "size": "0x00000000"
2756. }
2757. ],
2758. "exports": [],
2759. "guest_signers": {},
2760. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
2761. "icon_fuzzy": null,
2762. "icon": null,
2763. "pdbpath": null,
2764. "imported_dll_count": 1,
2765. "versioninfo": []
2766. }
2767. }