Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Pony"
- [*] MalScore: 10.0
- [*] File Name: "Exes_d6f9d30bafb642ff791583a8874b0796.exe"
- [*] File Size: 1361920
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "573570429af3d9c0b945dcb64e3302e0d30a8db1c9eae2f95ed92a75dd3cf197"
- [*] MD5: "d6f9d30bafb642ff791583a8874b0796"
- [*] SHA1: "07f7bd5f8d2b14b89a147de550c6a16522597f70"
- [*] SHA512: "8a5376b1d57b167ecc908fe50d8040b45e930845e452ab68acebcdc61df2d8186c01a7a7199065635a8d347efc4f40c7e5a6ce836eb484cc3e6f7840dbbb4aa2"
- [*] CRC32: "3DAAC7B7"
- [*] SSDEEP: "24576:uAHnh+eWsN3skA4RV1Hom2KXMmHaRPnBe51mnhs/y82jsThHAJi1AhM5:Zh+ZkldoPK8YaRJe51mnm/y8ImmQ"
- [*] Process Execution: [
- "Exes_d6f9d30bafb642ff791583a8874b0796.exe",
- "Exes_d6f9d30bafb642ff791583a8874b0796.exe",
- "cmd.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "Exes_d6f9d30bafb642ff791583a8874b0796.exe, PID 1680"
- }
- ]
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: Exes_d6f9d30bafb642ff791583a8874b0796.exe, pid: 2136, offset: 0x0014c400, length: 0x00000400"
- }
- ]
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "Exes_d6f9d30bafb642ff791583a8874b0796.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .rsrc, entropy: 7.92, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00082200, virtual_size: 0x00082118"
- }
- ]
- },
- {
- "Description": "Deletes its original binary from disk",
- "Details": []
- },
- {
- "Description": "Steals private information from local Internet browsers",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- }
- ]
- },
- {
- "Description": "Exhibits behavior characteristic of Pony malware",
- "Details": []
- },
- {
- "Description": "Collects information about installed applications",
- "Details": [
- {
- "Program": "Google Update Helper"
- },
- {
- "Program": "Microsoft Excel MUI 2013"
- },
- {
- "Program": "Microsoft Outlook MUI 2013"
- },
- {
- "Program": "Python 2.7.15"
- },
- {
- "Program": "Google Chrome"
- },
- {
- "Program": "Adobe Flash Player 29 NPAPI"
- },
- {
- "Program": "Adobe Flash Player 29 ActiveX"
- },
- {
- "Program": "Microsoft DCF MUI 2013"
- },
- {
- "Program": "Microsoft Access MUI 2013"
- },
- {
- "Program": "Microsoft Office Proofing Tools 2013 - English"
- },
- {
- "Program": "Adobe Acrobat Reader DC"
- },
- {
- "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xef\\xbf\\xb1ol"
- },
- {
- "Program": "Microsoft Publisher MUI 2013"
- },
- {
- "Program": "Outils de v\\xef\\xbf\\xa9rification linguistique 2013 de Microsoft Office\\xef\\xbe\\xa0- Fran\\xef\\xbf\\xa7ais"
- },
- {
- "Program": "Microsoft Office Shared MUI 2013"
- },
- {
- "Program": "Microsoft Office OSM MUI 2013"
- },
- {
- "Program": "Microsoft InfoPath MUI 2013"
- },
- {
- "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
- },
- {
- "Program": "Microsoft Word MUI 2013"
- },
- {
- "Program": "Microsoft Groove MUI 2013"
- },
- {
- "Program": "Python 2.7 PIL-1.1.7"
- },
- {
- "Program": "Microsoft Access Setup Metadata MUI 2013"
- },
- {
- "Program": "Microsoft Office OSM UX MUI 2013"
- },
- {
- "Program": "Microsoft PowerPoint MUI 2013"
- },
- {
- "Program": "Microsoft Office Professional Plus 2013"
- },
- {
- "Program": "Adobe Refresh Manager"
- },
- {
- "Program": "Microsoft Office Proofing 2013"
- },
- {
- "Program": "Microsoft Lync MUI 2013"
- },
- {
- "Program": "Python Launcher"
- },
- {
- "Program": "Microsoft OneNote MUI 2013"
- }
- ]
- },
- {
- "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "K7AntiVirus": "Trojan ( 700000111 )"
- },
- {
- "K7GW": "Trojan ( 700000111 )"
- },
- {
- "Cybereason": "malicious.f8d2b1"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "F-Prot": "W32/AutoIt.IJ.gen!Eldorado"
- },
- {
- "Symantec": "ML.Attribute.HighConfidence"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Kaspersky": "HEUR:Trojan.Script.Generic"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Downloader.tc"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "FireEye": "Generic.mg.d6f9d30bafb642ff"
- },
- {
- "Cyren": "W32/AutoIt.IJ.gen!Eldorado"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Antiy-AVL": "Trojan/Generic.ASVCS3S.1E5"
- },
- {
- "ZoneAlarm": "HEUR:Trojan.Script.Generic"
- },
- {
- "Microsoft": "Trojan:Win32/Emelent.E!cl"
- },
- {
- "ESET-NOD32": "a variant of Win32/Packed.AutoIt.OM"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "Qihoo-360": "HEUR/QVM10.1.EDAC.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Harvests credentials from local FTP client softwares",
- "Details": [
- {
- "file": "C:\\Program Files (x86)\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\ProgramData\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\GlobalSCAPE\\CuteFTP\\sm.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\4\\Sites.dat"
- },
- {
- "file": "C:\\ProgramData\\FlashFXP\\3\\Sites.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\3\\Sites.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\4\\Sites.dat"
- },
- {
- "file": "C:\\ProgramData\\FlashFXP\\4\\Sites.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\3\\Sites.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\3\\Quick.dat"
- },
- {
- "file": "C:\\ProgramData\\FlashFXP\\4\\Quick.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\4\\Quick.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\4\\Quick.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\3\\Quick.dat"
- },
- {
- "file": "C:\\ProgramData\\FlashFXP\\3\\Quick.dat"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FileZilla\\sitemanager.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\sitemanager.xml"
- },
- {
- "file": "C:\\ProgramData\\FileZilla\\sitemanager.xml"
- },
- {
- "file": "C:\\ProgramData\\FileZilla\\recentservers.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FileZilla\\recentservers.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\VanDyke\\Config\\Sessions\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\VanDyke\\Config\\Sessions\\*.*"
- },
- {
- "file": "C:\\ProgramData\\VanDyke\\Config\\Sessions\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FTP Explorer\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FTP Explorer\\*.*"
- },
- {
- "file": "C:\\ProgramData\\FTP Explorer\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\SmartFTP\\*.*"
- },
- {
- "file": "C:\\ProgramData\\SmartFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\TurboFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\TurboFTP\\*.*"
- },
- {
- "file": "C:\\ProgramData\\TurboFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FTPRush\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FTPRush\\*.*"
- },
- {
- "file": "C:\\ProgramData\\FTPRush\\*.*"
- },
- {
- "file": "C:\\ProgramData\\LeapWare\\LeapFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\LeapWare\\LeapFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\LeapWare\\LeapFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\FTPGetter\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FTPGetter\\*.*"
- },
- {
- "file": "C:\\ProgramData\\FTPGetter\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Estsoft\\ALFTP\\*.*"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Estsoft\\ALFTP\\*.*"
- },
- {
- "file": "C:\\ProgramData\\Estsoft\\ALFTP\\*.*"
- },
- {
- "file": "C:\\Program Files (x86)\\Common Files\\Ipswitch\\WS_FTP\\*.*"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far Manager\\Plugins\\FTP\\Hosts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far\\Plugins\\FTP\\Hosts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far2\\Plugins\\FTP\\Hosts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far\\SavedDialogHistory\\FTPHost"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far2\\SavedDialogHistory\\FTPHost"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Far Manager\\SavedDialogHistory\\FTPHost"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Professional\\QCToolbar"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Professional\\QCToolbar"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Home\\QCToolbar"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Professional\\QCToolbar"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Home\\QCToolbar"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Home\\QCToolbar"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Windows Commander"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Windows Commander"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Total Commander"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Options"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Main"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FileZilla"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\FileZilla"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FileZilla Client"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\FileZilla Client"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\TurboFTP"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\TurboFTP"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Sota\\FFFTP\\Options"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Sota\\FFFTP"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTP Explorer\\FTP Explorer\\Workspace\\MFCToolBar-224"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTP Explorer\\Profiles"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\FTPClient\\Sites"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTPClient\\Sites"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\LinasFTP\\Site Manager"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Robo-FTP 3.7\\Scripts"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Robo-FTP 3.7\\FTPServers"
- },
- {
- "key": "HKEY_CURRENT_USER\\SOFTWARE\\Robo-FTP 3.7\\FTPServers"
- },
- {
- "key": "HKEY_CURRENT_USER\\SOFTWARE\\Robo-FTP 3.7\\Scripts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\MAS-Soft\\FTPInfo\\Setup"
- },
- {
- "key": "HKEY_LOCAL_MACHINE\\Software\\SoftX.org\\FTPClient\\Sites"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\SoftX.org\\FTPClient\\Sites"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Main"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Options"
- }
- ]
- },
- {
- "Description": "Harvests information related to installed mail clients",
- "Details": [
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Microsoft Outlook Internet Settings"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts"
- },
- {
- "key": "HKEY_CURRENT_USER\\Identities\\{0A258175-2D14-4D69-9955-E200F247250F}\\Software\\Microsoft\\Internet Account Manager\\Accounts"
- }
- ]
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Actual checksum does not match that reported in PE header"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe\"",
- "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat \"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe\""
- ]
- [*] Mutexes: [
- "frenchy_shellcode_001",
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
- "\\??\\PIPE\\samr",
- "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\WinRAR",
- "HKEY_CURRENT_USER\\Software\\WinRAR\\HWID"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7036\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7037-17042\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17043-29579\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29580-44625\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=44626-76391\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=76392-94225\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=94226-132528\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=132529-251845\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=251846-371302\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=371303-530484\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=530485-721066\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=721067-1033388\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1033389-1338018\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1338019-1728181\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1728182-2098972\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2098973-2489325\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2489326-2863066\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2863067-3289430\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3289431-3914209\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3914210-4299952\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4299953-4697783\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4697784-5100081\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5100082-5701635\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5701636-6244428\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6244429-6671613\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6671614-7173344\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7173345-7944830\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7944831-8715022\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8715023-9534495\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9534496-10051540\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10051541-10617647\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10617648-11449239\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11449240-11935235\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11935236-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "WSACleanup",
- "address": "0x48f7c8"
- },
- {
- "name": "socket",
- "address": "0x48f7cc"
- },
- {
- "name": "inet_ntoa",
- "address": "0x48f7d0"
- },
- {
- "name": "setsockopt",
- "address": "0x48f7d4"
- },
- {
- "name": "ntohs",
- "address": "0x48f7d8"
- },
- {
- "name": "recvfrom",
- "address": "0x48f7dc"
- },
- {
- "name": "ioctlsocket",
- "address": "0x48f7e0"
- },
- {
- "name": "htons",
- "address": "0x48f7e4"
- },
- {
- "name": "WSAStartup",
- "address": "0x48f7e8"
- },
- {
- "name": "__WSAFDIsSet",
- "address": "0x48f7ec"
- },
- {
- "name": "select",
- "address": "0x48f7f0"
- },
- {
- "name": "accept",
- "address": "0x48f7f4"
- },
- {
- "name": "listen",
- "address": "0x48f7f8"
- },
- {
- "name": "bind",
- "address": "0x48f7fc"
- },
- {
- "name": "closesocket",
- "address": "0x48f800"
- },
- {
- "name": "WSAGetLastError",
- "address": "0x48f804"
- },
- {
- "name": "recv",
- "address": "0x48f808"
- },
- {
- "name": "sendto",
- "address": "0x48f80c"
- },
- {
- "name": "send",
- "address": "0x48f810"
- },
- {
- "name": "inet_addr",
- "address": "0x48f814"
- },
- {
- "name": "gethostbyname",
- "address": "0x48f818"
- },
- {
- "name": "gethostname",
- "address": "0x48f81c"
- },
- {
- "name": "connect",
- "address": "0x48f820"
- }
- ],
- "dll": "WSOCK32.dll"
- },
- {
- "imports": [
- {
- "name": "GetFileVersionInfoW",
- "address": "0x48f76c"
- },
- {
- "name": "GetFileVersionInfoSizeW",
- "address": "0x48f770"
- },
- {
- "name": "VerQueryValueW",
- "address": "0x48f774"
- }
- ],
- "dll": "VERSION.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x48f7b8"
- },
- {
- "name": "waveOutSetVolume",
- "address": "0x48f7bc"
- },
- {
- "name": "mciSendStringW",
- "address": "0x48f7c0"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x48f088"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x48f08c"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x48f090"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x48f094"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x48f098"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x48f09c"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x48f0a0"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x48f0a4"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x48f0a8"
- },
- {
- "name": "InitCommonControlsEx",
- "address": "0x48f0ac"
- },
- {
- "name": "ImageList_Create",
- "address": "0x48f0b0"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "WNetUseConnectionW",
- "address": "0x48f3f8"
- },
- {
- "name": "WNetCancelConnection2W",
- "address": "0x48f3fc"
- },
- {
- "name": "WNetGetConnectionW",
- "address": "0x48f400"
- },
- {
- "name": "WNetAddConnection2W",
- "address": "0x48f404"
- }
- ],
- "dll": "MPR.dll"
- },
- {
- "imports": [
- {
- "name": "InternetQueryDataAvailable",
- "address": "0x48f77c"
- },
- {
- "name": "InternetCloseHandle",
- "address": "0x48f780"
- },
- {
- "name": "InternetOpenW",
- "address": "0x48f784"
- },
- {
- "name": "InternetSetOptionW",
- "address": "0x48f788"
- },
- {
- "name": "InternetCrackUrlW",
- "address": "0x48f78c"
- },
- {
- "name": "HttpQueryInfoW",
- "address": "0x48f790"
- },
- {
- "name": "InternetQueryOptionW",
- "address": "0x48f794"
- },
- {
- "name": "HttpOpenRequestW",
- "address": "0x48f798"
- },
- {
- "name": "HttpSendRequestW",
- "address": "0x48f79c"
- },
- {
- "name": "FtpOpenFileW",
- "address": "0x48f7a0"
- },
- {
- "name": "FtpGetFileSize",
- "address": "0x48f7a4"
- },
- {
- "name": "InternetOpenUrlW",
- "address": "0x48f7a8"
- },
- {
- "name": "InternetReadFile",
- "address": "0x48f7ac"
- },
- {
- "name": "InternetConnectW",
- "address": "0x48f7b0"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "GetProcessMemoryInfo",
- "address": "0x48f484"
- }
- ],
- "dll": "PSAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "IcmpCreateFile",
- "address": "0x48f154"
- },
- {
- "name": "IcmpCloseHandle",
- "address": "0x48f158"
- },
- {
- "name": "IcmpSendEcho",
- "address": "0x48f15c"
- }
- ],
- "dll": "IPHLPAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "DestroyEnvironmentBlock",
- "address": "0x48f750"
- },
- {
- "name": "UnloadUserProfile",
- "address": "0x48f754"
- },
- {
- "name": "CreateEnvironmentBlock",
- "address": "0x48f758"
- },
- {
- "name": "LoadUserProfileW",
- "address": "0x48f75c"
- }
- ],
- "dll": "USERENV.dll"
- },
- {
- "imports": [
- {
- "name": "IsThemeActive",
- "address": "0x48f764"
- }
- ],
- "dll": "UxTheme.dll"
- },
- {
- "imports": [
- {
- "name": "DuplicateHandle",
- "address": "0x48f164"
- },
- {
- "name": "CreateThread",
- "address": "0x48f168"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x48f16c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x48f170"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x48f174"
- },
- {
- "name": "HeapFree",
- "address": "0x48f178"
- },
- {
- "name": "Sleep",
- "address": "0x48f17c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x48f180"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x48f184"
- },
- {
- "name": "MulDiv",
- "address": "0x48f188"
- },
- {
- "name": "GetVersionExW",
- "address": "0x48f18c"
- },
- {
- "name": "IsWow64Process",
- "address": "0x48f190"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x48f194"
- },
- {
- "name": "FreeLibrary",
- "address": "0x48f198"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x48f19c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x48f1a0"
- },
- {
- "name": "SetErrorMode",
- "address": "0x48f1a4"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x48f1a8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x48f1ac"
- },
- {
- "name": "lstrcpyW",
- "address": "0x48f1b0"
- },
- {
- "name": "lstrlenW",
- "address": "0x48f1b4"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x48f1b8"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x48f1bc"
- },
- {
- "name": "VirtualFreeEx",
- "address": "0x48f1c0"
- },
- {
- "name": "OpenProcess",
- "address": "0x48f1c4"
- },
- {
- "name": "VirtualAllocEx",
- "address": "0x48f1c8"
- },
- {
- "name": "WriteProcessMemory",
- "address": "0x48f1cc"
- },
- {
- "name": "ReadProcessMemory",
- "address": "0x48f1d0"
- },
- {
- "name": "CreateFileW",
- "address": "0x48f1d4"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x48f1d8"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x48f1dc"
- },
- {
- "name": "ReadFile",
- "address": "0x48f1e0"
- },
- {
- "name": "WriteFile",
- "address": "0x48f1e4"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x48f1e8"
- },
- {
- "name": "TerminateProcess",
- "address": "0x48f1ec"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x48f1f0"
- },
- {
- "name": "Process32FirstW",
- "address": "0x48f1f4"
- },
- {
- "name": "Process32NextW",
- "address": "0x48f1f8"
- },
- {
- "name": "SetFileTime",
- "address": "0x48f1fc"
- },
- {
- "name": "GetFileAttributesW",
- "address": "0x48f200"
- },
- {
- "name": "FindFirstFileW",
- "address": "0x48f204"
- },
- {
- "name": "SetCurrentDirectoryW",
- "address": "0x48f208"
- },
- {
- "name": "GetLongPathNameW",
- "address": "0x48f20c"
- },
- {
- "name": "GetShortPathNameW",
- "address": "0x48f210"
- },
- {
- "name": "DeleteFileW",
- "address": "0x48f214"
- },
- {
- "name": "FindNextFileW",
- "address": "0x48f218"
- },
- {
- "name": "CopyFileExW",
- "address": "0x48f21c"
- },
- {
- "name": "MoveFileW",
- "address": "0x48f220"
- },
- {
- "name": "CreateDirectoryW",
- "address": "0x48f224"
- },
- {
- "name": "RemoveDirectoryW",
- "address": "0x48f228"
- },
- {
- "name": "SetSystemPowerState",
- "address": "0x48f22c"
- },
- {
- "name": "QueryPerformanceFrequency",
- "address": "0x48f230"
- },
- {
- "name": "FindResourceW",
- "address": "0x48f234"
- },
- {
- "name": "LoadResource",
- "address": "0x48f238"
- },
- {
- "name": "LockResource",
- "address": "0x48f23c"
- },
- {
- "name": "SizeofResource",
- "address": "0x48f240"
- },
- {
- "name": "EnumResourceNamesW",
- "address": "0x48f244"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x48f248"
- },
- {
- "name": "GetTempPathW",
- "address": "0x48f24c"
- },
- {
- "name": "GetTempFileNameW",
- "address": "0x48f250"
- },
- {
- "name": "DeviceIoControl",
- "address": "0x48f254"
- },
- {
- "name": "GetLocalTime",
- "address": "0x48f258"
- },
- {
- "name": "CompareStringW",
- "address": "0x48f25c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x48f260"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x48f264"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x48f268"
- },
- {
- "name": "GetStdHandle",
- "address": "0x48f26c"
- },
- {
- "name": "CreatePipe",
- "address": "0x48f270"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x48f274"
- },
- {
- "name": "TerminateThread",
- "address": "0x48f278"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x48f27c"
- },
- {
- "name": "FindResourceExW",
- "address": "0x48f280"
- },
- {
- "name": "CopyFileW",
- "address": "0x48f284"
- },
- {
- "name": "VirtualFree",
- "address": "0x48f288"
- },
- {
- "name": "FormatMessageW",
- "address": "0x48f28c"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x48f290"
- },
- {
- "name": "GetPrivateProfileStringW",
- "address": "0x48f294"
- },
- {
- "name": "WritePrivateProfileStringW",
- "address": "0x48f298"
- },
- {
- "name": "GetPrivateProfileSectionW",
- "address": "0x48f29c"
- },
- {
- "name": "WritePrivateProfileSectionW",
- "address": "0x48f2a0"
- },
- {
- "name": "GetPrivateProfileSectionNamesW",
- "address": "0x48f2a4"
- },
- {
- "name": "FileTimeToLocalFileTime",
- "address": "0x48f2a8"
- },
- {
- "name": "FileTimeToSystemTime",
- "address": "0x48f2ac"
- },
- {
- "name": "SystemTimeToFileTime",
- "address": "0x48f2b0"
- },
- {
- "name": "LocalFileTimeToFileTime",
- "address": "0x48f2b4"
- },
- {
- "name": "GetDriveTypeW",
- "address": "0x48f2b8"
- },
- {
- "name": "GetDiskFreeSpaceExW",
- "address": "0x48f2bc"
- },
- {
- "name": "GetDiskFreeSpaceW",
- "address": "0x48f2c0"
- },
- {
- "name": "GetVolumeInformationW",
- "address": "0x48f2c4"
- },
- {
- "name": "SetVolumeLabelW",
- "address": "0x48f2c8"
- },
- {
- "name": "CreateHardLinkW",
- "address": "0x48f2cc"
- },
- {
- "name": "SetFileAttributesW",
- "address": "0x48f2d0"
- },
- {
- "name": "CreateEventW",
- "address": "0x48f2d4"
- },
- {
- "name": "SetEvent",
- "address": "0x48f2d8"
- },
- {
- "name": "GetEnvironmentVariableW",
- "address": "0x48f2dc"
- },
- {
- "name": "SetEnvironmentVariableW",
- "address": "0x48f2e0"
- },
- {
- "name": "GlobalLock",
- "address": "0x48f2e4"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x48f2e8"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x48f2ec"
- },
- {
- "name": "GetFileSize",
- "address": "0x48f2f0"
- },
- {
- "name": "GlobalFree",
- "address": "0x48f2f4"
- },
- {
- "name": "GlobalMemoryStatusEx",
- "address": "0x48f2f8"
- },
- {
- "name": "Beep",
- "address": "0x48f2fc"
- },
- {
- "name": "GetSystemDirectoryW",
- "address": "0x48f300"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x48f304"
- },
- {
- "name": "HeapSize",
- "address": "0x48f308"
- },
- {
- "name": "GetComputerNameW",
- "address": "0x48f30c"
- },
- {
- "name": "GetWindowsDirectoryW",
- "address": "0x48f310"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x48f314"
- },
- {
- "name": "GetProcessIoCounters",
- "address": "0x48f318"
- },
- {
- "name": "CreateProcessW",
- "address": "0x48f31c"
- },
- {
- "name": "GetProcessId",
- "address": "0x48f320"
- },
- {
- "name": "SetPriorityClass",
- "address": "0x48f324"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x48f328"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x48f32c"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x48f330"
- },
- {
- "name": "GetCurrentDirectoryW",
- "address": "0x48f334"
- },
- {
- "name": "lstrcmpiW",
- "address": "0x48f338"
- },
- {
- "name": "DecodePointer",
- "address": "0x48f33c"
- },
- {
- "name": "GetLastError",
- "address": "0x48f340"
- },
- {
- "name": "RaiseException",
- "address": "0x48f344"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x48f348"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x48f34c"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x48f350"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x48f354"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x48f358"
- },
- {
- "name": "CloseHandle",
- "address": "0x48f35c"
- },
- {
- "name": "GetFullPathNameW",
- "address": "0x48f360"
- },
- {
- "name": "EncodePointer",
- "address": "0x48f364"
- },
- {
- "name": "ExitProcess",
- "address": "0x48f368"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x48f36c"
- },
- {
- "name": "ExitThread",
- "address": "0x48f370"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x48f374"
- },
- {
- "name": "ResumeThread",
- "address": "0x48f378"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x48f37c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x48f380"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x48f384"
- },
- {
- "name": "GetACP",
- "address": "0x48f388"
- },
- {
- "name": "GetOEMCP",
- "address": "0x48f38c"
- },
- {
- "name": "GetCPInfo",
- "address": "0x48f390"
- },
- {
- "name": "SetLastError",
- "address": "0x48f394"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x48f398"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x48f39c"
- },
- {
- "name": "TlsAlloc",
- "address": "0x48f3a0"
- },
- {
- "name": "TlsGetValue",
- "address": "0x48f3a4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x48f3a8"
- },
- {
- "name": "TlsFree",
- "address": "0x48f3ac"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x48f3b0"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x48f3b4"
- },
- {
- "name": "SetStdHandle",
- "address": "0x48f3b8"
- },
- {
- "name": "GetFileType",
- "address": "0x48f3bc"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x48f3c0"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x48f3c4"
- },
- {
- "name": "RtlUnwind",
- "address": "0x48f3c8"
- },
- {
- "name": "ReadConsoleW",
- "address": "0x48f3cc"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x48f3d0"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x48f3d4"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x48f3d8"
- },
- {
- "name": "LCMapStringW",
- "address": "0x48f3dc"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x48f3e0"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x48f3e4"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x48f3e8"
- },
- {
- "name": "FindClose",
- "address": "0x48f3ec"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x48f3f0"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustWindowRectEx",
- "address": "0x48f4cc"
- },
- {
- "name": "CopyImage",
- "address": "0x48f4d0"
- },
- {
- "name": "SetWindowPos",
- "address": "0x48f4d4"
- },
- {
- "name": "GetCursorInfo",
- "address": "0x48f4d8"
- },
- {
- "name": "RegisterHotKey",
- "address": "0x48f4dc"
- },
- {
- "name": "ClientToScreen",
- "address": "0x48f4e0"
- },
- {
- "name": "GetKeyboardLayoutNameW",
- "address": "0x48f4e4"
- },
- {
- "name": "IsCharAlphaW",
- "address": "0x48f4e8"
- },
- {
- "name": "IsCharAlphaNumericW",
- "address": "0x48f4ec"
- },
- {
- "name": "IsCharLowerW",
- "address": "0x48f4f0"
- },
- {
- "name": "IsCharUpperW",
- "address": "0x48f4f4"
- },
- {
- "name": "GetMenuStringW",
- "address": "0x48f4f8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x48f4fc"
- },
- {
- "name": "GetCaretPos",
- "address": "0x48f500"
- },
- {
- "name": "IsZoomed",
- "address": "0x48f504"
- },
- {
- "name": "MonitorFromPoint",
- "address": "0x48f508"
- },
- {
- "name": "GetMonitorInfoW",
- "address": "0x48f50c"
- },
- {
- "name": "SetWindowLongW",
- "address": "0x48f510"
- },
- {
- "name": "SetLayeredWindowAttributes",
- "address": "0x48f514"
- },
- {
- "name": "FlashWindow",
- "address": "0x48f518"
- },
- {
- "name": "GetClassLongW",
- "address": "0x48f51c"
- },
- {
- "name": "TranslateAcceleratorW",
- "address": "0x48f520"
- },
- {
- "name": "IsDialogMessageW",
- "address": "0x48f524"
- },
- {
- "name": "GetSysColor",
- "address": "0x48f528"
- },
- {
- "name": "InflateRect",
- "address": "0x48f52c"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x48f530"
- },
- {
- "name": "DrawTextW",
- "address": "0x48f534"
- },
- {
- "name": "FrameRect",
- "address": "0x48f538"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x48f53c"
- },
- {
- "name": "FillRect",
- "address": "0x48f540"
- },
- {
- "name": "PtInRect",
- "address": "0x48f544"
- },
- {
- "name": "DestroyAcceleratorTable",
- "address": "0x48f548"
- },
- {
- "name": "CreateAcceleratorTableW",
- "address": "0x48f54c"
- },
- {
- "name": "SetCursor",
- "address": "0x48f550"
- },
- {
- "name": "GetWindowDC",
- "address": "0x48f554"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x48f558"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x48f55c"
- },
- {
- "name": "CharNextW",
- "address": "0x48f560"
- },
- {
- "name": "wsprintfW",
- "address": "0x48f564"
- },
- {
- "name": "RedrawWindow",
- "address": "0x48f568"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x48f56c"
- },
- {
- "name": "DestroyMenu",
- "address": "0x48f570"
- },
- {
- "name": "SetMenu",
- "address": "0x48f574"
- },
- {
- "name": "GetWindowTextLengthW",
- "address": "0x48f578"
- },
- {
- "name": "CreateMenu",
- "address": "0x48f57c"
- },
- {
- "name": "IsDlgButtonChecked",
- "address": "0x48f580"
- },
- {
- "name": "DefDlgProcW",
- "address": "0x48f584"
- },
- {
- "name": "CallWindowProcW",
- "address": "0x48f588"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x48f58c"
- },
- {
- "name": "SetCapture",
- "address": "0x48f590"
- },
- {
- "name": "CreateIconFromResourceEx",
- "address": "0x48f594"
- },
- {
- "name": "mouse_event",
- "address": "0x48f598"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x48f59c"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x48f5a0"
- },
- {
- "name": "FindWindowExW",
- "address": "0x48f5a4"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x48f5a8"
- },
- {
- "name": "SetMenuDefaultItem",
- "address": "0x48f5ac"
- },
- {
- "name": "InsertMenuItemW",
- "address": "0x48f5b0"
- },
- {
- "name": "IsMenu",
- "address": "0x48f5b4"
- },
- {
- "name": "TrackPopupMenuEx",
- "address": "0x48f5b8"
- },
- {
- "name": "GetCursorPos",
- "address": "0x48f5bc"
- },
- {
- "name": "DeleteMenu",
- "address": "0x48f5c0"
- },
- {
- "name": "SetRect",
- "address": "0x48f5c4"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x48f5c8"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x48f5cc"
- },
- {
- "name": "SetMenuItemInfoW",
- "address": "0x48f5d0"
- },
- {
- "name": "GetMenuItemInfoW",
- "address": "0x48f5d4"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x48f5d8"
- },
- {
- "name": "IsIconic",
- "address": "0x48f5dc"
- },
- {
- "name": "FindWindowW",
- "address": "0x48f5e0"
- },
- {
- "name": "MonitorFromRect",
- "address": "0x48f5e4"
- },
- {
- "name": "keybd_event",
- "address": "0x48f5e8"
- },
- {
- "name": "SendInput",
- "address": "0x48f5ec"
- },
- {
- "name": "GetAsyncKeyState",
- "address": "0x48f5f0"
- },
- {
- "name": "SetKeyboardState",
- "address": "0x48f5f4"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x48f5f8"
- },
- {
- "name": "GetKeyState",
- "address": "0x48f5fc"
- },
- {
- "name": "VkKeyScanW",
- "address": "0x48f600"
- },
- {
- "name": "LoadStringW",
- "address": "0x48f604"
- },
- {
- "name": "DialogBoxParamW",
- "address": "0x48f608"
- },
- {
- "name": "MessageBeep",
- "address": "0x48f60c"
- },
- {
- "name": "EndDialog",
- "address": "0x48f610"
- },
- {
- "name": "SendDlgItemMessageW",
- "address": "0x48f614"
- },
- {
- "name": "GetDlgItem",
- "address": "0x48f618"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x48f61c"
- },
- {
- "name": "CopyRect",
- "address": "0x48f620"
- },
- {
- "name": "ReleaseDC",
- "address": "0x48f624"
- },
- {
- "name": "GetDC",
- "address": "0x48f628"
- },
- {
- "name": "EndPaint",
- "address": "0x48f62c"
- },
- {
- "name": "BeginPaint",
- "address": "0x48f630"
- },
- {
- "name": "GetClientRect",
- "address": "0x48f634"
- },
- {
- "name": "GetMenu",
- "address": "0x48f638"
- },
- {
- "name": "DestroyWindow",
- "address": "0x48f63c"
- },
- {
- "name": "EnumWindows",
- "address": "0x48f640"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x48f644"
- },
- {
- "name": "IsWindow",
- "address": "0x48f648"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x48f64c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x48f650"
- },
- {
- "name": "EnableWindow",
- "address": "0x48f654"
- },
- {
- "name": "InvalidateRect",
- "address": "0x48f658"
- },
- {
- "name": "GetWindowLongW",
- "address": "0x48f65c"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x48f660"
- },
- {
- "name": "AttachThreadInput",
- "address": "0x48f664"
- },
- {
- "name": "GetFocus",
- "address": "0x48f668"
- },
- {
- "name": "GetWindowTextW",
- "address": "0x48f66c"
- },
- {
- "name": "ScreenToClient",
- "address": "0x48f670"
- },
- {
- "name": "SendMessageTimeoutW",
- "address": "0x48f674"
- },
- {
- "name": "EnumChildWindows",
- "address": "0x48f678"
- },
- {
- "name": "CharUpperBuffW",
- "address": "0x48f67c"
- },
- {
- "name": "GetParent",
- "address": "0x48f680"
- },
- {
- "name": "GetDlgCtrlID",
- "address": "0x48f684"
- },
- {
- "name": "SendMessageW",
- "address": "0x48f688"
- },
- {
- "name": "MapVirtualKeyW",
- "address": "0x48f68c"
- },
- {
- "name": "PostMessageW",
- "address": "0x48f690"
- },
- {
- "name": "GetWindowRect",
- "address": "0x48f694"
- },
- {
- "name": "SetUserObjectSecurity",
- "address": "0x48f698"
- },
- {
- "name": "CloseDesktop",
- "address": "0x48f69c"
- },
- {
- "name": "CloseWindowStation",
- "address": "0x48f6a0"
- },
- {
- "name": "OpenDesktopW",
- "address": "0x48f6a4"
- },
- {
- "name": "SetProcessWindowStation",
- "address": "0x48f6a8"
- },
- {
- "name": "GetProcessWindowStation",
- "address": "0x48f6ac"
- },
- {
- "name": "OpenWindowStationW",
- "address": "0x48f6b0"
- },
- {
- "name": "GetUserObjectSecurity",
- "address": "0x48f6b4"
- },
- {
- "name": "MessageBoxW",
- "address": "0x48f6b8"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x48f6bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x48f6c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x48f6c4"
- },
- {
- "name": "CountClipboardFormats",
- "address": "0x48f6c8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x48f6cc"
- },
- {
- "name": "GetClipboardData",
- "address": "0x48f6d0"
- },
- {
- "name": "IsClipboardFormatAvailable",
- "address": "0x48f6d4"
- },
- {
- "name": "OpenClipboard",
- "address": "0x48f6d8"
- },
- {
- "name": "BlockInput",
- "address": "0x48f6dc"
- },
- {
- "name": "GetMessageW",
- "address": "0x48f6e0"
- },
- {
- "name": "LockWindowUpdate",
- "address": "0x48f6e4"
- },
- {
- "name": "DispatchMessageW",
- "address": "0x48f6e8"
- },
- {
- "name": "TranslateMessage",
- "address": "0x48f6ec"
- },
- {
- "name": "PeekMessageW",
- "address": "0x48f6f0"
- },
- {
- "name": "UnregisterHotKey",
- "address": "0x48f6f4"
- },
- {
- "name": "CheckMenuRadioItem",
- "address": "0x48f6f8"
- },
- {
- "name": "CharLowerBuffW",
- "address": "0x48f6fc"
- },
- {
- "name": "MoveWindow",
- "address": "0x48f700"
- },
- {
- "name": "SetFocus",
- "address": "0x48f704"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x48f708"
- },
- {
- "name": "KillTimer",
- "address": "0x48f70c"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x48f710"
- },
- {
- "name": "RegisterWindowMessageW",
- "address": "0x48f714"
- },
- {
- "name": "SetTimer",
- "address": "0x48f718"
- },
- {
- "name": "ShowWindow",
- "address": "0x48f71c"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x48f720"
- },
- {
- "name": "RegisterClassExW",
- "address": "0x48f724"
- },
- {
- "name": "LoadIconW",
- "address": "0x48f728"
- },
- {
- "name": "LoadCursorW",
- "address": "0x48f72c"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x48f730"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x48f734"
- },
- {
- "name": "MessageBoxA",
- "address": "0x48f738"
- },
- {
- "name": "DestroyIcon",
- "address": "0x48f73c"
- },
- {
- "name": "SystemParametersInfoW",
- "address": "0x48f740"
- },
- {
- "name": "LoadImageW",
- "address": "0x48f744"
- },
- {
- "name": "GetClassNameW",
- "address": "0x48f748"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "StrokePath",
- "address": "0x48f0c4"
- },
- {
- "name": "DeleteObject",
- "address": "0x48f0c8"
- },
- {
- "name": "GetTextExtentPoint32W",
- "address": "0x48f0cc"
- },
- {
- "name": "ExtCreatePen",
- "address": "0x48f0d0"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x48f0d4"
- },
- {
- "name": "EndPath",
- "address": "0x48f0d8"
- },
- {
- "name": "SetPixel",
- "address": "0x48f0dc"
- },
- {
- "name": "CloseFigure",
- "address": "0x48f0e0"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x48f0e4"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x48f0e8"
- },
- {
- "name": "SelectObject",
- "address": "0x48f0ec"
- },
- {
- "name": "StretchBlt",
- "address": "0x48f0f0"
- },
- {
- "name": "GetDIBits",
- "address": "0x48f0f4"
- },
- {
- "name": "LineTo",
- "address": "0x48f0f8"
- },
- {
- "name": "AngleArc",
- "address": "0x48f0fc"
- },
- {
- "name": "MoveToEx",
- "address": "0x48f100"
- },
- {
- "name": "Ellipse",
- "address": "0x48f104"
- },
- {
- "name": "DeleteDC",
- "address": "0x48f108"
- },
- {
- "name": "GetPixel",
- "address": "0x48f10c"
- },
- {
- "name": "CreateDCW",
- "address": "0x48f110"
- },
- {
- "name": "GetStockObject",
- "address": "0x48f114"
- },
- {
- "name": "GetTextFaceW",
- "address": "0x48f118"
- },
- {
- "name": "CreateFontW",
- "address": "0x48f11c"
- },
- {
- "name": "SetTextColor",
- "address": "0x48f120"
- },
- {
- "name": "PolyDraw",
- "address": "0x48f124"
- },
- {
- "name": "BeginPath",
- "address": "0x48f128"
- },
- {
- "name": "Rectangle",
- "address": "0x48f12c"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x48f130"
- },
- {
- "name": "GetObjectW",
- "address": "0x48f134"
- },
- {
- "name": "SetBkMode",
- "address": "0x48f138"
- },
- {
- "name": "RoundRect",
- "address": "0x48f13c"
- },
- {
- "name": "SetBkColor",
- "address": "0x48f140"
- },
- {
- "name": "CreatePen",
- "address": "0x48f144"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x48f148"
- },
- {
- "name": "StrokeAndFillPath",
- "address": "0x48f14c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameW",
- "address": "0x48f0b8"
- },
- {
- "name": "GetSaveFileNameW",
- "address": "0x48f0bc"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "GetAce",
- "address": "0x48f000"
- },
- {
- "name": "RegEnumValueW",
- "address": "0x48f004"
- },
- {
- "name": "RegDeleteValueW",
- "address": "0x48f008"
- },
- {
- "name": "RegDeleteKeyW",
- "address": "0x48f00c"
- },
- {
- "name": "RegEnumKeyExW",
- "address": "0x48f010"
- },
- {
- "name": "RegSetValueExW",
- "address": "0x48f014"
- },
- {
- "name": "RegOpenKeyExW",
- "address": "0x48f018"
- },
- {
- "name": "RegCloseKey",
- "address": "0x48f01c"
- },
- {
- "name": "RegQueryValueExW",
- "address": "0x48f020"
- },
- {
- "name": "RegConnectRegistryW",
- "address": "0x48f024"
- },
- {
- "name": "InitializeSecurityDescriptor",
- "address": "0x48f028"
- },
- {
- "name": "InitializeAcl",
- "address": "0x48f02c"
- },
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x48f030"
- },
- {
- "name": "OpenThreadToken",
- "address": "0x48f034"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x48f038"
- },
- {
- "name": "LookupPrivilegeValueW",
- "address": "0x48f03c"
- },
- {
- "name": "DuplicateTokenEx",
- "address": "0x48f040"
- },
- {
- "name": "CreateProcessAsUserW",
- "address": "0x48f044"
- },
- {
- "name": "CreateProcessWithLogonW",
- "address": "0x48f048"
- },
- {
- "name": "GetLengthSid",
- "address": "0x48f04c"
- },
- {
- "name": "CopySid",
- "address": "0x48f050"
- },
- {
- "name": "LogonUserW",
- "address": "0x48f054"
- },
- {
- "name": "AllocateAndInitializeSid",
- "address": "0x48f058"
- },
- {
- "name": "CheckTokenMembership",
- "address": "0x48f05c"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x48f060"
- },
- {
- "name": "FreeSid",
- "address": "0x48f064"
- },
- {
- "name": "GetTokenInformation",
- "address": "0x48f068"
- },
- {
- "name": "GetSecurityDescriptorDacl",
- "address": "0x48f06c"
- },
- {
- "name": "GetAclInformation",
- "address": "0x48f070"
- },
- {
- "name": "AddAce",
- "address": "0x48f074"
- },
- {
- "name": "SetSecurityDescriptorDacl",
- "address": "0x48f078"
- },
- {
- "name": "GetUserNameW",
- "address": "0x48f07c"
- },
- {
- "name": "InitiateSystemShutdownExW",
- "address": "0x48f080"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "DragQueryPoint",
- "address": "0x48f48c"
- },
- {
- "name": "ShellExecuteExW",
- "address": "0x48f490"
- },
- {
- "name": "DragQueryFileW",
- "address": "0x48f494"
- },
- {
- "name": "SHEmptyRecycleBinW",
- "address": "0x48f498"
- },
- {
- "name": "SHGetPathFromIDListW",
- "address": "0x48f49c"
- },
- {
- "name": "SHBrowseForFolderW",
- "address": "0x48f4a0"
- },
- {
- "name": "SHCreateShellItem",
- "address": "0x48f4a4"
- },
- {
- "name": "SHGetDesktopFolder",
- "address": "0x48f4a8"
- },
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x48f4ac"
- },
- {
- "name": "SHGetFolderPathW",
- "address": "0x48f4b0"
- },
- {
- "name": "SHFileOperationW",
- "address": "0x48f4b4"
- },
- {
- "name": "ExtractIconExW",
- "address": "0x48f4b8"
- },
- {
- "name": "Shell_NotifyIconW",
- "address": "0x48f4bc"
- },
- {
- "name": "ShellExecuteW",
- "address": "0x48f4c0"
- },
- {
- "name": "DragFinish",
- "address": "0x48f4c4"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "CoTaskMemAlloc",
- "address": "0x48f828"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x48f82c"
- },
- {
- "name": "CLSIDFromString",
- "address": "0x48f830"
- },
- {
- "name": "ProgIDFromCLSID",
- "address": "0x48f834"
- },
- {
- "name": "CLSIDFromProgID",
- "address": "0x48f838"
- },
- {
- "name": "OleSetMenuDescriptor",
- "address": "0x48f83c"
- },
- {
- "name": "MkParseDisplayName",
- "address": "0x48f840"
- },
- {
- "name": "OleSetContainedObject",
- "address": "0x48f844"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x48f848"
- },
- {
- "name": "IIDFromString",
- "address": "0x48f84c"
- },
- {
- "name": "StringFromGUID2",
- "address": "0x48f850"
- },
- {
- "name": "CreateStreamOnHGlobal",
- "address": "0x48f854"
- },
- {
- "name": "OleInitialize",
- "address": "0x48f858"
- },
- {
- "name": "OleUninitialize",
- "address": "0x48f85c"
- },
- {
- "name": "CoInitialize",
- "address": "0x48f860"
- },
- {
- "name": "CoUninitialize",
- "address": "0x48f864"
- },
- {
- "name": "GetRunningObjectTable",
- "address": "0x48f868"
- },
- {
- "name": "CoGetInstanceFromFile",
- "address": "0x48f86c"
- },
- {
- "name": "CoGetObject",
- "address": "0x48f870"
- },
- {
- "name": "CoSetProxyBlanket",
- "address": "0x48f874"
- },
- {
- "name": "CoCreateInstanceEx",
- "address": "0x48f878"
- },
- {
- "name": "CoInitializeSecurity",
- "address": "0x48f87c"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "LoadTypeLibEx",
- "address": "0x48f40c"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x48f410"
- },
- {
- "name": "SysReAllocString",
- "address": "0x48f414"
- },
- {
- "name": "SysFreeString",
- "address": "0x48f418"
- },
- {
- "name": "SafeArrayDestroyDescriptor",
- "address": "0x48f41c"
- },
- {
- "name": "SafeArrayDestroyData",
- "address": "0x48f420"
- },
- {
- "name": "SafeArrayUnaccessData",
- "address": "0x48f424"
- },
- {
- "name": "SafeArrayAccessData",
- "address": "0x48f428"
- },
- {
- "name": "SafeArrayAllocData",
- "address": "0x48f42c"
- },
- {
- "name": "SafeArrayAllocDescriptorEx",
- "address": "0x48f430"
- },
- {
- "name": "SafeArrayCreateVector",
- "address": "0x48f434"
- },
- {
- "name": "RegisterTypeLib",
- "address": "0x48f438"
- },
- {
- "name": "CreateStdDispatch",
- "address": "0x48f43c"
- },
- {
- "name": "DispCallFunc",
- "address": "0x48f440"
- },
- {
- "name": "VariantChangeType",
- "address": "0x48f444"
- },
- {
- "name": "SysStringLen",
- "address": "0x48f448"
- },
- {
- "name": "VariantTimeToSystemTime",
- "address": "0x48f44c"
- },
- {
- "name": "VarR8FromDec",
- "address": "0x48f450"
- },
- {
- "name": "SafeArrayGetVartype",
- "address": "0x48f454"
- },
- {
- "name": "VariantCopy",
- "address": "0x48f458"
- },
- {
- "name": "VariantClear",
- "address": "0x48f45c"
- },
- {
- "name": "OleLoadPicture",
- "address": "0x48f460"
- },
- {
- "name": "QueryPathOfRegTypeLib",
- "address": "0x48f464"
- },
- {
- "name": "RegisterTypeLibForUser",
- "address": "0x48f468"
- },
- {
- "name": "UnRegisterTypeLibForUser",
- "address": "0x48f46c"
- },
- {
- "name": "UnRegisterTypeLib",
- "address": "0x48f470"
- },
- {
- "name": "CreateDispTypeInfo",
- "address": "0x48f474"
- },
- {
- "name": "SysAllocString",
- "address": "0x48f478"
- },
- {
- "name": "VariantInit",
- "address": "0x48f47c"
- }
- ],
- "dll": "OLEAUT32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0014ffb4",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0014b672",
- "icon_hash": null,
- "entrypoint": "0x0042800a",
- "timestamp": "2019-06-17 14:52:01",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0008e000",
- "entropy": "6.68",
- "raw_address": "0x00000400",
- "virtual_size": "0x0008dfdd",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0008f000",
- "size_of_data": "0x0002fe00",
- "entropy": "5.76",
- "raw_address": "0x0008e400",
- "virtual_size": "0x0002fd8e",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x000bf000",
- "size_of_data": "0x00005200",
- "entropy": "1.20",
- "raw_address": "0x000be200",
- "virtual_size": "0x00008f74",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000c8000",
- "size_of_data": "0x00082200",
- "entropy": "7.92",
- "raw_address": "0x000c3400",
- "virtual_size": "0x00082118",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0014b000",
- "size_of_data": "0x00007200",
- "entropy": "6.78",
- "raw_address": "0x00145600",
- "virtual_size": "0x00007134",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000bc0cc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000017c"
- },
- {
- "virtual_address": "0x000c8000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00082118"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0014b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007134"
- },
- {
- "virtual_address": "0x00092bc0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000a4b50",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0008f000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000884"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "afcdf79be1557326c854b6e20cb900a7",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 18,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.CreateEventExW",
- "kernel32.dll.CreateSemaphoreExW",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.CreateThreadpoolTimer",
- "kernel32.dll.SetThreadpoolTimer",
- "kernel32.dll.WaitForThreadpoolTimerCallbacks",
- "kernel32.dll.CloseThreadpoolTimer",
- "kernel32.dll.CreateThreadpoolWait",
- "kernel32.dll.SetThreadpoolWait",
- "kernel32.dll.CloseThreadpoolWait",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.FreeLibraryWhenCallbackReturns",
- "kernel32.dll.GetCurrentProcessorNumber",
- "kernel32.dll.GetLogicalProcessorInformation",
- "kernel32.dll.CreateSymbolicLinkW",
- "kernel32.dll.EnumSystemLocalesEx",
- "kernel32.dll.CompareStringEx",
- "kernel32.dll.GetDateFormatEx",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.GetTimeFormatEx",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.IsValidLocaleName",
- "kernel32.dll.LCMapStringEx",
- "kernel32.dll.GetTickCount64",
- "kernel32.dll.GetNativeSystemInfo",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "kernel32.dll.Wow64DisableWow64FsRedirection",
- "kernel32.dll.Wow64RevertWow64FsRedirection",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "comctl32.dll.RegisterClassNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.GetThemeBool",
- "imm32.dll.ImmGetContext",
- "imm32.dll.ImmReleaseContext",
- "imm32.dll.ImmAssociateContext",
- "imm32.dll.ImmIsIME",
- "comctl32.dll.HIMAGELIST_QueryInterface",
- "comctl32.dll.DrawShadowText",
- "comctl32.dll.DrawSizeBox",
- "comctl32.dll.DrawScrollBar",
- "comctl32.dll.SizeBoxHwnd",
- "comctl32.dll.ScrollBar_MouseMove",
- "comctl32.dll.ScrollBar_Menu",
- "comctl32.dll.HandleScrollCmd",
- "comctl32.dll.DetachScrollBars",
- "comctl32.dll.AttachScrollBars",
- "comctl32.dll.CCSetScrollInfo",
- "comctl32.dll.CCGetScrollInfo",
- "comctl32.dll.CCEnableScrollBar",
- "comctl32.dll.QuerySystemGestureStatus",
- "uxtheme.dll.#49",
- "shell32.dll.#66",
- "ole32.dll.CoTaskMemFree",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.FindResourceW",
- "kernel32.dll.SizeofResource",
- "kernel32.dll.LoadResource",
- "kernel32.dll.LockResource",
- "crypt32.dll.CryptStringToBinaryA",
- "kernel32.dll.VirtualAlloc",
- "advapi32.dll.CryptAcquireContextW",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDecrypt",
- "advapi32.dll.CryptDeriveKey",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptReleaseContext",
- "user32.dll.MessageBoxA",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoCreateInstance",
- "kernel32.dll.CreateMutexW",
- "apphelp.dll.ApphelpCheckRunAppEx",
- "apphelp.dll.ApphelpQueryModuleDataEx",
- "apphelp.dll.ApphelpParseModuleData",
- "apphelp.dll.ApphelpCreateAppcompatData",
- "apphelp.dll.SdbInitDatabaseEx",
- "apphelp.dll.SdbReleaseDatabase",
- "apphelp.dll.SdbUnpackAppCompatData",
- "apphelp.dll.SdbQueryContext",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.GetProcessId",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.SetKernelObjectSecurity",
- "uxtheme.dll.CloseThemeData",
- "oleaut32.dll.#500",
- "kernel32.dll.CreateFileA",
- "kernel32.dll.ReadFile",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.WriteFile",
- "kernel32.dll.lstrlenA",
- "kernel32.dll.GlobalLock",
- "kernel32.dll.GlobalUnlock",
- "kernel32.dll.LocalFree",
- "kernel32.dll.LocalAlloc",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.lstrcpyA",
- "kernel32.dll.lstrcatA",
- "kernel32.dll.GetFileAttributesA",
- "kernel32.dll.ExpandEnvironmentStringsA",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.CreateFileMappingA",
- "kernel32.dll.MapViewOfFile",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.GetTempPathA",
- "kernel32.dll.CreateDirectoryA",
- "kernel32.dll.DeleteFileA",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.WideCharToMultiByte",
- "kernel32.dll.GetLastError",
- "kernel32.dll.lstrcmpA",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Process32First",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.Process32Next",
- "kernel32.dll.FindFirstFileA",
- "kernel32.dll.lstrcmpiA",
- "kernel32.dll.FindNextFileA",
- "kernel32.dll.FindClose",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.GetVersionExA",
- "kernel32.dll.GetLocaleInfoA",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.GetWindowsDirectoryA",
- "kernel32.dll.GetPrivateProfileStringA",
- "kernel32.dll.SetCurrentDirectoryA",
- "kernel32.dll.GetPrivateProfileSectionNamesA",
- "kernel32.dll.GetPrivateProfileIntA",
- "kernel32.dll.GetCurrentDirectoryA",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.MultiByteToWideChar",
- "kernel32.dll.Sleep",
- "kernel32.dll.GetModuleFileNameA",
- "kernel32.dll.LCMapStringA",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.SetUnhandledExceptionFilter",
- "advapi32.dll.RegOpenKeyExA",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyA",
- "advapi32.dll.RegEnumKeyExA",
- "advapi32.dll.RegCreateKeyA",
- "advapi32.dll.RegSetValueExA",
- "advapi32.dll.IsTextUnicode",
- "advapi32.dll.RegOpenCurrentUser",
- "advapi32.dll.RegEnumValueA",
- "advapi32.dll.GetUserNameA",
- "ole32.dll.CreateStreamOnHGlobal",
- "ole32.dll.GetHGlobalFromStream",
- "ole32.dll.CoCreateGuid",
- "ole32.dll.OleInitialize",
- "shlwapi.dll.StrStrIA",
- "shlwapi.dll.StrRChrIA",
- "shlwapi.dll.StrToIntA",
- "shlwapi.dll.StrStrA",
- "shlwapi.dll.StrCmpNIA",
- "shlwapi.dll.StrStrIW",
- "user32.dll.wsprintfA",
- "userenv.dll.LoadUserProfileA",
- "userenv.dll.UnloadUserProfile",
- "wininet.dll.InternetCrackUrlA",
- "wininet.dll.InternetCreateUrlA",
- "wsock32.dll.inet_addr",
- "wsock32.dll.gethostbyname",
- "wsock32.dll.socket",
- "wsock32.dll.connect",
- "wsock32.dll.closesocket",
- "wsock32.dll.send",
- "wsock32.dll.select",
- "wsock32.dll.recv",
- "wsock32.dll.setsockopt",
- "wsock32.dll.WSAStartup",
- "ole32.dll.StgOpenStorage",
- "crypt32.dll.CryptUnprotectData",
- "crypt32.dll.CertOpenSystemStoreA",
- "crypt32.dll.CertEnumCertificatesInStore",
- "crypt32.dll.CertCloseStore",
- "crypt32.dll.CryptAcquireCertificatePrivateKey",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.CheckTokenMembership",
- "advapi32.dll.FreeSid",
- "advapi32.dll.CredEnumerateA",
- "advapi32.dll.CredFree",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.RevertToSelf",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.ImpersonateLoggedOnUser",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.ConvertSidToStringSidA",
- "advapi32.dll.LogonUserA",
- "advapi32.dll.LookupPrivilegeValueA",
- "advapi32.dll.AdjustTokenPrivileges",
- "shell32.dll.SHGetFolderPathA",
- "netapi32.dll.NetApiBufferFree",
- "netapi32.dll.NetUserEnum",
- "kernel32.dll.WTSGetActiveConsoleSessionId",
- "kernel32.dll.ProcessIdToSessionId",
- "msi.dll.MsiGetComponentPathA",
- "pstorec.dll.PStoreCreateInstance",
- "kernel32.dll.IsWow64Process",
- "mlang.dll.#112",
- "wininet.dll.FindFirstUrlCacheEntryA",
- "kernel32.dll.SetFileInformationByHandle",
- "shell32.dll.SHGetFolderPathW",
- "urlmon.dll.CreateUri",
- "kernel32.dll.InitializeSRWLock",
- "kernel32.dll.AcquireSRWLockExclusive",
- "kernel32.dll.AcquireSRWLockShared",
- "kernel32.dll.ReleaseSRWLockExclusive",
- "kernel32.dll.ReleaseSRWLockShared",
- "wininet.dll.FindNextUrlCacheEntryA",
- "urlmon.dll.CreateIUriBuilder",
- "urlmon.dll.IntlPercentEncodeNormalize",
- "wininet.dll.FindCloseUrlCache",
- "userenv.dll.GetUserProfileDirectoryW",
- "sechost.dll.ConvertSidToStringSidW",
- "samlib.dll.SamConnect",
- "rpcrt4.dll.NdrClientCall2",
- "rpcrt4.dll.RpcStringBindingComposeW",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcStringFreeW",
- "rpcrt4.dll.RpcBindingFree",
- "samlib.dll.SamGetCompatibilityMode",
- "samlib.dll.SamOpenDomain",
- "samlib.dll.SamEnumerateDomainsInSamServer",
- "samlib.dll.SamLookupDomainInSamServer",
- "samlib.dll.SamFreeMemory",
- "samlib.dll.SamEnumerateUsersInDomain",
- "samlib.dll.SamOpenUser",
- "samlib.dll.SamQueryInformationUser",
- "samlib.dll.SamQuerySecurityObject",
- "samlib.dll.SamGetGroupsForUser",
- "samlib.dll.SamRidToSid",
- "samlib.dll.SamGetAliasMembership",
- "samlib.dll.SamCloseHandle",
- "sspicli.dll.LogonUserExExW",
- "shell32.dll.ShellExecuteA",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "advapi32.dll.UnregisterTraceGuids",
- "comctl32.dll.#321",
- "kernel32.dll.SetThreadUILanguage",
- "kernel32.dll.CopyFileExW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.SetConsoleInputExeNameW",
- "advapi32.dll.SaferIdentifyLevel",
- "advapi32.dll.SaferComputeTokenFromLevel",
- "advapi32.dll.SaferCloseLevel"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "WSACleanup",
- "address": "0x48f7c8"
- },
- {
- "name": "socket",
- "address": "0x48f7cc"
- },
- {
- "name": "inet_ntoa",
- "address": "0x48f7d0"
- },
- {
- "name": "setsockopt",
- "address": "0x48f7d4"
- },
- {
- "name": "ntohs",
- "address": "0x48f7d8"
- },
- {
- "name": "recvfrom",
- "address": "0x48f7dc"
- },
- {
- "name": "ioctlsocket",
- "address": "0x48f7e0"
- },
- {
- "name": "htons",
- "address": "0x48f7e4"
- },
- {
- "name": "WSAStartup",
- "address": "0x48f7e8"
- },
- {
- "name": "__WSAFDIsSet",
- "address": "0x48f7ec"
- },
- {
- "name": "select",
- "address": "0x48f7f0"
- },
- {
- "name": "accept",
- "address": "0x48f7f4"
- },
- {
- "name": "listen",
- "address": "0x48f7f8"
- },
- {
- "name": "bind",
- "address": "0x48f7fc"
- },
- {
- "name": "closesocket",
- "address": "0x48f800"
- },
- {
- "name": "WSAGetLastError",
- "address": "0x48f804"
- },
- {
- "name": "recv",
- "address": "0x48f808"
- },
- {
- "name": "sendto",
- "address": "0x48f80c"
- },
- {
- "name": "send",
- "address": "0x48f810"
- },
- {
- "name": "inet_addr",
- "address": "0x48f814"
- },
- {
- "name": "gethostbyname",
- "address": "0x48f818"
- },
- {
- "name": "gethostname",
- "address": "0x48f81c"
- },
- {
- "name": "connect",
- "address": "0x48f820"
- }
- ],
- "dll": "WSOCK32.dll"
- },
- {
- "imports": [
- {
- "name": "GetFileVersionInfoW",
- "address": "0x48f76c"
- },
- {
- "name": "GetFileVersionInfoSizeW",
- "address": "0x48f770"
- },
- {
- "name": "VerQueryValueW",
- "address": "0x48f774"
- }
- ],
- "dll": "VERSION.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x48f7b8"
- },
- {
- "name": "waveOutSetVolume",
- "address": "0x48f7bc"
- },
- {
- "name": "mciSendStringW",
- "address": "0x48f7c0"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x48f088"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x48f08c"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x48f090"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x48f094"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x48f098"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x48f09c"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x48f0a0"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x48f0a4"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x48f0a8"
- },
- {
- "name": "InitCommonControlsEx",
- "address": "0x48f0ac"
- },
- {
- "name": "ImageList_Create",
- "address": "0x48f0b0"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "WNetUseConnectionW",
- "address": "0x48f3f8"
- },
- {
- "name": "WNetCancelConnection2W",
- "address": "0x48f3fc"
- },
- {
- "name": "WNetGetConnectionW",
- "address": "0x48f400"
- },
- {
- "name": "WNetAddConnection2W",
- "address": "0x48f404"
- }
- ],
- "dll": "MPR.dll"
- },
- {
- "imports": [
- {
- "name": "InternetQueryDataAvailable",
- "address": "0x48f77c"
- },
- {
- "name": "InternetCloseHandle",
- "address": "0x48f780"
- },
- {
- "name": "InternetOpenW",
- "address": "0x48f784"
- },
- {
- "name": "InternetSetOptionW",
- "address": "0x48f788"
- },
- {
- "name": "InternetCrackUrlW",
- "address": "0x48f78c"
- },
- {
- "name": "HttpQueryInfoW",
- "address": "0x48f790"
- },
- {
- "name": "InternetQueryOptionW",
- "address": "0x48f794"
- },
- {
- "name": "HttpOpenRequestW",
- "address": "0x48f798"
- },
- {
- "name": "HttpSendRequestW",
- "address": "0x48f79c"
- },
- {
- "name": "FtpOpenFileW",
- "address": "0x48f7a0"
- },
- {
- "name": "FtpGetFileSize",
- "address": "0x48f7a4"
- },
- {
- "name": "InternetOpenUrlW",
- "address": "0x48f7a8"
- },
- {
- "name": "InternetReadFile",
- "address": "0x48f7ac"
- },
- {
- "name": "InternetConnectW",
- "address": "0x48f7b0"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "GetProcessMemoryInfo",
- "address": "0x48f484"
- }
- ],
- "dll": "PSAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "IcmpCreateFile",
- "address": "0x48f154"
- },
- {
- "name": "IcmpCloseHandle",
- "address": "0x48f158"
- },
- {
- "name": "IcmpSendEcho",
- "address": "0x48f15c"
- }
- ],
- "dll": "IPHLPAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "DestroyEnvironmentBlock",
- "address": "0x48f750"
- },
- {
- "name": "UnloadUserProfile",
- "address": "0x48f754"
- },
- {
- "name": "CreateEnvironmentBlock",
- "address": "0x48f758"
- },
- {
- "name": "LoadUserProfileW",
- "address": "0x48f75c"
- }
- ],
- "dll": "USERENV.dll"
- },
- {
- "imports": [
- {
- "name": "IsThemeActive",
- "address": "0x48f764"
- }
- ],
- "dll": "UxTheme.dll"
- },
- {
- "imports": [
- {
- "name": "DuplicateHandle",
- "address": "0x48f164"
- },
- {
- "name": "CreateThread",
- "address": "0x48f168"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x48f16c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x48f170"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x48f174"
- },
- {
- "name": "HeapFree",
- "address": "0x48f178"
- },
- {
- "name": "Sleep",
- "address": "0x48f17c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x48f180"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x48f184"
- },
- {
- "name": "MulDiv",
- "address": "0x48f188"
- },
- {
- "name": "GetVersionExW",
- "address": "0x48f18c"
- },
- {
- "name": "IsWow64Process",
- "address": "0x48f190"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x48f194"
- },
- {
- "name": "FreeLibrary",
- "address": "0x48f198"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x48f19c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x48f1a0"
- },
- {
- "name": "SetErrorMode",
- "address": "0x48f1a4"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x48f1a8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x48f1ac"
- },
- {
- "name": "lstrcpyW",
- "address": "0x48f1b0"
- },
- {
- "name": "lstrlenW",
- "address": "0x48f1b4"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x48f1b8"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x48f1bc"
- },
- {
- "name": "VirtualFreeEx",
- "address": "0x48f1c0"
- },
- {
- "name": "OpenProcess",
- "address": "0x48f1c4"
- },
- {
- "name": "VirtualAllocEx",
- "address": "0x48f1c8"
- },
- {
- "name": "WriteProcessMemory",
- "address": "0x48f1cc"
- },
- {
- "name": "ReadProcessMemory",
- "address": "0x48f1d0"
- },
- {
- "name": "CreateFileW",
- "address": "0x48f1d4"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x48f1d8"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x48f1dc"
- },
- {
- "name": "ReadFile",
- "address": "0x48f1e0"
- },
- {
- "name": "WriteFile",
- "address": "0x48f1e4"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x48f1e8"
- },
- {
- "name": "TerminateProcess",
- "address": "0x48f1ec"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x48f1f0"
- },
- {
- "name": "Process32FirstW",
- "address": "0x48f1f4"
- },
- {
- "name": "Process32NextW",
- "address": "0x48f1f8"
- },
- {
- "name": "SetFileTime",
- "address": "0x48f1fc"
- },
- {
- "name": "GetFileAttributesW",
- "address": "0x48f200"
- },
- {
- "name": "FindFirstFileW",
- "address": "0x48f204"
- },
- {
- "name": "SetCurrentDirectoryW",
- "address": "0x48f208"
- },
- {
- "name": "GetLongPathNameW",
- "address": "0x48f20c"
- },
- {
- "name": "GetShortPathNameW",
- "address": "0x48f210"
- },
- {
- "name": "DeleteFileW",
- "address": "0x48f214"
- },
- {
- "name": "FindNextFileW",
- "address": "0x48f218"
- },
- {
- "name": "CopyFileExW",
- "address": "0x48f21c"
- },
- {
- "name": "MoveFileW",
- "address": "0x48f220"
- },
- {
- "name": "CreateDirectoryW",
- "address": "0x48f224"
- },
- {
- "name": "RemoveDirectoryW",
- "address": "0x48f228"
- },
- {
- "name": "SetSystemPowerState",
- "address": "0x48f22c"
- },
- {
- "name": "QueryPerformanceFrequency",
- "address": "0x48f230"
- },
- {
- "name": "FindResourceW",
- "address": "0x48f234"
- },
- {
- "name": "LoadResource",
- "address": "0x48f238"
- },
- {
- "name": "LockResource",
- "address": "0x48f23c"
- },
- {
- "name": "SizeofResource",
- "address": "0x48f240"
- },
- {
- "name": "EnumResourceNamesW",
- "address": "0x48f244"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x48f248"
- },
- {
- "name": "GetTempPathW",
- "address": "0x48f24c"
- },
- {
- "name": "GetTempFileNameW",
- "address": "0x48f250"
- },
- {
- "name": "DeviceIoControl",
- "address": "0x48f254"
- },
- {
- "name": "GetLocalTime",
- "address": "0x48f258"
- },
- {
- "name": "CompareStringW",
- "address": "0x48f25c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x48f260"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x48f264"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x48f268"
- },
- {
- "name": "GetStdHandle",
- "address": "0x48f26c"
- },
- {
- "name": "CreatePipe",
- "address": "0x48f270"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x48f274"
- },
- {
- "name": "TerminateThread",
- "address": "0x48f278"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x48f27c"
- },
- {
- "name": "FindResourceExW",
- "address": "0x48f280"
- },
- {
- "name": "CopyFileW",
- "address": "0x48f284"
- },
- {
- "name": "VirtualFree",
- "address": "0x48f288"
- },
- {
- "name": "FormatMessageW",
- "address": "0x48f28c"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x48f290"
- },
- {
- "name": "GetPrivateProfileStringW",
- "address": "0x48f294"
- },
- {
- "name": "WritePrivateProfileStringW",
- "address": "0x48f298"
- },
- {
- "name": "GetPrivateProfileSectionW",
- "address": "0x48f29c"
- },
- {
- "name": "WritePrivateProfileSectionW",
- "address": "0x48f2a0"
- },
- {
- "name": "GetPrivateProfileSectionNamesW",
- "address": "0x48f2a4"
- },
- {
- "name": "FileTimeToLocalFileTime",
- "address": "0x48f2a8"
- },
- {
- "name": "FileTimeToSystemTime",
- "address": "0x48f2ac"
- },
- {
- "name": "SystemTimeToFileTime",
- "address": "0x48f2b0"
- },
- {
- "name": "LocalFileTimeToFileTime",
- "address": "0x48f2b4"
- },
- {
- "name": "GetDriveTypeW",
- "address": "0x48f2b8"
- },
- {
- "name": "GetDiskFreeSpaceExW",
- "address": "0x48f2bc"
- },
- {
- "name": "GetDiskFreeSpaceW",
- "address": "0x48f2c0"
- },
- {
- "name": "GetVolumeInformationW",
- "address": "0x48f2c4"
- },
- {
- "name": "SetVolumeLabelW",
- "address": "0x48f2c8"
- },
- {
- "name": "CreateHardLinkW",
- "address": "0x48f2cc"
- },
- {
- "name": "SetFileAttributesW",
- "address": "0x48f2d0"
- },
- {
- "name": "CreateEventW",
- "address": "0x48f2d4"
- },
- {
- "name": "SetEvent",
- "address": "0x48f2d8"
- },
- {
- "name": "GetEnvironmentVariableW",
- "address": "0x48f2dc"
- },
- {
- "name": "SetEnvironmentVariableW",
- "address": "0x48f2e0"
- },
- {
- "name": "GlobalLock",
- "address": "0x48f2e4"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x48f2e8"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x48f2ec"
- },
- {
- "name": "GetFileSize",
- "address": "0x48f2f0"
- },
- {
- "name": "GlobalFree",
- "address": "0x48f2f4"
- },
- {
- "name": "GlobalMemoryStatusEx",
- "address": "0x48f2f8"
- },
- {
- "name": "Beep",
- "address": "0x48f2fc"
- },
- {
- "name": "GetSystemDirectoryW",
- "address": "0x48f300"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x48f304"
- },
- {
- "name": "HeapSize",
- "address": "0x48f308"
- },
- {
- "name": "GetComputerNameW",
- "address": "0x48f30c"
- },
- {
- "name": "GetWindowsDirectoryW",
- "address": "0x48f310"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x48f314"
- },
- {
- "name": "GetProcessIoCounters",
- "address": "0x48f318"
- },
- {
- "name": "CreateProcessW",
- "address": "0x48f31c"
- },
- {
- "name": "GetProcessId",
- "address": "0x48f320"
- },
- {
- "name": "SetPriorityClass",
- "address": "0x48f324"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x48f328"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x48f32c"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x48f330"
- },
- {
- "name": "GetCurrentDirectoryW",
- "address": "0x48f334"
- },
- {
- "name": "lstrcmpiW",
- "address": "0x48f338"
- },
- {
- "name": "DecodePointer",
- "address": "0x48f33c"
- },
- {
- "name": "GetLastError",
- "address": "0x48f340"
- },
- {
- "name": "RaiseException",
- "address": "0x48f344"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x48f348"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x48f34c"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x48f350"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x48f354"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x48f358"
- },
- {
- "name": "CloseHandle",
- "address": "0x48f35c"
- },
- {
- "name": "GetFullPathNameW",
- "address": "0x48f360"
- },
- {
- "name": "EncodePointer",
- "address": "0x48f364"
- },
- {
- "name": "ExitProcess",
- "address": "0x48f368"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x48f36c"
- },
- {
- "name": "ExitThread",
- "address": "0x48f370"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x48f374"
- },
- {
- "name": "ResumeThread",
- "address": "0x48f378"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x48f37c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x48f380"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x48f384"
- },
- {
- "name": "GetACP",
- "address": "0x48f388"
- },
- {
- "name": "GetOEMCP",
- "address": "0x48f38c"
- },
- {
- "name": "GetCPInfo",
- "address": "0x48f390"
- },
- {
- "name": "SetLastError",
- "address": "0x48f394"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x48f398"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x48f39c"
- },
- {
- "name": "TlsAlloc",
- "address": "0x48f3a0"
- },
- {
- "name": "TlsGetValue",
- "address": "0x48f3a4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x48f3a8"
- },
- {
- "name": "TlsFree",
- "address": "0x48f3ac"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x48f3b0"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x48f3b4"
- },
- {
- "name": "SetStdHandle",
- "address": "0x48f3b8"
- },
- {
- "name": "GetFileType",
- "address": "0x48f3bc"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x48f3c0"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x48f3c4"
- },
- {
- "name": "RtlUnwind",
- "address": "0x48f3c8"
- },
- {
- "name": "ReadConsoleW",
- "address": "0x48f3cc"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x48f3d0"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x48f3d4"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x48f3d8"
- },
- {
- "name": "LCMapStringW",
- "address": "0x48f3dc"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x48f3e0"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x48f3e4"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x48f3e8"
- },
- {
- "name": "FindClose",
- "address": "0x48f3ec"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x48f3f0"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustWindowRectEx",
- "address": "0x48f4cc"
- },
- {
- "name": "CopyImage",
- "address": "0x48f4d0"
- },
- {
- "name": "SetWindowPos",
- "address": "0x48f4d4"
- },
- {
- "name": "GetCursorInfo",
- "address": "0x48f4d8"
- },
- {
- "name": "RegisterHotKey",
- "address": "0x48f4dc"
- },
- {
- "name": "ClientToScreen",
- "address": "0x48f4e0"
- },
- {
- "name": "GetKeyboardLayoutNameW",
- "address": "0x48f4e4"
- },
- {
- "name": "IsCharAlphaW",
- "address": "0x48f4e8"
- },
- {
- "name": "IsCharAlphaNumericW",
- "address": "0x48f4ec"
- },
- {
- "name": "IsCharLowerW",
- "address": "0x48f4f0"
- },
- {
- "name": "IsCharUpperW",
- "address": "0x48f4f4"
- },
- {
- "name": "GetMenuStringW",
- "address": "0x48f4f8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x48f4fc"
- },
- {
- "name": "GetCaretPos",
- "address": "0x48f500"
- },
- {
- "name": "IsZoomed",
- "address": "0x48f504"
- },
- {
- "name": "MonitorFromPoint",
- "address": "0x48f508"
- },
- {
- "name": "GetMonitorInfoW",
- "address": "0x48f50c"
- },
- {
- "name": "SetWindowLongW",
- "address": "0x48f510"
- },
- {
- "name": "SetLayeredWindowAttributes",
- "address": "0x48f514"
- },
- {
- "name": "FlashWindow",
- "address": "0x48f518"
- },
- {
- "name": "GetClassLongW",
- "address": "0x48f51c"
- },
- {
- "name": "TranslateAcceleratorW",
- "address": "0x48f520"
- },
- {
- "name": "IsDialogMessageW",
- "address": "0x48f524"
- },
- {
- "name": "GetSysColor",
- "address": "0x48f528"
- },
- {
- "name": "InflateRect",
- "address": "0x48f52c"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x48f530"
- },
- {
- "name": "DrawTextW",
- "address": "0x48f534"
- },
- {
- "name": "FrameRect",
- "address": "0x48f538"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x48f53c"
- },
- {
- "name": "FillRect",
- "address": "0x48f540"
- },
- {
- "name": "PtInRect",
- "address": "0x48f544"
- },
- {
- "name": "DestroyAcceleratorTable",
- "address": "0x48f548"
- },
- {
- "name": "CreateAcceleratorTableW",
- "address": "0x48f54c"
- },
- {
- "name": "SetCursor",
- "address": "0x48f550"
- },
- {
- "name": "GetWindowDC",
- "address": "0x48f554"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x48f558"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x48f55c"
- },
- {
- "name": "CharNextW",
- "address": "0x48f560"
- },
- {
- "name": "wsprintfW",
- "address": "0x48f564"
- },
- {
- "name": "RedrawWindow",
- "address": "0x48f568"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x48f56c"
- },
- {
- "name": "DestroyMenu",
- "address": "0x48f570"
- },
- {
- "name": "SetMenu",
- "address": "0x48f574"
- },
- {
- "name": "GetWindowTextLengthW",
- "address": "0x48f578"
- },
- {
- "name": "CreateMenu",
- "address": "0x48f57c"
- },
- {
- "name": "IsDlgButtonChecked",
- "address": "0x48f580"
- },
- {
- "name": "DefDlgProcW",
- "address": "0x48f584"
- },
- {
- "name": "CallWindowProcW",
- "address": "0x48f588"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x48f58c"
- },
- {
- "name": "SetCapture",
- "address": "0x48f590"
- },
- {
- "name": "CreateIconFromResourceEx",
- "address": "0x48f594"
- },
- {
- "name": "mouse_event",
- "address": "0x48f598"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x48f59c"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x48f5a0"
- },
- {
- "name": "FindWindowExW",
- "address": "0x48f5a4"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x48f5a8"
- },
- {
- "name": "SetMenuDefaultItem",
- "address": "0x48f5ac"
- },
- {
- "name": "InsertMenuItemW",
- "address": "0x48f5b0"
- },
- {
- "name": "IsMenu",
- "address": "0x48f5b4"
- },
- {
- "name": "TrackPopupMenuEx",
- "address": "0x48f5b8"
- },
- {
- "name": "GetCursorPos",
- "address": "0x48f5bc"
- },
- {
- "name": "DeleteMenu",
- "address": "0x48f5c0"
- },
- {
- "name": "SetRect",
- "address": "0x48f5c4"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x48f5c8"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x48f5cc"
- },
- {
- "name": "SetMenuItemInfoW",
- "address": "0x48f5d0"
- },
- {
- "name": "GetMenuItemInfoW",
- "address": "0x48f5d4"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x48f5d8"
- },
- {
- "name": "IsIconic",
- "address": "0x48f5dc"
- },
- {
- "name": "FindWindowW",
- "address": "0x48f5e0"
- },
- {
- "name": "MonitorFromRect",
- "address": "0x48f5e4"
- },
- {
- "name": "keybd_event",
- "address": "0x48f5e8"
- },
- {
- "name": "SendInput",
- "address": "0x48f5ec"
- },
- {
- "name": "GetAsyncKeyState",
- "address": "0x48f5f0"
- },
- {
- "name": "SetKeyboardState",
- "address": "0x48f5f4"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x48f5f8"
- },
- {
- "name": "GetKeyState",
- "address": "0x48f5fc"
- },
- {
- "name": "VkKeyScanW",
- "address": "0x48f600"
- },
- {
- "name": "LoadStringW",
- "address": "0x48f604"
- },
- {
- "name": "DialogBoxParamW",
- "address": "0x48f608"
- },
- {
- "name": "MessageBeep",
- "address": "0x48f60c"
- },
- {
- "name": "EndDialog",
- "address": "0x48f610"
- },
- {
- "name": "SendDlgItemMessageW",
- "address": "0x48f614"
- },
- {
- "name": "GetDlgItem",
- "address": "0x48f618"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x48f61c"
- },
- {
- "name": "CopyRect",
- "address": "0x48f620"
- },
- {
- "name": "ReleaseDC",
- "address": "0x48f624"
- },
- {
- "name": "GetDC",
- "address": "0x48f628"
- },
- {
- "name": "EndPaint",
- "address": "0x48f62c"
- },
- {
- "name": "BeginPaint",
- "address": "0x48f630"
- },
- {
- "name": "GetClientRect",
- "address": "0x48f634"
- },
- {
- "name": "GetMenu",
- "address": "0x48f638"
- },
- {
- "name": "DestroyWindow",
- "address": "0x48f63c"
- },
- {
- "name": "EnumWindows",
- "address": "0x48f640"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x48f644"
- },
- {
- "name": "IsWindow",
- "address": "0x48f648"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x48f64c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x48f650"
- },
- {
- "name": "EnableWindow",
- "address": "0x48f654"
- },
- {
- "name": "InvalidateRect",
- "address": "0x48f658"
- },
- {
- "name": "GetWindowLongW",
- "address": "0x48f65c"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x48f660"
- },
- {
- "name": "AttachThreadInput",
- "address": "0x48f664"
- },
- {
- "name": "GetFocus",
- "address": "0x48f668"
- },
- {
- "name": "GetWindowTextW",
- "address": "0x48f66c"
- },
- {
- "name": "ScreenToClient",
- "address": "0x48f670"
- },
- {
- "name": "SendMessageTimeoutW",
- "address": "0x48f674"
- },
- {
- "name": "EnumChildWindows",
- "address": "0x48f678"
- },
- {
- "name": "CharUpperBuffW",
- "address": "0x48f67c"
- },
- {
- "name": "GetParent",
- "address": "0x48f680"
- },
- {
- "name": "GetDlgCtrlID",
- "address": "0x48f684"
- },
- {
- "name": "SendMessageW",
- "address": "0x48f688"
- },
- {
- "name": "MapVirtualKeyW",
- "address": "0x48f68c"
- },
- {
- "name": "PostMessageW",
- "address": "0x48f690"
- },
- {
- "name": "GetWindowRect",
- "address": "0x48f694"
- },
- {
- "name": "SetUserObjectSecurity",
- "address": "0x48f698"
- },
- {
- "name": "CloseDesktop",
- "address": "0x48f69c"
- },
- {
- "name": "CloseWindowStation",
- "address": "0x48f6a0"
- },
- {
- "name": "OpenDesktopW",
- "address": "0x48f6a4"
- },
- {
- "name": "SetProcessWindowStation",
- "address": "0x48f6a8"
- },
- {
- "name": "GetProcessWindowStation",
- "address": "0x48f6ac"
- },
- {
- "name": "OpenWindowStationW",
- "address": "0x48f6b0"
- },
- {
- "name": "GetUserObjectSecurity",
- "address": "0x48f6b4"
- },
- {
- "name": "MessageBoxW",
- "address": "0x48f6b8"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x48f6bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x48f6c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x48f6c4"
- },
- {
- "name": "CountClipboardFormats",
- "address": "0x48f6c8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x48f6cc"
- },
- {
- "name": "GetClipboardData",
- "address": "0x48f6d0"
- },
- {
- "name": "IsClipboardFormatAvailable",
- "address": "0x48f6d4"
- },
- {
- "name": "OpenClipboard",
- "address": "0x48f6d8"
- },
- {
- "name": "BlockInput",
- "address": "0x48f6dc"
- },
- {
- "name": "GetMessageW",
- "address": "0x48f6e0"
- },
- {
- "name": "LockWindowUpdate",
- "address": "0x48f6e4"
- },
- {
- "name": "DispatchMessageW",
- "address": "0x48f6e8"
- },
- {
- "name": "TranslateMessage",
- "address": "0x48f6ec"
- },
- {
- "name": "PeekMessageW",
- "address": "0x48f6f0"
- },
- {
- "name": "UnregisterHotKey",
- "address": "0x48f6f4"
- },
- {
- "name": "CheckMenuRadioItem",
- "address": "0x48f6f8"
- },
- {
- "name": "CharLowerBuffW",
- "address": "0x48f6fc"
- },
- {
- "name": "MoveWindow",
- "address": "0x48f700"
- },
- {
- "name": "SetFocus",
- "address": "0x48f704"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x48f708"
- },
- {
- "name": "KillTimer",
- "address": "0x48f70c"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x48f710"
- },
- {
- "name": "RegisterWindowMessageW",
- "address": "0x48f714"
- },
- {
- "name": "SetTimer",
- "address": "0x48f718"
- },
- {
- "name": "ShowWindow",
- "address": "0x48f71c"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x48f720"
- },
- {
- "name": "RegisterClassExW",
- "address": "0x48f724"
- },
- {
- "name": "LoadIconW",
- "address": "0x48f728"
- },
- {
- "name": "LoadCursorW",
- "address": "0x48f72c"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x48f730"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x48f734"
- },
- {
- "name": "MessageBoxA",
- "address": "0x48f738"
- },
- {
- "name": "DestroyIcon",
- "address": "0x48f73c"
- },
- {
- "name": "SystemParametersInfoW",
- "address": "0x48f740"
- },
- {
- "name": "LoadImageW",
- "address": "0x48f744"
- },
- {
- "name": "GetClassNameW",
- "address": "0x48f748"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "StrokePath",
- "address": "0x48f0c4"
- },
- {
- "name": "DeleteObject",
- "address": "0x48f0c8"
- },
- {
- "name": "GetTextExtentPoint32W",
- "address": "0x48f0cc"
- },
- {
- "name": "ExtCreatePen",
- "address": "0x48f0d0"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x48f0d4"
- },
- {
- "name": "EndPath",
- "address": "0x48f0d8"
- },
- {
- "name": "SetPixel",
- "address": "0x48f0dc"
- },
- {
- "name": "CloseFigure",
- "address": "0x48f0e0"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x48f0e4"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x48f0e8"
- },
- {
- "name": "SelectObject",
- "address": "0x48f0ec"
- },
- {
- "name": "StretchBlt",
- "address": "0x48f0f0"
- },
- {
- "name": "GetDIBits",
- "address": "0x48f0f4"
- },
- {
- "name": "LineTo",
- "address": "0x48f0f8"
- },
- {
- "name": "AngleArc",
- "address": "0x48f0fc"
- },
- {
- "name": "MoveToEx",
- "address": "0x48f100"
- },
- {
- "name": "Ellipse",
- "address": "0x48f104"
- },
- {
- "name": "DeleteDC",
- "address": "0x48f108"
- },
- {
- "name": "GetPixel",
- "address": "0x48f10c"
- },
- {
- "name": "CreateDCW",
- "address": "0x48f110"
- },
- {
- "name": "GetStockObject",
- "address": "0x48f114"
- },
- {
- "name": "GetTextFaceW",
- "address": "0x48f118"
- },
- {
- "name": "CreateFontW",
- "address": "0x48f11c"
- },
- {
- "name": "SetTextColor",
- "address": "0x48f120"
- },
- {
- "name": "PolyDraw",
- "address": "0x48f124"
- },
- {
- "name": "BeginPath",
- "address": "0x48f128"
- },
- {
- "name": "Rectangle",
- "address": "0x48f12c"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x48f130"
- },
- {
- "name": "GetObjectW",
- "address": "0x48f134"
- },
- {
- "name": "SetBkMode",
- "address": "0x48f138"
- },
- {
- "name": "RoundRect",
- "address": "0x48f13c"
- },
- {
- "name": "SetBkColor",
- "address": "0x48f140"
- },
- {
- "name": "CreatePen",
- "address": "0x48f144"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x48f148"
- },
- {
- "name": "StrokeAndFillPath",
- "address": "0x48f14c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameW",
- "address": "0x48f0b8"
- },
- {
- "name": "GetSaveFileNameW",
- "address": "0x48f0bc"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "GetAce",
- "address": "0x48f000"
- },
- {
- "name": "RegEnumValueW",
- "address": "0x48f004"
- },
- {
- "name": "RegDeleteValueW",
- "address": "0x48f008"
- },
- {
- "name": "RegDeleteKeyW",
- "address": "0x48f00c"
- },
- {
- "name": "RegEnumKeyExW",
- "address": "0x48f010"
- },
- {
- "name": "RegSetValueExW",
- "address": "0x48f014"
- },
- {
- "name": "RegOpenKeyExW",
- "address": "0x48f018"
- },
- {
- "name": "RegCloseKey",
- "address": "0x48f01c"
- },
- {
- "name": "RegQueryValueExW",
- "address": "0x48f020"
- },
- {
- "name": "RegConnectRegistryW",
- "address": "0x48f024"
- },
- {
- "name": "InitializeSecurityDescriptor",
- "address": "0x48f028"
- },
- {
- "name": "InitializeAcl",
- "address": "0x48f02c"
- },
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x48f030"
- },
- {
- "name": "OpenThreadToken",
- "address": "0x48f034"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x48f038"
- },
- {
- "name": "LookupPrivilegeValueW",
- "address": "0x48f03c"
- },
- {
- "name": "DuplicateTokenEx",
- "address": "0x48f040"
- },
- {
- "name": "CreateProcessAsUserW",
- "address": "0x48f044"
- },
- {
- "name": "CreateProcessWithLogonW",
- "address": "0x48f048"
- },
- {
- "name": "GetLengthSid",
- "address": "0x48f04c"
- },
- {
- "name": "CopySid",
- "address": "0x48f050"
- },
- {
- "name": "LogonUserW",
- "address": "0x48f054"
- },
- {
- "name": "AllocateAndInitializeSid",
- "address": "0x48f058"
- },
- {
- "name": "CheckTokenMembership",
- "address": "0x48f05c"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x48f060"
- },
- {
- "name": "FreeSid",
- "address": "0x48f064"
- },
- {
- "name": "GetTokenInformation",
- "address": "0x48f068"
- },
- {
- "name": "GetSecurityDescriptorDacl",
- "address": "0x48f06c"
- },
- {
- "name": "GetAclInformation",
- "address": "0x48f070"
- },
- {
- "name": "AddAce",
- "address": "0x48f074"
- },
- {
- "name": "SetSecurityDescriptorDacl",
- "address": "0x48f078"
- },
- {
- "name": "GetUserNameW",
- "address": "0x48f07c"
- },
- {
- "name": "InitiateSystemShutdownExW",
- "address": "0x48f080"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "DragQueryPoint",
- "address": "0x48f48c"
- },
- {
- "name": "ShellExecuteExW",
- "address": "0x48f490"
- },
- {
- "name": "DragQueryFileW",
- "address": "0x48f494"
- },
- {
- "name": "SHEmptyRecycleBinW",
- "address": "0x48f498"
- },
- {
- "name": "SHGetPathFromIDListW",
- "address": "0x48f49c"
- },
- {
- "name": "SHBrowseForFolderW",
- "address": "0x48f4a0"
- },
- {
- "name": "SHCreateShellItem",
- "address": "0x48f4a4"
- },
- {
- "name": "SHGetDesktopFolder",
- "address": "0x48f4a8"
- },
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x48f4ac"
- },
- {
- "name": "SHGetFolderPathW",
- "address": "0x48f4b0"
- },
- {
- "name": "SHFileOperationW",
- "address": "0x48f4b4"
- },
- {
- "name": "ExtractIconExW",
- "address": "0x48f4b8"
- },
- {
- "name": "Shell_NotifyIconW",
- "address": "0x48f4bc"
- },
- {
- "name": "ShellExecuteW",
- "address": "0x48f4c0"
- },
- {
- "name": "DragFinish",
- "address": "0x48f4c4"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "CoTaskMemAlloc",
- "address": "0x48f828"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x48f82c"
- },
- {
- "name": "CLSIDFromString",
- "address": "0x48f830"
- },
- {
- "name": "ProgIDFromCLSID",
- "address": "0x48f834"
- },
- {
- "name": "CLSIDFromProgID",
- "address": "0x48f838"
- },
- {
- "name": "OleSetMenuDescriptor",
- "address": "0x48f83c"
- },
- {
- "name": "MkParseDisplayName",
- "address": "0x48f840"
- },
- {
- "name": "OleSetContainedObject",
- "address": "0x48f844"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x48f848"
- },
- {
- "name": "IIDFromString",
- "address": "0x48f84c"
- },
- {
- "name": "StringFromGUID2",
- "address": "0x48f850"
- },
- {
- "name": "CreateStreamOnHGlobal",
- "address": "0x48f854"
- },
- {
- "name": "OleInitialize",
- "address": "0x48f858"
- },
- {
- "name": "OleUninitialize",
- "address": "0x48f85c"
- },
- {
- "name": "CoInitialize",
- "address": "0x48f860"
- },
- {
- "name": "CoUninitialize",
- "address": "0x48f864"
- },
- {
- "name": "GetRunningObjectTable",
- "address": "0x48f868"
- },
- {
- "name": "CoGetInstanceFromFile",
- "address": "0x48f86c"
- },
- {
- "name": "CoGetObject",
- "address": "0x48f870"
- },
- {
- "name": "CoSetProxyBlanket",
- "address": "0x48f874"
- },
- {
- "name": "CoCreateInstanceEx",
- "address": "0x48f878"
- },
- {
- "name": "CoInitializeSecurity",
- "address": "0x48f87c"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "LoadTypeLibEx",
- "address": "0x48f40c"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x48f410"
- },
- {
- "name": "SysReAllocString",
- "address": "0x48f414"
- },
- {
- "name": "SysFreeString",
- "address": "0x48f418"
- },
- {
- "name": "SafeArrayDestroyDescriptor",
- "address": "0x48f41c"
- },
- {
- "name": "SafeArrayDestroyData",
- "address": "0x48f420"
- },
- {
- "name": "SafeArrayUnaccessData",
- "address": "0x48f424"
- },
- {
- "name": "SafeArrayAccessData",
- "address": "0x48f428"
- },
- {
- "name": "SafeArrayAllocData",
- "address": "0x48f42c"
- },
- {
- "name": "SafeArrayAllocDescriptorEx",
- "address": "0x48f430"
- },
- {
- "name": "SafeArrayCreateVector",
- "address": "0x48f434"
- },
- {
- "name": "RegisterTypeLib",
- "address": "0x48f438"
- },
- {
- "name": "CreateStdDispatch",
- "address": "0x48f43c"
- },
- {
- "name": "DispCallFunc",
- "address": "0x48f440"
- },
- {
- "name": "VariantChangeType",
- "address": "0x48f444"
- },
- {
- "name": "SysStringLen",
- "address": "0x48f448"
- },
- {
- "name": "VariantTimeToSystemTime",
- "address": "0x48f44c"
- },
- {
- "name": "VarR8FromDec",
- "address": "0x48f450"
- },
- {
- "name": "SafeArrayGetVartype",
- "address": "0x48f454"
- },
- {
- "name": "VariantCopy",
- "address": "0x48f458"
- },
- {
- "name": "VariantClear",
- "address": "0x48f45c"
- },
- {
- "name": "OleLoadPicture",
- "address": "0x48f460"
- },
- {
- "name": "QueryPathOfRegTypeLib",
- "address": "0x48f464"
- },
- {
- "name": "RegisterTypeLibForUser",
- "address": "0x48f468"
- },
- {
- "name": "UnRegisterTypeLibForUser",
- "address": "0x48f46c"
- },
- {
- "name": "UnRegisterTypeLib",
- "address": "0x48f470"
- },
- {
- "name": "CreateDispTypeInfo",
- "address": "0x48f474"
- },
- {
- "name": "SysAllocString",
- "address": "0x48f478"
- },
- {
- "name": "VariantInit",
- "address": "0x48f47c"
- }
- ],
- "dll": "OLEAUT32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0014ffb4",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0014b672",
- "icon_hash": null,
- "entrypoint": "0x0042800a",
- "timestamp": "2019-06-17 14:52:01",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0008e000",
- "entropy": "6.68",
- "raw_address": "0x00000400",
- "virtual_size": "0x0008dfdd",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0008f000",
- "size_of_data": "0x0002fe00",
- "entropy": "5.76",
- "raw_address": "0x0008e400",
- "virtual_size": "0x0002fd8e",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x000bf000",
- "size_of_data": "0x00005200",
- "entropy": "1.20",
- "raw_address": "0x000be200",
- "virtual_size": "0x00008f74",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000c8000",
- "size_of_data": "0x00082200",
- "entropy": "7.92",
- "raw_address": "0x000c3400",
- "virtual_size": "0x00082118",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0014b000",
- "size_of_data": "0x00007200",
- "entropy": "6.78",
- "raw_address": "0x00145600",
- "virtual_size": "0x00007134",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000bc0cc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000017c"
- },
- {
- "virtual_address": "0x000c8000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00082118"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0014b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007134"
- },
- {
- "virtual_address": "0x00092bc0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000a4b50",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0008f000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000884"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "afcdf79be1557326c854b6e20cb900a7",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 18,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement