Exes_d6f9d30bafb642ff791583a8874b0796_exe_json.json

1.  
2. [*] MalFamily: "Pony"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_d6f9d30bafb642ff791583a8874b0796.exe"
7. [*] File Size: 1361920
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "573570429af3d9c0b945dcb64e3302e0d30a8db1c9eae2f95ed92a75dd3cf197"
10. [*] MD5: "d6f9d30bafb642ff791583a8874b0796"
11. [*] SHA1: "07f7bd5f8d2b14b89a147de550c6a16522597f70"
12. [*] SHA512: "8a5376b1d57b167ecc908fe50d8040b45e930845e452ab68acebcdc61df2d8186c01a7a7199065635a8d347efc4f40c7e5a6ce836eb484cc3e6f7840dbbb4aa2"
13. [*] CRC32: "3DAAC7B7"
14. [*] SSDEEP: "24576:uAHnh+eWsN3skA4RV1Hom2KXMmHaRPnBe51mnhs/y82jsThHAJi1AhM5:Zh+ZkldoPK8YaRJe51mnm/y8ImmQ"
15.  
16. [*] Process Execution: [
17. "Exes_d6f9d30bafb642ff791583a8874b0796.exe",
18. "Exes_d6f9d30bafb642ff791583a8874b0796.exe",
19. "cmd.exe"
20. ]
21.  
22. [*] Signatures Detected: [
23. {
24. "Description": "Creates RWX memory",
25. "Details": []
26. },
27. {
28. "Description": "Possible date expiration check, exits too soon after checking local time",
29. "Details": [
30. {
31. "process": "Exes_d6f9d30bafb642ff791583a8874b0796.exe, PID 1680"
32. }
33. ]
34. },
35. {
36. "Description": "Reads data out of its own binary image",
37. "Details": [
38. {
39. "self_read": "process: Exes_d6f9d30bafb642ff791583a8874b0796.exe, pid: 2136, offset: 0x0014c400, length: 0x00000400"
40. }
41. ]
42. },
43. {
44. "Description": "A process created a hidden window",
45. "Details": [
46. {
47. "Process": "Exes_d6f9d30bafb642ff791583a8874b0796.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
48. }
49. ]
50. },
51. {
52. "Description": "Performs some HTTP requests",
53. "Details": [
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
59. },
60. {
61. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
62. },
63. {
64. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
68. },
69. {
70. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
71. },
72. {
73. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
74. },
75. {
76. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
77. },
78. {
79. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
80. },
81. {
82. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
83. },
84. {
85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
86. },
87. {
88. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
89. },
90. {
91. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
92. },
93. {
94. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
95. },
96. {
97. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
98. },
99. {
100. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
101. },
102. {
103. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
104. },
105. {
106. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
107. },
108. {
109. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
110. },
111. {
112. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
113. },
114. {
115. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
116. },
117. {
118. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
119. },
120. {
121. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
122. },
123. {
124. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
125. },
126. {
127. "url": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes"
128. }
129. ]
130. },
131. {
132. "Description": "The binary likely contains encrypted or compressed data.",
133. "Details": [
134. {
135. "section": "name: .rsrc, entropy: 7.92, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00082200, virtual_size: 0x00082118"
136. }
137. ]
138. },
139. {
140. "Description": "Deletes its original binary from disk",
141. "Details": []
142. },
143. {
144. "Description": "Steals private information from local Internet browsers",
145. "Details": [
146. {
147. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal"
148. },
149. {
150. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
151. },
152. {
153. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal"
154. },
155. {
156. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
157. }
158. ]
159. },
160. {
161. "Description": "Exhibits behavior characteristic of Pony malware",
162. "Details": []
163. },
164. {
165. "Description": "Collects information about installed applications",
166. "Details": [
167. {
168. "Program": "Google Update Helper"
169. },
170. {
171. "Program": "Microsoft Excel MUI 2013"
172. },
173. {
174. "Program": "Microsoft Outlook MUI 2013"
175. },
176. {
177. "Program": "Python 2.7.15"
178. },
179. {
180. "Program": "Google Chrome"
181. },
182. {
183. "Program": "Adobe Flash Player 29 NPAPI"
184. },
185. {
186. "Program": "Adobe Flash Player 29 ActiveX"
187. },
188. {
189. "Program": "Microsoft DCF MUI 2013"
190. },
191. {
192. "Program": "Microsoft Access MUI 2013"
193. },
194. {
195. "Program": "Microsoft Office Proofing Tools 2013 - English"
196. },
197. {
198. "Program": "Adobe Acrobat Reader DC"
199. },
200. {
201. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xef\\xbf\\xb1ol"
202. },
203. {
204. "Program": "Microsoft Publisher MUI 2013"
205. },
206. {
207. "Program": "Outils de v\\xef\\xbf\\xa9rification linguistique 2013 de Microsoft Office\\xef\\xbe\\xa0- Fran\\xef\\xbf\\xa7ais"
208. },
209. {
210. "Program": "Microsoft Office Shared MUI 2013"
211. },
212. {
213. "Program": "Microsoft Office OSM MUI 2013"
214. },
215. {
216. "Program": "Microsoft InfoPath MUI 2013"
217. },
218. {
219. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
220. },
221. {
222. "Program": "Microsoft Word MUI 2013"
223. },
224. {
225. "Program": "Microsoft Groove MUI 2013"
226. },
227. {
228. "Program": "Python 2.7 PIL-1.1.7"
229. },
230. {
231. "Program": "Microsoft Access Setup Metadata MUI 2013"
232. },
233. {
234. "Program": "Microsoft Office OSM UX MUI 2013"
235. },
236. {
237. "Program": "Microsoft PowerPoint MUI 2013"
238. },
239. {
240. "Program": "Microsoft Office Professional Plus 2013"
241. },
242. {
243. "Program": "Adobe Refresh Manager"
244. },
245. {
246. "Program": "Microsoft Office Proofing 2013"
247. },
248. {
249. "Program": "Microsoft Lync MUI 2013"
250. },
251. {
252. "Program": "Python Launcher"
253. },
254. {
255. "Program": "Microsoft OneNote MUI 2013"
256. }
257. ]
258. },
259. {
260. "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
261. "Details": [
262. {
263. "K7AntiVirus": "Trojan ( 700000111 )"
264. },
265. {
266. "K7GW": "Trojan ( 700000111 )"
267. },
268. {
269. "Cybereason": "malicious.f8d2b1"
270. },
271. {
272. "Invincea": "heuristic"
273. },
274. {
275. "F-Prot": "W32/AutoIt.IJ.gen!Eldorado"
276. },
277. {
278. "Symantec": "ML.Attribute.HighConfidence"
279. },
280. {
281. "APEX": "Malicious"
282. },
283. {
284. "Kaspersky": "HEUR:Trojan.Script.Generic"
285. },
286. {
287. "McAfee-GW-Edition": "BehavesLike.Win32.Downloader.tc"
288. },
289. {
290. "Trapmine": "malicious.high.ml.score"
291. },
292. {
293. "FireEye": "Generic.mg.d6f9d30bafb642ff"
294. },
295. {
296. "Cyren": "W32/AutoIt.IJ.gen!Eldorado"
297. },
298. {
299. "Endgame": "malicious (high confidence)"
300. },
301. {
302. "Antiy-AVL": "Trojan/Generic.ASVCS3S.1E5"
303. },
304. {
305. "ZoneAlarm": "HEUR:Trojan.Script.Generic"
306. },
307. {
308. "Microsoft": "Trojan:Win32/Emelent.E!cl"
309. },
310. {
311. "ESET-NOD32": "a variant of Win32/Packed.AutoIt.OM"
312. },
313. {
314. "Acronis": "suspicious"
315. },
316. {
317. "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)"
318. },
319. {
320. "SentinelOne": "DFI - Suspicious PE"
321. },
322. {
323. "Qihoo-360": "HEUR/QVM10.1.EDAC.Malware.Gen"
324. }
325. ]
326. },
327. {
328. "Description": "Harvests credentials from local FTP client softwares",
329. "Details": [
330. {
331. "file": "C:\\Program Files (x86)\\CuteFTP\\sm.dat"
332. },
333. {
334. "file": "C:\\Users\\user\\AppData\\Local\\CuteFTP\\sm.dat"
335. },
336. {
337. "file": "C:\\Users\\user\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP\\sm.dat"
338. },
339. {
340. "file": "C:\\Users\\user\\AppData\\Roaming\\CuteFTP\\sm.dat"
341. },
342. {
343. "file": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP\\sm.dat"
344. },
345. {
346. "file": "C:\\ProgramData\\CuteFTP\\sm.dat"
347. },
348. {
349. "file": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP\\sm.dat"
350. },
351. {
352. "file": "C:\\Users\\user\\AppData\\Local\\GlobalSCAPE\\CuteFTP\\sm.dat"
353. },
354. {
355. "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\4\\Sites.dat"
356. },
357. {
358. "file": "C:\\ProgramData\\FlashFXP\\3\\Sites.dat"
359. },
360. {
361. "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\3\\Sites.dat"
362. },
363. {
364. "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\4\\Sites.dat"
365. },
366. {
367. "file": "C:\\ProgramData\\FlashFXP\\4\\Sites.dat"
368. },
369. {
370. "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\3\\Sites.dat"
371. },
372. {
373. "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\3\\Quick.dat"
374. },
375. {
376. "file": "C:\\ProgramData\\FlashFXP\\4\\Quick.dat"
377. },
378. {
379. "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\4\\Quick.dat"
380. },
381. {
382. "file": "C:\\Users\\user\\AppData\\Local\\FlashFXP\\4\\Quick.dat"
383. },
384. {
385. "file": "C:\\Users\\user\\AppData\\Roaming\\FlashFXP\\3\\Quick.dat"
386. },
387. {
388. "file": "C:\\ProgramData\\FlashFXP\\3\\Quick.dat"
389. },
390. {
391. "file": "C:\\Users\\user\\AppData\\Local\\FileZilla\\sitemanager.xml"
392. },
393. {
394. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\sitemanager.xml"
395. },
396. {
397. "file": "C:\\ProgramData\\FileZilla\\sitemanager.xml"
398. },
399. {
400. "file": "C:\\ProgramData\\FileZilla\\recentservers.xml"
401. },
402. {
403. "file": "C:\\Users\\user\\AppData\\Local\\FileZilla\\recentservers.xml"
404. },
405. {
406. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
407. },
408. {
409. "file": "C:\\Users\\user\\AppData\\Local\\VanDyke\\Config\\Sessions\\*.*"
410. },
411. {
412. "file": "C:\\Users\\user\\AppData\\Roaming\\VanDyke\\Config\\Sessions\\*.*"
413. },
414. {
415. "file": "C:\\ProgramData\\VanDyke\\Config\\Sessions\\*.*"
416. },
417. {
418. "file": "C:\\Users\\user\\AppData\\Roaming\\FTP Explorer\\*.*"
419. },
420. {
421. "file": "C:\\Users\\user\\AppData\\Local\\FTP Explorer\\*.*"
422. },
423. {
424. "file": "C:\\ProgramData\\FTP Explorer\\*.*"
425. },
426. {
427. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\*.*"
428. },
429. {
430. "file": "C:\\Users\\user\\AppData\\Local\\SmartFTP\\*.*"
431. },
432. {
433. "file": "C:\\ProgramData\\SmartFTP\\*.*"
434. },
435. {
436. "file": "C:\\Users\\user\\AppData\\Roaming\\TurboFTP\\*.*"
437. },
438. {
439. "file": "C:\\Users\\user\\AppData\\Local\\TurboFTP\\*.*"
440. },
441. {
442. "file": "C:\\ProgramData\\TurboFTP\\*.*"
443. },
444. {
445. "file": "C:\\Users\\user\\AppData\\Roaming\\FTPRush\\*.*"
446. },
447. {
448. "file": "C:\\Users\\user\\AppData\\Local\\FTPRush\\*.*"
449. },
450. {
451. "file": "C:\\ProgramData\\FTPRush\\*.*"
452. },
453. {
454. "file": "C:\\ProgramData\\LeapWare\\LeapFTP\\*.*"
455. },
456. {
457. "file": "C:\\Users\\user\\AppData\\Local\\LeapWare\\LeapFTP\\*.*"
458. },
459. {
460. "file": "C:\\Users\\user\\AppData\\Roaming\\LeapWare\\LeapFTP\\*.*"
461. },
462. {
463. "file": "C:\\Users\\user\\AppData\\Local\\FTPGetter\\*.*"
464. },
465. {
466. "file": "C:\\Users\\user\\AppData\\Roaming\\FTPGetter\\*.*"
467. },
468. {
469. "file": "C:\\ProgramData\\FTPGetter\\*.*"
470. },
471. {
472. "file": "C:\\Users\\user\\AppData\\Local\\Estsoft\\ALFTP\\*.*"
473. },
474. {
475. "file": "C:\\Users\\user\\AppData\\Roaming\\Estsoft\\ALFTP\\*.*"
476. },
477. {
478. "file": "C:\\ProgramData\\Estsoft\\ALFTP\\*.*"
479. },
480. {
481. "file": "C:\\Program Files (x86)\\Common Files\\Ipswitch\\WS_FTP\\*.*"
482. },
483. {
484. "key": "HKEY_CURRENT_USER\\Software\\Far Manager\\Plugins\\FTP\\Hosts"
485. },
486. {
487. "key": "HKEY_CURRENT_USER\\Software\\Far\\Plugins\\FTP\\Hosts"
488. },
489. {
490. "key": "HKEY_CURRENT_USER\\Software\\Far2\\Plugins\\FTP\\Hosts"
491. },
492. {
493. "key": "HKEY_CURRENT_USER\\Software\\Far\\SavedDialogHistory\\FTPHost"
494. },
495. {
496. "key": "HKEY_CURRENT_USER\\Software\\Far2\\SavedDialogHistory\\FTPHost"
497. },
498. {
499. "key": "HKEY_CURRENT_USER\\Software\\Far Manager\\SavedDialogHistory\\FTPHost"
500. },
501. {
502. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Professional\\QCToolbar"
503. },
504. {
505. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Professional\\QCToolbar"
506. },
507. {
508. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Home\\QCToolbar"
509. },
510. {
511. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Professional\\QCToolbar"
512. },
513. {
514. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Home\\QCToolbar"
515. },
516. {
517. "key": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Home\\QCToolbar"
518. },
519. {
520. "key": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Windows Commander"
521. },
522. {
523. "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Windows Commander"
524. },
525. {
526. "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander"
527. },
528. {
529. "key": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Total Commander"
530. },
531. {
532. "key": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Options"
533. },
534. {
535. "key": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Main"
536. },
537. {
538. "key": "HKEY_CURRENT_USER\\Software\\FileZilla"
539. },
540. {
541. "key": "HKEY_LOCAL_MACHINE\\Software\\FileZilla"
542. },
543. {
544. "key": "HKEY_CURRENT_USER\\Software\\FileZilla Client"
545. },
546. {
547. "key": "HKEY_LOCAL_MACHINE\\Software\\FileZilla Client"
548. },
549. {
550. "key": "HKEY_CURRENT_USER\\Software\\TurboFTP"
551. },
552. {
553. "key": "HKEY_LOCAL_MACHINE\\Software\\TurboFTP"
554. },
555. {
556. "key": "HKEY_CURRENT_USER\\Software\\Sota\\FFFTP\\Options"
557. },
558. {
559. "key": "HKEY_CURRENT_USER\\Software\\Sota\\FFFTP"
560. },
561. {
562. "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
563. },
564. {
565. "key": "HKEY_CURRENT_USER\\Software\\FTP Explorer\\FTP Explorer\\Workspace\\MFCToolBar-224"
566. },
567. {
568. "key": "HKEY_CURRENT_USER\\Software\\FTP Explorer\\Profiles"
569. },
570. {
571. "key": "HKEY_LOCAL_MACHINE\\Software\\FTPClient\\Sites"
572. },
573. {
574. "key": "HKEY_CURRENT_USER\\Software\\FTPClient\\Sites"
575. },
576. {
577. "key": "HKEY_CURRENT_USER\\Software\\LinasFTP\\Site Manager"
578. },
579. {
580. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Robo-FTP 3.7\\Scripts"
581. },
582. {
583. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Robo-FTP 3.7\\FTPServers"
584. },
585. {
586. "key": "HKEY_CURRENT_USER\\SOFTWARE\\Robo-FTP 3.7\\FTPServers"
587. },
588. {
589. "key": "HKEY_CURRENT_USER\\SOFTWARE\\Robo-FTP 3.7\\Scripts"
590. },
591. {
592. "key": "HKEY_CURRENT_USER\\Software\\MAS-Soft\\FTPInfo\\Setup"
593. },
594. {
595. "key": "HKEY_LOCAL_MACHINE\\Software\\SoftX.org\\FTPClient\\Sites"
596. },
597. {
598. "key": "HKEY_CURRENT_USER\\Software\\SoftX.org\\FTPClient\\Sites"
599. },
600. {
601. "key": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Main"
602. },
603. {
604. "key": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Options"
605. }
606. ]
607. },
608. {
609. "Description": "Harvests information related to installed mail clients",
610. "Details": [
611. {
612. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
613. },
614. {
615. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Microsoft Outlook Internet Settings"
616. },
617. {
618. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
619. },
620. {
621. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts"
622. },
623. {
624. "key": "HKEY_CURRENT_USER\\Identities\\{0A258175-2D14-4D69-9955-E200F247250F}\\Software\\Microsoft\\Internet Account Manager\\Accounts"
625. }
626. ]
627. },
628. {
629. "Description": "Anomalous binary characteristics",
630. "Details": [
631. {
632. "anomaly": "Actual checksum does not match that reported in PE header"
633. }
634. ]
635. }
636. ]
637.  
638. [*] Started Service: []
639.  
640. [*] Executed Commands: [
641. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe\"",
642. "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat \"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe\""
643. ]
644.  
645. [*] Mutexes: [
646. "frenchy_shellcode_001",
647. "Local\\_!MSFTHISTORY!_",
648. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
649. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
650. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!"
651. ]
652.  
653. [*] Modified Files: [
654. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
655. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
656. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
657. "\\??\\PIPE\\samr",
658. "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
659. ]
660.  
661. [*] Deleted Files: [
662. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d6f9d30bafb642ff791583a8874b0796.exe",
663. "C:\\Users\\user\\AppData\\Local\\Temp\\27182421.bat"
664. ]
665.  
666. [*] Modified Registry Keys: [
667. "HKEY_CURRENT_USER\\Software\\WinRAR",
668. "HKEY_CURRENT_USER\\Software\\WinRAR\\HWID"
669. ]
670.  
671. [*] Deleted Registry Keys: []
672.  
673. [*] DNS Communications: []
674.  
675. [*] Domains: []
676.  
677. [*] Network Communication - ICMP: []
678.  
679. [*] Network Communication - HTTP: [
680. {
681. "count": 1,
682. "body": "",
683. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
684. "user-agent": "Microsoft-CryptoAPI/6.1",
685. "method": "GET",
686. "host": "ocsp.digicert.com",
687. "version": "1.1",
688. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
689. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
690. "port": 80
691. },
692. {
693. "count": 1,
694. "body": "",
695. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
696. "user-agent": "Microsoft-CryptoAPI/6.1",
697. "method": "GET",
698. "host": "ocsp.digicert.com",
699. "version": "1.1",
700. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
701. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
702. "port": 80
703. },
704. {
705. "count": 1,
706. "body": "",
707. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
708. "user-agent": "Microsoft-CryptoAPI/6.1",
709. "method": "GET",
710. "host": "ocsp.digicert.com",
711. "version": "1.1",
712. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
713. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
714. "port": 80
715. },
716. {
717. "count": 1,
718. "body": "",
719. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
720. "user-agent": "Microsoft-CryptoAPI/6.1",
721. "method": "GET",
722. "host": "ocsp.pki.goog",
723. "version": "1.1",
724. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
725. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
726. "port": 80
727. },
728. {
729. "count": 1,
730. "body": "",
731. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
732. "user-agent": "Microsoft-CryptoAPI/6.1",
733. "method": "GET",
734. "host": "ocsp.digicert.com",
735. "version": "1.1",
736. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
737. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
738. "port": 80
739. },
740. {
741. "count": 1,
742. "body": "",
743. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
744. "user-agent": "Microsoft-CryptoAPI/6.1",
745. "method": "GET",
746. "host": "crl.microsoft.com",
747. "version": "1.1",
748. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
749. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
750. "port": 80
751. },
752. {
753. "count": 1,
754. "body": "",
755. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
756. "user-agent": "Microsoft-CryptoAPI/6.1",
757. "method": "GET",
758. "host": "ocsp.comodoca.com",
759. "version": "1.1",
760. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
761. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
762. "port": 80
763. },
764. {
765. "count": 1,
766. "body": "",
767. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
768. "user-agent": "Microsoft-CryptoAPI/6.1",
769. "method": "GET",
770. "host": "ocsp.pki.goog",
771. "version": "1.1",
772. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
773. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
774. "port": 80
775. },
776. {
777. "count": 1,
778. "body": "",
779. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
780. "user-agent": "Microsoft-CryptoAPI/6.1",
781. "method": "GET",
782. "host": "ocsp.digicert.com",
783. "version": "1.1",
784. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
785. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
786. "port": 80
787. },
788. {
789. "count": 1,
790. "body": "",
791. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
792. "user-agent": "Microsoft-CryptoAPI/6.1",
793. "method": "GET",
794. "host": "www.download.windowsupdate.com",
795. "version": "1.1",
796. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
797. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
798. "port": 80
799. },
800. {
801. "count": 1,
802. "body": "",
803. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
804. "user-agent": "Microsoft-CryptoAPI/6.1",
805. "method": "GET",
806. "host": "crl.microsoft.com",
807. "version": "1.1",
808. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
809. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
810. "port": 80
811. },
812. {
813. "count": 1,
814. "body": "",
815. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
816. "user-agent": "Microsoft-CryptoAPI/6.1",
817. "method": "GET",
818. "host": "ocsp.digicert.com",
819. "version": "1.1",
820. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
821. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
822. "port": 80
823. },
824. {
825. "count": 1,
826. "body": "",
827. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
828. "user-agent": "Microsoft-CryptoAPI/6.1",
829. "method": "GET",
830. "host": "ocsp.digicert.com",
831. "version": "1.1",
832. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
833. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
834. "port": 80
835. },
836. {
837. "count": 1,
838. "body": "",
839. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
840. "user-agent": "Microsoft-CryptoAPI/6.1",
841. "method": "GET",
842. "host": "ocsp.digicert.com",
843. "version": "1.1",
844. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
845. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
846. "port": 80
847. },
848. {
849. "count": 1,
850. "body": "",
851. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
852. "user-agent": "Microsoft-CryptoAPI/6.1",
853. "method": "GET",
854. "host": "ocsp.pki.goog",
855. "version": "1.1",
856. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
857. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
858. "port": 80
859. },
860. {
861. "count": 1,
862. "body": "",
863. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
864. "user-agent": "Microsoft-CryptoAPI/6.1",
865. "method": "GET",
866. "host": "ocsp.pki.goog",
867. "version": "1.1",
868. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
869. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
870. "port": 80
871. },
872. {
873. "count": 1,
874. "body": "",
875. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
876. "user-agent": "Microsoft-CryptoAPI/6.1",
877. "method": "GET",
878. "host": "ocsp.digicert.com",
879. "version": "1.1",
880. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
881. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
882. "port": 80
883. },
884. {
885. "count": 1,
886. "body": "",
887. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
888. "user-agent": "Microsoft-CryptoAPI/6.1",
889. "method": "GET",
890. "host": "ocsp.pki.goog",
891. "version": "1.1",
892. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
893. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
894. "port": 80
895. },
896. {
897. "count": 1,
898. "body": "",
899. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
900. "user-agent": "Microsoft-CryptoAPI/6.1",
901. "method": "GET",
902. "host": "ocsp.msocsp.com",
903. "version": "1.1",
904. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
905. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
906. "port": 80
907. },
908. {
909. "count": 1,
910. "body": "",
911. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
912. "user-agent": "Microsoft-CryptoAPI/6.1",
913. "method": "GET",
914. "host": "ocsp.thawte.com",
915. "version": "1.1",
916. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
917. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
918. "port": 80
919. },
920. {
921. "count": 1,
922. "body": "",
923. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
924. "user-agent": "Microsoft-CryptoAPI/6.1",
925. "method": "GET",
926. "host": "ocsp.usertrust.com",
927. "version": "1.1",
928. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
929. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
930. "port": 80
931. },
932. {
933. "count": 1,
934. "body": "",
935. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
936. "user-agent": "Microsoft-CryptoAPI/6.1",
937. "method": "GET",
938. "host": "th.symcd.com",
939. "version": "1.1",
940. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
941. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
942. "port": 80
943. },
944. {
945. "count": 1,
946. "body": "",
947. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
948. "user-agent": "Microsoft-CryptoAPI/6.1",
949. "method": "GET",
950. "host": "ocsp.digicert.com",
951. "version": "1.1",
952. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
953. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
954. "port": 80
955. },
956. {
957. "count": 1,
958. "body": "",
959. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
960. "user-agent": "Microsoft-CryptoAPI/6.1",
961. "method": "GET",
962. "host": "ocsp.digicert.com",
963. "version": "1.1",
964. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
965. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
966. "port": 80
967. },
968. {
969. "count": 1,
970. "body": "",
971. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
972. "user-agent": "Microsoft-CryptoAPI/6.1",
973. "method": "GET",
974. "host": "ocsp.pki.goog",
975. "version": "1.1",
976. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
977. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
978. "port": 80
979. },
980. {
981. "count": 1,
982. "body": "",
983. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
984. "user-agent": "Microsoft-CryptoAPI/6.1",
985. "method": "GET",
986. "host": "crl.microsoft.com",
987. "version": "1.1",
988. "path": "/pki/crl/products/microsoftrootcert.crl",
989. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
990. "port": 80
991. },
992. {
993. "count": 1,
994. "body": "",
995. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
996. "user-agent": "Microsoft BITS/7.5",
997. "method": "HEAD",
998. "host": "redirector.gvt1.com",
999. "version": "1.1",
1000. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
1001. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
1002. "port": 80
1003. },
1004. {
1005. "count": 1,
1006. "body": "",
1007. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1008. "user-agent": "Microsoft BITS/7.5",
1009. "method": "HEAD",
1010. "host": "r5---sn-a5msen7l.gvt1.com",
1011. "version": "1.1",
1012. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1013. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1014. "port": 80
1015. },
1016. {
1017. "count": 1,
1018. "body": "",
1019. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1020. "user-agent": "Microsoft BITS/7.5",
1021. "method": "GET",
1022. "host": "r5---sn-a5msen7l.gvt1.com",
1023. "version": "1.1",
1024. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1025. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7036\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1026. "port": 80
1027. },
1028. {
1029. "count": 1,
1030. "body": "",
1031. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1032. "user-agent": "Microsoft BITS/7.5",
1033. "method": "GET",
1034. "host": "r5---sn-a5msen7l.gvt1.com",
1035. "version": "1.1",
1036. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1037. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7037-17042\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1038. "port": 80
1039. },
1040. {
1041. "count": 1,
1042. "body": "",
1043. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1044. "user-agent": "Microsoft BITS/7.5",
1045. "method": "GET",
1046. "host": "r5---sn-a5msen7l.gvt1.com",
1047. "version": "1.1",
1048. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1049. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17043-29579\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1050. "port": 80
1051. },
1052. {
1053. "count": 1,
1054. "body": "",
1055. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1056. "user-agent": "Microsoft BITS/7.5",
1057. "method": "GET",
1058. "host": "r5---sn-a5msen7l.gvt1.com",
1059. "version": "1.1",
1060. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1061. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29580-44625\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1062. "port": 80
1063. },
1064. {
1065. "count": 1,
1066. "body": "",
1067. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1068. "user-agent": "Microsoft BITS/7.5",
1069. "method": "GET",
1070. "host": "r5---sn-a5msen7l.gvt1.com",
1071. "version": "1.1",
1072. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1073. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=44626-76391\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1074. "port": 80
1075. },
1076. {
1077. "count": 1,
1078. "body": "",
1079. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1080. "user-agent": "Microsoft BITS/7.5",
1081. "method": "GET",
1082. "host": "r5---sn-a5msen7l.gvt1.com",
1083. "version": "1.1",
1084. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1085. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=76392-94225\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1086. "port": 80
1087. },
1088. {
1089. "count": 1,
1090. "body": "",
1091. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1092. "user-agent": "Microsoft BITS/7.5",
1093. "method": "GET",
1094. "host": "r5---sn-a5msen7l.gvt1.com",
1095. "version": "1.1",
1096. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1097. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=94226-132528\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1098. "port": 80
1099. },
1100. {
1101. "count": 1,
1102. "body": "",
1103. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1104. "user-agent": "Microsoft BITS/7.5",
1105. "method": "GET",
1106. "host": "r5---sn-a5msen7l.gvt1.com",
1107. "version": "1.1",
1108. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1109. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=132529-251845\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1110. "port": 80
1111. },
1112. {
1113. "count": 1,
1114. "body": "",
1115. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1116. "user-agent": "Microsoft BITS/7.5",
1117. "method": "GET",
1118. "host": "r5---sn-a5msen7l.gvt1.com",
1119. "version": "1.1",
1120. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1121. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=251846-371302\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1122. "port": 80
1123. },
1124. {
1125. "count": 1,
1126. "body": "",
1127. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1128. "user-agent": "Microsoft BITS/7.5",
1129. "method": "GET",
1130. "host": "r5---sn-a5msen7l.gvt1.com",
1131. "version": "1.1",
1132. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1133. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=371303-530484\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1134. "port": 80
1135. },
1136. {
1137. "count": 1,
1138. "body": "",
1139. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1140. "user-agent": "Microsoft BITS/7.5",
1141. "method": "GET",
1142. "host": "r5---sn-a5msen7l.gvt1.com",
1143. "version": "1.1",
1144. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1145. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=530485-721066\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1146. "port": 80
1147. },
1148. {
1149. "count": 1,
1150. "body": "",
1151. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1152. "user-agent": "Microsoft BITS/7.5",
1153. "method": "GET",
1154. "host": "r5---sn-a5msen7l.gvt1.com",
1155. "version": "1.1",
1156. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1157. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=721067-1033388\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1158. "port": 80
1159. },
1160. {
1161. "count": 1,
1162. "body": "",
1163. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1164. "user-agent": "Microsoft BITS/7.5",
1165. "method": "GET",
1166. "host": "r5---sn-a5msen7l.gvt1.com",
1167. "version": "1.1",
1168. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1169. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1033389-1338018\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1170. "port": 80
1171. },
1172. {
1173. "count": 1,
1174. "body": "",
1175. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1176. "user-agent": "Microsoft BITS/7.5",
1177. "method": "GET",
1178. "host": "r5---sn-a5msen7l.gvt1.com",
1179. "version": "1.1",
1180. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1181. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1338019-1728181\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1182. "port": 80
1183. },
1184. {
1185. "count": 1,
1186. "body": "",
1187. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1188. "user-agent": "Microsoft BITS/7.5",
1189. "method": "GET",
1190. "host": "r5---sn-a5msen7l.gvt1.com",
1191. "version": "1.1",
1192. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1193. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1728182-2098972\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1194. "port": 80
1195. },
1196. {
1197. "count": 1,
1198. "body": "",
1199. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1200. "user-agent": "Microsoft BITS/7.5",
1201. "method": "GET",
1202. "host": "r5---sn-a5msen7l.gvt1.com",
1203. "version": "1.1",
1204. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1205. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2098973-2489325\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1206. "port": 80
1207. },
1208. {
1209. "count": 1,
1210. "body": "",
1211. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1212. "user-agent": "Microsoft BITS/7.5",
1213. "method": "GET",
1214. "host": "r5---sn-a5msen7l.gvt1.com",
1215. "version": "1.1",
1216. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1217. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2489326-2863066\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1218. "port": 80
1219. },
1220. {
1221. "count": 1,
1222. "body": "",
1223. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1224. "user-agent": "Microsoft BITS/7.5",
1225. "method": "GET",
1226. "host": "r5---sn-a5msen7l.gvt1.com",
1227. "version": "1.1",
1228. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1229. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2863067-3289430\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1230. "port": 80
1231. },
1232. {
1233. "count": 1,
1234. "body": "",
1235. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1236. "user-agent": "Microsoft BITS/7.5",
1237. "method": "GET",
1238. "host": "r5---sn-a5msen7l.gvt1.com",
1239. "version": "1.1",
1240. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1241. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3289431-3914209\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1242. "port": 80
1243. },
1244. {
1245. "count": 1,
1246. "body": "",
1247. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1248. "user-agent": "Microsoft BITS/7.5",
1249. "method": "GET",
1250. "host": "r5---sn-a5msen7l.gvt1.com",
1251. "version": "1.1",
1252. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1253. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3914210-4299952\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1254. "port": 80
1255. },
1256. {
1257. "count": 1,
1258. "body": "",
1259. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1260. "user-agent": "Microsoft BITS/7.5",
1261. "method": "GET",
1262. "host": "r5---sn-a5msen7l.gvt1.com",
1263. "version": "1.1",
1264. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1265. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4299953-4697783\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1266. "port": 80
1267. },
1268. {
1269. "count": 1,
1270. "body": "",
1271. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1272. "user-agent": "Microsoft BITS/7.5",
1273. "method": "GET",
1274. "host": "r5---sn-a5msen7l.gvt1.com",
1275. "version": "1.1",
1276. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1277. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4697784-5100081\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1278. "port": 80
1279. },
1280. {
1281. "count": 1,
1282. "body": "",
1283. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1284. "user-agent": "Microsoft BITS/7.5",
1285. "method": "GET",
1286. "host": "r5---sn-a5msen7l.gvt1.com",
1287. "version": "1.1",
1288. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1289. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5100082-5701635\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1290. "port": 80
1291. },
1292. {
1293. "count": 1,
1294. "body": "",
1295. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1296. "user-agent": "Microsoft BITS/7.5",
1297. "method": "GET",
1298. "host": "r5---sn-a5msen7l.gvt1.com",
1299. "version": "1.1",
1300. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1301. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5701636-6244428\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1302. "port": 80
1303. },
1304. {
1305. "count": 1,
1306. "body": "",
1307. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1308. "user-agent": "Microsoft BITS/7.5",
1309. "method": "GET",
1310. "host": "r5---sn-a5msen7l.gvt1.com",
1311. "version": "1.1",
1312. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1313. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6244429-6671613\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1314. "port": 80
1315. },
1316. {
1317. "count": 1,
1318. "body": "",
1319. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1320. "user-agent": "Microsoft BITS/7.5",
1321. "method": "GET",
1322. "host": "r5---sn-a5msen7l.gvt1.com",
1323. "version": "1.1",
1324. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1325. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6671614-7173344\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1326. "port": 80
1327. },
1328. {
1329. "count": 1,
1330. "body": "",
1331. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1332. "user-agent": "Microsoft BITS/7.5",
1333. "method": "GET",
1334. "host": "r5---sn-a5msen7l.gvt1.com",
1335. "version": "1.1",
1336. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1337. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7173345-7944830\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1338. "port": 80
1339. },
1340. {
1341. "count": 1,
1342. "body": "",
1343. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1344. "user-agent": "Microsoft BITS/7.5",
1345. "method": "GET",
1346. "host": "r5---sn-a5msen7l.gvt1.com",
1347. "version": "1.1",
1348. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1349. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7944831-8715022\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1350. "port": 80
1351. },
1352. {
1353. "count": 1,
1354. "body": "",
1355. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1356. "user-agent": "Microsoft BITS/7.5",
1357. "method": "GET",
1358. "host": "r5---sn-a5msen7l.gvt1.com",
1359. "version": "1.1",
1360. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1361. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8715023-9534495\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1362. "port": 80
1363. },
1364. {
1365. "count": 1,
1366. "body": "",
1367. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1368. "user-agent": "Microsoft BITS/7.5",
1369. "method": "GET",
1370. "host": "r5---sn-a5msen7l.gvt1.com",
1371. "version": "1.1",
1372. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1373. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9534496-10051540\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1374. "port": 80
1375. },
1376. {
1377. "count": 1,
1378. "body": "",
1379. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1380. "user-agent": "Microsoft BITS/7.5",
1381. "method": "GET",
1382. "host": "r5---sn-a5msen7l.gvt1.com",
1383. "version": "1.1",
1384. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1385. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10051541-10617647\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1386. "port": 80
1387. },
1388. {
1389. "count": 1,
1390. "body": "",
1391. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1392. "user-agent": "Microsoft BITS/7.5",
1393. "method": "GET",
1394. "host": "r5---sn-a5msen7l.gvt1.com",
1395. "version": "1.1",
1396. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1397. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10617648-11449239\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1398. "port": 80
1399. },
1400. {
1401. "count": 1,
1402. "body": "",
1403. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1404. "user-agent": "Microsoft BITS/7.5",
1405. "method": "GET",
1406. "host": "r5---sn-a5msen7l.gvt1.com",
1407. "version": "1.1",
1408. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1409. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11449240-11935235\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1410. "port": 80
1411. },
1412. {
1413. "count": 1,
1414. "body": "",
1415. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1416. "user-agent": "Microsoft BITS/7.5",
1417. "method": "GET",
1418. "host": "r5---sn-a5msen7l.gvt1.com",
1419. "version": "1.1",
1420. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes",
1421. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560794077&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11935236-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
1422. "port": 80
1423. }
1424. ]
1425.  
1426. [*] Network Communication - SMTP: []
1427.  
1428. [*] Network Communication - Hosts: []
1429.  
1430. [*] Network Communication - IRC: []
1431.  
1432. [*] Static Analysis: {
1433. "pe": {
1434. "peid_signatures": null,
1435. "imports": [
1436. {
1437. "imports": [
1438. {
1439. "name": "WSACleanup",
1440. "address": "0x48f7c8"
1441. },
1442. {
1443. "name": "socket",
1444. "address": "0x48f7cc"
1445. },
1446. {
1447. "name": "inet_ntoa",
1448. "address": "0x48f7d0"
1449. },
1450. {
1451. "name": "setsockopt",
1452. "address": "0x48f7d4"
1453. },
1454. {
1455. "name": "ntohs",
1456. "address": "0x48f7d8"
1457. },
1458. {
1459. "name": "recvfrom",
1460. "address": "0x48f7dc"
1461. },
1462. {
1463. "name": "ioctlsocket",
1464. "address": "0x48f7e0"
1465. },
1466. {
1467. "name": "htons",
1468. "address": "0x48f7e4"
1469. },
1470. {
1471. "name": "WSAStartup",
1472. "address": "0x48f7e8"
1473. },
1474. {
1475. "name": "__WSAFDIsSet",
1476. "address": "0x48f7ec"
1477. },
1478. {
1479. "name": "select",
1480. "address": "0x48f7f0"
1481. },
1482. {
1483. "name": "accept",
1484. "address": "0x48f7f4"
1485. },
1486. {
1487. "name": "listen",
1488. "address": "0x48f7f8"
1489. },
1490. {
1491. "name": "bind",
1492. "address": "0x48f7fc"
1493. },
1494. {
1495. "name": "closesocket",
1496. "address": "0x48f800"
1497. },
1498. {
1499. "name": "WSAGetLastError",
1500. "address": "0x48f804"
1501. },
1502. {
1503. "name": "recv",
1504. "address": "0x48f808"
1505. },
1506. {
1507. "name": "sendto",
1508. "address": "0x48f80c"
1509. },
1510. {
1511. "name": "send",
1512. "address": "0x48f810"
1513. },
1514. {
1515. "name": "inet_addr",
1516. "address": "0x48f814"
1517. },
1518. {
1519. "name": "gethostbyname",
1520. "address": "0x48f818"
1521. },
1522. {
1523. "name": "gethostname",
1524. "address": "0x48f81c"
1525. },
1526. {
1527. "name": "connect",
1528. "address": "0x48f820"
1529. }
1530. ],
1531. "dll": "WSOCK32.dll"
1532. },
1533. {
1534. "imports": [
1535. {
1536. "name": "GetFileVersionInfoW",
1537. "address": "0x48f76c"
1538. },
1539. {
1540. "name": "GetFileVersionInfoSizeW",
1541. "address": "0x48f770"
1542. },
1543. {
1544. "name": "VerQueryValueW",
1545. "address": "0x48f774"
1546. }
1547. ],
1548. "dll": "VERSION.dll"
1549. },
1550. {
1551. "imports": [
1552. {
1553. "name": "timeGetTime",
1554. "address": "0x48f7b8"
1555. },
1556. {
1557. "name": "waveOutSetVolume",
1558. "address": "0x48f7bc"
1559. },
1560. {
1561. "name": "mciSendStringW",
1562. "address": "0x48f7c0"
1563. }
1564. ],
1565. "dll": "WINMM.dll"
1566. },
1567. {
1568. "imports": [
1569. {
1570. "name": "ImageList_ReplaceIcon",
1571. "address": "0x48f088"
1572. },
1573. {
1574. "name": "ImageList_Destroy",
1575. "address": "0x48f08c"
1576. },
1577. {
1578. "name": "ImageList_Remove",
1579. "address": "0x48f090"
1580. },
1581. {
1582. "name": "ImageList_SetDragCursorImage",
1583. "address": "0x48f094"
1584. },
1585. {
1586. "name": "ImageList_BeginDrag",
1587. "address": "0x48f098"
1588. },
1589. {
1590. "name": "ImageList_DragEnter",
1591. "address": "0x48f09c"
1592. },
1593. {
1594. "name": "ImageList_DragLeave",
1595. "address": "0x48f0a0"
1596. },
1597. {
1598. "name": "ImageList_EndDrag",
1599. "address": "0x48f0a4"
1600. },
1601. {
1602. "name": "ImageList_DragMove",
1603. "address": "0x48f0a8"
1604. },
1605. {
1606. "name": "InitCommonControlsEx",
1607. "address": "0x48f0ac"
1608. },
1609. {
1610. "name": "ImageList_Create",
1611. "address": "0x48f0b0"
1612. }
1613. ],
1614. "dll": "COMCTL32.dll"
1615. },
1616. {
1617. "imports": [
1618. {
1619. "name": "WNetUseConnectionW",
1620. "address": "0x48f3f8"
1621. },
1622. {
1623. "name": "WNetCancelConnection2W",
1624. "address": "0x48f3fc"
1625. },
1626. {
1627. "name": "WNetGetConnectionW",
1628. "address": "0x48f400"
1629. },
1630. {
1631. "name": "WNetAddConnection2W",
1632. "address": "0x48f404"
1633. }
1634. ],
1635. "dll": "MPR.dll"
1636. },
1637. {
1638. "imports": [
1639. {
1640. "name": "InternetQueryDataAvailable",
1641. "address": "0x48f77c"
1642. },
1643. {
1644. "name": "InternetCloseHandle",
1645. "address": "0x48f780"
1646. },
1647. {
1648. "name": "InternetOpenW",
1649. "address": "0x48f784"
1650. },
1651. {
1652. "name": "InternetSetOptionW",
1653. "address": "0x48f788"
1654. },
1655. {
1656. "name": "InternetCrackUrlW",
1657. "address": "0x48f78c"
1658. },
1659. {
1660. "name": "HttpQueryInfoW",
1661. "address": "0x48f790"
1662. },
1663. {
1664. "name": "InternetQueryOptionW",
1665. "address": "0x48f794"
1666. },
1667. {
1668. "name": "HttpOpenRequestW",
1669. "address": "0x48f798"
1670. },
1671. {
1672. "name": "HttpSendRequestW",
1673. "address": "0x48f79c"
1674. },
1675. {
1676. "name": "FtpOpenFileW",
1677. "address": "0x48f7a0"
1678. },
1679. {
1680. "name": "FtpGetFileSize",
1681. "address": "0x48f7a4"
1682. },
1683. {
1684. "name": "InternetOpenUrlW",
1685. "address": "0x48f7a8"
1686. },
1687. {
1688. "name": "InternetReadFile",
1689. "address": "0x48f7ac"
1690. },
1691. {
1692. "name": "InternetConnectW",
1693. "address": "0x48f7b0"
1694. }
1695. ],
1696. "dll": "WININET.dll"
1697. },
1698. {
1699. "imports": [
1700. {
1701. "name": "GetProcessMemoryInfo",
1702. "address": "0x48f484"
1703. }
1704. ],
1705. "dll": "PSAPI.DLL"
1706. },
1707. {
1708. "imports": [
1709. {
1710. "name": "IcmpCreateFile",
1711. "address": "0x48f154"
1712. },
1713. {
1714. "name": "IcmpCloseHandle",
1715. "address": "0x48f158"
1716. },
1717. {
1718. "name": "IcmpSendEcho",
1719. "address": "0x48f15c"
1720. }
1721. ],
1722. "dll": "IPHLPAPI.DLL"
1723. },
1724. {
1725. "imports": [
1726. {
1727. "name": "DestroyEnvironmentBlock",
1728. "address": "0x48f750"
1729. },
1730. {
1731. "name": "UnloadUserProfile",
1732. "address": "0x48f754"
1733. },
1734. {
1735. "name": "CreateEnvironmentBlock",
1736. "address": "0x48f758"
1737. },
1738. {
1739. "name": "LoadUserProfileW",
1740. "address": "0x48f75c"
1741. }
1742. ],
1743. "dll": "USERENV.dll"
1744. },
1745. {
1746. "imports": [
1747. {
1748. "name": "IsThemeActive",
1749. "address": "0x48f764"
1750. }
1751. ],
1752. "dll": "UxTheme.dll"
1753. },
1754. {
1755. "imports": [
1756. {
1757. "name": "DuplicateHandle",
1758. "address": "0x48f164"
1759. },
1760. {
1761. "name": "CreateThread",
1762. "address": "0x48f168"
1763. },
1764. {
1765. "name": "WaitForSingleObject",
1766. "address": "0x48f16c"
1767. },
1768. {
1769. "name": "HeapAlloc",
1770. "address": "0x48f170"
1771. },
1772. {
1773. "name": "GetProcessHeap",
1774. "address": "0x48f174"
1775. },
1776. {
1777. "name": "HeapFree",
1778. "address": "0x48f178"
1779. },
1780. {
1781. "name": "Sleep",
1782. "address": "0x48f17c"
1783. },
1784. {
1785. "name": "GetCurrentThreadId",
1786. "address": "0x48f180"
1787. },
1788. {
1789. "name": "MultiByteToWideChar",
1790. "address": "0x48f184"
1791. },
1792. {
1793. "name": "MulDiv",
1794. "address": "0x48f188"
1795. },
1796. {
1797. "name": "GetVersionExW",
1798. "address": "0x48f18c"
1799. },
1800. {
1801. "name": "IsWow64Process",
1802. "address": "0x48f190"
1803. },
1804. {
1805. "name": "GetSystemInfo",
1806. "address": "0x48f194"
1807. },
1808. {
1809. "name": "FreeLibrary",
1810. "address": "0x48f198"
1811. },
1812. {
1813. "name": "LoadLibraryA",
1814. "address": "0x48f19c"
1815. },
1816. {
1817. "name": "GetProcAddress",
1818. "address": "0x48f1a0"
1819. },
1820. {
1821. "name": "SetErrorMode",
1822. "address": "0x48f1a4"
1823. },
1824. {
1825. "name": "GetModuleFileNameW",
1826. "address": "0x48f1a8"
1827. },
1828. {
1829. "name": "WideCharToMultiByte",
1830. "address": "0x48f1ac"
1831. },
1832. {
1833. "name": "lstrcpyW",
1834. "address": "0x48f1b0"
1835. },
1836. {
1837. "name": "lstrlenW",
1838. "address": "0x48f1b4"
1839. },
1840. {
1841. "name": "GetModuleHandleW",
1842. "address": "0x48f1b8"
1843. },
1844. {
1845. "name": "QueryPerformanceCounter",
1846. "address": "0x48f1bc"
1847. },
1848. {
1849. "name": "VirtualFreeEx",
1850. "address": "0x48f1c0"
1851. },
1852. {
1853. "name": "OpenProcess",
1854. "address": "0x48f1c4"
1855. },
1856. {
1857. "name": "VirtualAllocEx",
1858. "address": "0x48f1c8"
1859. },
1860. {
1861. "name": "WriteProcessMemory",
1862. "address": "0x48f1cc"
1863. },
1864. {
1865. "name": "ReadProcessMemory",
1866. "address": "0x48f1d0"
1867. },
1868. {
1869. "name": "CreateFileW",
1870. "address": "0x48f1d4"
1871. },
1872. {
1873. "name": "SetFilePointerEx",
1874. "address": "0x48f1d8"
1875. },
1876. {
1877. "name": "SetEndOfFile",
1878. "address": "0x48f1dc"
1879. },
1880. {
1881. "name": "ReadFile",
1882. "address": "0x48f1e0"
1883. },
1884. {
1885. "name": "WriteFile",
1886. "address": "0x48f1e4"
1887. },
1888. {
1889. "name": "FlushFileBuffers",
1890. "address": "0x48f1e8"
1891. },
1892. {
1893. "name": "TerminateProcess",
1894. "address": "0x48f1ec"
1895. },
1896. {
1897. "name": "CreateToolhelp32Snapshot",
1898. "address": "0x48f1f0"
1899. },
1900. {
1901. "name": "Process32FirstW",
1902. "address": "0x48f1f4"
1903. },
1904. {
1905. "name": "Process32NextW",
1906. "address": "0x48f1f8"
1907. },
1908. {
1909. "name": "SetFileTime",
1910. "address": "0x48f1fc"
1911. },
1912. {
1913. "name": "GetFileAttributesW",
1914. "address": "0x48f200"
1915. },
1916. {
1917. "name": "FindFirstFileW",
1918. "address": "0x48f204"
1919. },
1920. {
1921. "name": "SetCurrentDirectoryW",
1922. "address": "0x48f208"
1923. },
1924. {
1925. "name": "GetLongPathNameW",
1926. "address": "0x48f20c"
1927. },
1928. {
1929. "name": "GetShortPathNameW",
1930. "address": "0x48f210"
1931. },
1932. {
1933. "name": "DeleteFileW",
1934. "address": "0x48f214"
1935. },
1936. {
1937. "name": "FindNextFileW",
1938. "address": "0x48f218"
1939. },
1940. {
1941. "name": "CopyFileExW",
1942. "address": "0x48f21c"
1943. },
1944. {
1945. "name": "MoveFileW",
1946. "address": "0x48f220"
1947. },
1948. {
1949. "name": "CreateDirectoryW",
1950. "address": "0x48f224"
1951. },
1952. {
1953. "name": "RemoveDirectoryW",
1954. "address": "0x48f228"
1955. },
1956. {
1957. "name": "SetSystemPowerState",
1958. "address": "0x48f22c"
1959. },
1960. {
1961. "name": "QueryPerformanceFrequency",
1962. "address": "0x48f230"
1963. },
1964. {
1965. "name": "FindResourceW",
1966. "address": "0x48f234"
1967. },
1968. {
1969. "name": "LoadResource",
1970. "address": "0x48f238"
1971. },
1972. {
1973. "name": "LockResource",
1974. "address": "0x48f23c"
1975. },
1976. {
1977. "name": "SizeofResource",
1978. "address": "0x48f240"
1979. },
1980. {
1981. "name": "EnumResourceNamesW",
1982. "address": "0x48f244"
1983. },
1984. {
1985. "name": "OutputDebugStringW",
1986. "address": "0x48f248"
1987. },
1988. {
1989. "name": "GetTempPathW",
1990. "address": "0x48f24c"
1991. },
1992. {
1993. "name": "GetTempFileNameW",
1994. "address": "0x48f250"
1995. },
1996. {
1997. "name": "DeviceIoControl",
1998. "address": "0x48f254"
1999. },
2000. {
2001. "name": "GetLocalTime",
2002. "address": "0x48f258"
2003. },
2004. {
2005. "name": "CompareStringW",
2006. "address": "0x48f25c"
2007. },
2008. {
2009. "name": "GetCurrentProcess",
2010. "address": "0x48f260"
2011. },
2012. {
2013. "name": "EnterCriticalSection",
2014. "address": "0x48f264"
2015. },
2016. {
2017. "name": "LeaveCriticalSection",
2018. "address": "0x48f268"
2019. },
2020. {
2021. "name": "GetStdHandle",
2022. "address": "0x48f26c"
2023. },
2024. {
2025. "name": "CreatePipe",
2026. "address": "0x48f270"
2027. },
2028. {
2029. "name": "InterlockedExchange",
2030. "address": "0x48f274"
2031. },
2032. {
2033. "name": "TerminateThread",
2034. "address": "0x48f278"
2035. },
2036. {
2037. "name": "LoadLibraryExW",
2038. "address": "0x48f27c"
2039. },
2040. {
2041. "name": "FindResourceExW",
2042. "address": "0x48f280"
2043. },
2044. {
2045. "name": "CopyFileW",
2046. "address": "0x48f284"
2047. },
2048. {
2049. "name": "VirtualFree",
2050. "address": "0x48f288"
2051. },
2052. {
2053. "name": "FormatMessageW",
2054. "address": "0x48f28c"
2055. },
2056. {
2057. "name": "GetExitCodeProcess",
2058. "address": "0x48f290"
2059. },
2060. {
2061. "name": "GetPrivateProfileStringW",
2062. "address": "0x48f294"
2063. },
2064. {
2065. "name": "WritePrivateProfileStringW",
2066. "address": "0x48f298"
2067. },
2068. {
2069. "name": "GetPrivateProfileSectionW",
2070. "address": "0x48f29c"
2071. },
2072. {
2073. "name": "WritePrivateProfileSectionW",
2074. "address": "0x48f2a0"
2075. },
2076. {
2077. "name": "GetPrivateProfileSectionNamesW",
2078. "address": "0x48f2a4"
2079. },
2080. {
2081. "name": "FileTimeToLocalFileTime",
2082. "address": "0x48f2a8"
2083. },
2084. {
2085. "name": "FileTimeToSystemTime",
2086. "address": "0x48f2ac"
2087. },
2088. {
2089. "name": "SystemTimeToFileTime",
2090. "address": "0x48f2b0"
2091. },
2092. {
2093. "name": "LocalFileTimeToFileTime",
2094. "address": "0x48f2b4"
2095. },
2096. {
2097. "name": "GetDriveTypeW",
2098. "address": "0x48f2b8"
2099. },
2100. {
2101. "name": "GetDiskFreeSpaceExW",
2102. "address": "0x48f2bc"
2103. },
2104. {
2105. "name": "GetDiskFreeSpaceW",
2106. "address": "0x48f2c0"
2107. },
2108. {
2109. "name": "GetVolumeInformationW",
2110. "address": "0x48f2c4"
2111. },
2112. {
2113. "name": "SetVolumeLabelW",
2114. "address": "0x48f2c8"
2115. },
2116. {
2117. "name": "CreateHardLinkW",
2118. "address": "0x48f2cc"
2119. },
2120. {
2121. "name": "SetFileAttributesW",
2122. "address": "0x48f2d0"
2123. },
2124. {
2125. "name": "CreateEventW",
2126. "address": "0x48f2d4"
2127. },
2128. {
2129. "name": "SetEvent",
2130. "address": "0x48f2d8"
2131. },
2132. {
2133. "name": "GetEnvironmentVariableW",
2134. "address": "0x48f2dc"
2135. },
2136. {
2137. "name": "SetEnvironmentVariableW",
2138. "address": "0x48f2e0"
2139. },
2140. {
2141. "name": "GlobalLock",
2142. "address": "0x48f2e4"
2143. },
2144. {
2145. "name": "GlobalUnlock",
2146. "address": "0x48f2e8"
2147. },
2148. {
2149. "name": "GlobalAlloc",
2150. "address": "0x48f2ec"
2151. },
2152. {
2153. "name": "GetFileSize",
2154. "address": "0x48f2f0"
2155. },
2156. {
2157. "name": "GlobalFree",
2158. "address": "0x48f2f4"
2159. },
2160. {
2161. "name": "GlobalMemoryStatusEx",
2162. "address": "0x48f2f8"
2163. },
2164. {
2165. "name": "Beep",
2166. "address": "0x48f2fc"
2167. },
2168. {
2169. "name": "GetSystemDirectoryW",
2170. "address": "0x48f300"
2171. },
2172. {
2173. "name": "HeapReAlloc",
2174. "address": "0x48f304"
2175. },
2176. {
2177. "name": "HeapSize",
2178. "address": "0x48f308"
2179. },
2180. {
2181. "name": "GetComputerNameW",
2182. "address": "0x48f30c"
2183. },
2184. {
2185. "name": "GetWindowsDirectoryW",
2186. "address": "0x48f310"
2187. },
2188. {
2189. "name": "GetCurrentProcessId",
2190. "address": "0x48f314"
2191. },
2192. {
2193. "name": "GetProcessIoCounters",
2194. "address": "0x48f318"
2195. },
2196. {
2197. "name": "CreateProcessW",
2198. "address": "0x48f31c"
2199. },
2200. {
2201. "name": "GetProcessId",
2202. "address": "0x48f320"
2203. },
2204. {
2205. "name": "SetPriorityClass",
2206. "address": "0x48f324"
2207. },
2208. {
2209. "name": "LoadLibraryW",
2210. "address": "0x48f328"
2211. },
2212. {
2213. "name": "VirtualAlloc",
2214. "address": "0x48f32c"
2215. },
2216. {
2217. "name": "IsDebuggerPresent",
2218. "address": "0x48f330"
2219. },
2220. {
2221. "name": "GetCurrentDirectoryW",
2222. "address": "0x48f334"
2223. },
2224. {
2225. "name": "lstrcmpiW",
2226. "address": "0x48f338"
2227. },
2228. {
2229. "name": "DecodePointer",
2230. "address": "0x48f33c"
2231. },
2232. {
2233. "name": "GetLastError",
2234. "address": "0x48f340"
2235. },
2236. {
2237. "name": "RaiseException",
2238. "address": "0x48f344"
2239. },
2240. {
2241. "name": "InitializeCriticalSectionAndSpinCount",
2242. "address": "0x48f348"
2243. },
2244. {
2245. "name": "DeleteCriticalSection",
2246. "address": "0x48f34c"
2247. },
2248. {
2249. "name": "InterlockedDecrement",
2250. "address": "0x48f350"
2251. },
2252. {
2253. "name": "InterlockedIncrement",
2254. "address": "0x48f354"
2255. },
2256. {
2257. "name": "GetCurrentThread",
2258. "address": "0x48f358"
2259. },
2260. {
2261. "name": "CloseHandle",
2262. "address": "0x48f35c"
2263. },
2264. {
2265. "name": "GetFullPathNameW",
2266. "address": "0x48f360"
2267. },
2268. {
2269. "name": "EncodePointer",
2270. "address": "0x48f364"
2271. },
2272. {
2273. "name": "ExitProcess",
2274. "address": "0x48f368"
2275. },
2276. {
2277. "name": "GetModuleHandleExW",
2278. "address": "0x48f36c"
2279. },
2280. {
2281. "name": "ExitThread",
2282. "address": "0x48f370"
2283. },
2284. {
2285. "name": "GetSystemTimeAsFileTime",
2286. "address": "0x48f374"
2287. },
2288. {
2289. "name": "ResumeThread",
2290. "address": "0x48f378"
2291. },
2292. {
2293. "name": "GetCommandLineW",
2294. "address": "0x48f37c"
2295. },
2296. {
2297. "name": "IsProcessorFeaturePresent",
2298. "address": "0x48f380"
2299. },
2300. {
2301. "name": "IsValidCodePage",
2302. "address": "0x48f384"
2303. },
2304. {
2305. "name": "GetACP",
2306. "address": "0x48f388"
2307. },
2308. {
2309. "name": "GetOEMCP",
2310. "address": "0x48f38c"
2311. },
2312. {
2313. "name": "GetCPInfo",
2314. "address": "0x48f390"
2315. },
2316. {
2317. "name": "SetLastError",
2318. "address": "0x48f394"
2319. },
2320. {
2321. "name": "UnhandledExceptionFilter",
2322. "address": "0x48f398"
2323. },
2324. {
2325. "name": "SetUnhandledExceptionFilter",
2326. "address": "0x48f39c"
2327. },
2328. {
2329. "name": "TlsAlloc",
2330. "address": "0x48f3a0"
2331. },
2332. {
2333. "name": "TlsGetValue",
2334. "address": "0x48f3a4"
2335. },
2336. {
2337. "name": "TlsSetValue",
2338. "address": "0x48f3a8"
2339. },
2340. {
2341. "name": "TlsFree",
2342. "address": "0x48f3ac"
2343. },
2344. {
2345. "name": "GetStartupInfoW",
2346. "address": "0x48f3b0"
2347. },
2348. {
2349. "name": "GetStringTypeW",
2350. "address": "0x48f3b4"
2351. },
2352. {
2353. "name": "SetStdHandle",
2354. "address": "0x48f3b8"
2355. },
2356. {
2357. "name": "GetFileType",
2358. "address": "0x48f3bc"
2359. },
2360. {
2361. "name": "GetConsoleCP",
2362. "address": "0x48f3c0"
2363. },
2364. {
2365. "name": "GetConsoleMode",
2366. "address": "0x48f3c4"
2367. },
2368. {
2369. "name": "RtlUnwind",
2370. "address": "0x48f3c8"
2371. },
2372. {
2373. "name": "ReadConsoleW",
2374. "address": "0x48f3cc"
2375. },
2376. {
2377. "name": "GetTimeZoneInformation",
2378. "address": "0x48f3d0"
2379. },
2380. {
2381. "name": "GetDateFormatW",
2382. "address": "0x48f3d4"
2383. },
2384. {
2385. "name": "GetTimeFormatW",
2386. "address": "0x48f3d8"
2387. },
2388. {
2389. "name": "LCMapStringW",
2390. "address": "0x48f3dc"
2391. },
2392. {
2393. "name": "GetEnvironmentStringsW",
2394. "address": "0x48f3e0"
2395. },
2396. {
2397. "name": "FreeEnvironmentStringsW",
2398. "address": "0x48f3e4"
2399. },
2400. {
2401. "name": "WriteConsoleW",
2402. "address": "0x48f3e8"
2403. },
2404. {
2405. "name": "FindClose",
2406. "address": "0x48f3ec"
2407. },
2408. {
2409. "name": "SetEnvironmentVariableA",
2410. "address": "0x48f3f0"
2411. }
2412. ],
2413. "dll": "KERNEL32.dll"
2414. },
2415. {
2416. "imports": [
2417. {
2418. "name": "AdjustWindowRectEx",
2419. "address": "0x48f4cc"
2420. },
2421. {
2422. "name": "CopyImage",
2423. "address": "0x48f4d0"
2424. },
2425. {
2426. "name": "SetWindowPos",
2427. "address": "0x48f4d4"
2428. },
2429. {
2430. "name": "GetCursorInfo",
2431. "address": "0x48f4d8"
2432. },
2433. {
2434. "name": "RegisterHotKey",
2435. "address": "0x48f4dc"
2436. },
2437. {
2438. "name": "ClientToScreen",
2439. "address": "0x48f4e0"
2440. },
2441. {
2442. "name": "GetKeyboardLayoutNameW",
2443. "address": "0x48f4e4"
2444. },
2445. {
2446. "name": "IsCharAlphaW",
2447. "address": "0x48f4e8"
2448. },
2449. {
2450. "name": "IsCharAlphaNumericW",
2451. "address": "0x48f4ec"
2452. },
2453. {
2454. "name": "IsCharLowerW",
2455. "address": "0x48f4f0"
2456. },
2457. {
2458. "name": "IsCharUpperW",
2459. "address": "0x48f4f4"
2460. },
2461. {
2462. "name": "GetMenuStringW",
2463. "address": "0x48f4f8"
2464. },
2465. {
2466. "name": "GetSubMenu",
2467. "address": "0x48f4fc"
2468. },
2469. {
2470. "name": "GetCaretPos",
2471. "address": "0x48f500"
2472. },
2473. {
2474. "name": "IsZoomed",
2475. "address": "0x48f504"
2476. },
2477. {
2478. "name": "MonitorFromPoint",
2479. "address": "0x48f508"
2480. },
2481. {
2482. "name": "GetMonitorInfoW",
2483. "address": "0x48f50c"
2484. },
2485. {
2486. "name": "SetWindowLongW",
2487. "address": "0x48f510"
2488. },
2489. {
2490. "name": "SetLayeredWindowAttributes",
2491. "address": "0x48f514"
2492. },
2493. {
2494. "name": "FlashWindow",
2495. "address": "0x48f518"
2496. },
2497. {
2498. "name": "GetClassLongW",
2499. "address": "0x48f51c"
2500. },
2501. {
2502. "name": "TranslateAcceleratorW",
2503. "address": "0x48f520"
2504. },
2505. {
2506. "name": "IsDialogMessageW",
2507. "address": "0x48f524"
2508. },
2509. {
2510. "name": "GetSysColor",
2511. "address": "0x48f528"
2512. },
2513. {
2514. "name": "InflateRect",
2515. "address": "0x48f52c"
2516. },
2517. {
2518. "name": "DrawFocusRect",
2519. "address": "0x48f530"
2520. },
2521. {
2522. "name": "DrawTextW",
2523. "address": "0x48f534"
2524. },
2525. {
2526. "name": "FrameRect",
2527. "address": "0x48f538"
2528. },
2529. {
2530. "name": "DrawFrameControl",
2531. "address": "0x48f53c"
2532. },
2533. {
2534. "name": "FillRect",
2535. "address": "0x48f540"
2536. },
2537. {
2538. "name": "PtInRect",
2539. "address": "0x48f544"
2540. },
2541. {
2542. "name": "DestroyAcceleratorTable",
2543. "address": "0x48f548"
2544. },
2545. {
2546. "name": "CreateAcceleratorTableW",
2547. "address": "0x48f54c"
2548. },
2549. {
2550. "name": "SetCursor",
2551. "address": "0x48f550"
2552. },
2553. {
2554. "name": "GetWindowDC",
2555. "address": "0x48f554"
2556. },
2557. {
2558. "name": "GetSystemMetrics",
2559. "address": "0x48f558"
2560. },
2561. {
2562. "name": "GetActiveWindow",
2563. "address": "0x48f55c"
2564. },
2565. {
2566. "name": "CharNextW",
2567. "address": "0x48f560"
2568. },
2569. {
2570. "name": "wsprintfW",
2571. "address": "0x48f564"
2572. },
2573. {
2574. "name": "RedrawWindow",
2575. "address": "0x48f568"
2576. },
2577. {
2578. "name": "DrawMenuBar",
2579. "address": "0x48f56c"
2580. },
2581. {
2582. "name": "DestroyMenu",
2583. "address": "0x48f570"
2584. },
2585. {
2586. "name": "SetMenu",
2587. "address": "0x48f574"
2588. },
2589. {
2590. "name": "GetWindowTextLengthW",
2591. "address": "0x48f578"
2592. },
2593. {
2594. "name": "CreateMenu",
2595. "address": "0x48f57c"
2596. },
2597. {
2598. "name": "IsDlgButtonChecked",
2599. "address": "0x48f580"
2600. },
2601. {
2602. "name": "DefDlgProcW",
2603. "address": "0x48f584"
2604. },
2605. {
2606. "name": "CallWindowProcW",
2607. "address": "0x48f588"
2608. },
2609. {
2610. "name": "ReleaseCapture",
2611. "address": "0x48f58c"
2612. },
2613. {
2614. "name": "SetCapture",
2615. "address": "0x48f590"
2616. },
2617. {
2618. "name": "CreateIconFromResourceEx",
2619. "address": "0x48f594"
2620. },
2621. {
2622. "name": "mouse_event",
2623. "address": "0x48f598"
2624. },
2625. {
2626. "name": "ExitWindowsEx",
2627. "address": "0x48f59c"
2628. },
2629. {
2630. "name": "SetActiveWindow",
2631. "address": "0x48f5a0"
2632. },
2633. {
2634. "name": "FindWindowExW",
2635. "address": "0x48f5a4"
2636. },
2637. {
2638. "name": "EnumThreadWindows",
2639. "address": "0x48f5a8"
2640. },
2641. {
2642. "name": "SetMenuDefaultItem",
2643. "address": "0x48f5ac"
2644. },
2645. {
2646. "name": "InsertMenuItemW",
2647. "address": "0x48f5b0"
2648. },
2649. {
2650. "name": "IsMenu",
2651. "address": "0x48f5b4"
2652. },
2653. {
2654. "name": "TrackPopupMenuEx",
2655. "address": "0x48f5b8"
2656. },
2657. {
2658. "name": "GetCursorPos",
2659. "address": "0x48f5bc"
2660. },
2661. {
2662. "name": "DeleteMenu",
2663. "address": "0x48f5c0"
2664. },
2665. {
2666. "name": "SetRect",
2667. "address": "0x48f5c4"
2668. },
2669. {
2670. "name": "GetMenuItemID",
2671. "address": "0x48f5c8"
2672. },
2673. {
2674. "name": "GetMenuItemCount",
2675. "address": "0x48f5cc"
2676. },
2677. {
2678. "name": "SetMenuItemInfoW",
2679. "address": "0x48f5d0"
2680. },
2681. {
2682. "name": "GetMenuItemInfoW",
2683. "address": "0x48f5d4"
2684. },
2685. {
2686. "name": "SetForegroundWindow",
2687. "address": "0x48f5d8"
2688. },
2689. {
2690. "name": "IsIconic",
2691. "address": "0x48f5dc"
2692. },
2693. {
2694. "name": "FindWindowW",
2695. "address": "0x48f5e0"
2696. },
2697. {
2698. "name": "MonitorFromRect",
2699. "address": "0x48f5e4"
2700. },
2701. {
2702. "name": "keybd_event",
2703. "address": "0x48f5e8"
2704. },
2705. {
2706. "name": "SendInput",
2707. "address": "0x48f5ec"
2708. },
2709. {
2710. "name": "GetAsyncKeyState",
2711. "address": "0x48f5f0"
2712. },
2713. {
2714. "name": "SetKeyboardState",
2715. "address": "0x48f5f4"
2716. },
2717. {
2718. "name": "GetKeyboardState",
2719. "address": "0x48f5f8"
2720. },
2721. {
2722. "name": "GetKeyState",
2723. "address": "0x48f5fc"
2724. },
2725. {
2726. "name": "VkKeyScanW",
2727. "address": "0x48f600"
2728. },
2729. {
2730. "name": "LoadStringW",
2731. "address": "0x48f604"
2732. },
2733. {
2734. "name": "DialogBoxParamW",
2735. "address": "0x48f608"
2736. },
2737. {
2738. "name": "MessageBeep",
2739. "address": "0x48f60c"
2740. },
2741. {
2742. "name": "EndDialog",
2743. "address": "0x48f610"
2744. },
2745. {
2746. "name": "SendDlgItemMessageW",
2747. "address": "0x48f614"
2748. },
2749. {
2750. "name": "GetDlgItem",
2751. "address": "0x48f618"
2752. },
2753. {
2754. "name": "SetWindowTextW",
2755. "address": "0x48f61c"
2756. },
2757. {
2758. "name": "CopyRect",
2759. "address": "0x48f620"
2760. },
2761. {
2762. "name": "ReleaseDC",
2763. "address": "0x48f624"
2764. },
2765. {
2766. "name": "GetDC",
2767. "address": "0x48f628"
2768. },
2769. {
2770. "name": "EndPaint",
2771. "address": "0x48f62c"
2772. },
2773. {
2774. "name": "BeginPaint",
2775. "address": "0x48f630"
2776. },
2777. {
2778. "name": "GetClientRect",
2779. "address": "0x48f634"
2780. },
2781. {
2782. "name": "GetMenu",
2783. "address": "0x48f638"
2784. },
2785. {
2786. "name": "DestroyWindow",
2787. "address": "0x48f63c"
2788. },
2789. {
2790. "name": "EnumWindows",
2791. "address": "0x48f640"
2792. },
2793. {
2794. "name": "GetDesktopWindow",
2795. "address": "0x48f644"
2796. },
2797. {
2798. "name": "IsWindow",
2799. "address": "0x48f648"
2800. },
2801. {
2802. "name": "IsWindowEnabled",
2803. "address": "0x48f64c"
2804. },
2805. {
2806. "name": "IsWindowVisible",
2807. "address": "0x48f650"
2808. },
2809. {
2810. "name": "EnableWindow",
2811. "address": "0x48f654"
2812. },
2813. {
2814. "name": "InvalidateRect",
2815. "address": "0x48f658"
2816. },
2817. {
2818. "name": "GetWindowLongW",
2819. "address": "0x48f65c"
2820. },
2821. {
2822. "name": "GetWindowThreadProcessId",
2823. "address": "0x48f660"
2824. },
2825. {
2826. "name": "AttachThreadInput",
2827. "address": "0x48f664"
2828. },
2829. {
2830. "name": "GetFocus",
2831. "address": "0x48f668"
2832. },
2833. {
2834. "name": "GetWindowTextW",
2835. "address": "0x48f66c"
2836. },
2837. {
2838. "name": "ScreenToClient",
2839. "address": "0x48f670"
2840. },
2841. {
2842. "name": "SendMessageTimeoutW",
2843. "address": "0x48f674"
2844. },
2845. {
2846. "name": "EnumChildWindows",
2847. "address": "0x48f678"
2848. },
2849. {
2850. "name": "CharUpperBuffW",
2851. "address": "0x48f67c"
2852. },
2853. {
2854. "name": "GetParent",
2855. "address": "0x48f680"
2856. },
2857. {
2858. "name": "GetDlgCtrlID",
2859. "address": "0x48f684"
2860. },
2861. {
2862. "name": "SendMessageW",
2863. "address": "0x48f688"
2864. },
2865. {
2866. "name": "MapVirtualKeyW",
2867. "address": "0x48f68c"
2868. },
2869. {
2870. "name": "PostMessageW",
2871. "address": "0x48f690"
2872. },
2873. {
2874. "name": "GetWindowRect",
2875. "address": "0x48f694"
2876. },
2877. {
2878. "name": "SetUserObjectSecurity",
2879. "address": "0x48f698"
2880. },
2881. {
2882. "name": "CloseDesktop",
2883. "address": "0x48f69c"
2884. },
2885. {
2886. "name": "CloseWindowStation",
2887. "address": "0x48f6a0"
2888. },
2889. {
2890. "name": "OpenDesktopW",
2891. "address": "0x48f6a4"
2892. },
2893. {
2894. "name": "SetProcessWindowStation",
2895. "address": "0x48f6a8"
2896. },
2897. {
2898. "name": "GetProcessWindowStation",
2899. "address": "0x48f6ac"
2900. },
2901. {
2902. "name": "OpenWindowStationW",
2903. "address": "0x48f6b0"
2904. },
2905. {
2906. "name": "GetUserObjectSecurity",
2907. "address": "0x48f6b4"
2908. },
2909. {
2910. "name": "MessageBoxW",
2911. "address": "0x48f6b8"
2912. },
2913. {
2914. "name": "DefWindowProcW",
2915. "address": "0x48f6bc"
2916. },
2917. {
2918. "name": "SetClipboardData",
2919. "address": "0x48f6c0"
2920. },
2921. {
2922. "name": "EmptyClipboard",
2923. "address": "0x48f6c4"
2924. },
2925. {
2926. "name": "CountClipboardFormats",
2927. "address": "0x48f6c8"
2928. },
2929. {
2930. "name": "CloseClipboard",
2931. "address": "0x48f6cc"
2932. },
2933. {
2934. "name": "GetClipboardData",
2935. "address": "0x48f6d0"
2936. },
2937. {
2938. "name": "IsClipboardFormatAvailable",
2939. "address": "0x48f6d4"
2940. },
2941. {
2942. "name": "OpenClipboard",
2943. "address": "0x48f6d8"
2944. },
2945. {
2946. "name": "BlockInput",
2947. "address": "0x48f6dc"
2948. },
2949. {
2950. "name": "GetMessageW",
2951. "address": "0x48f6e0"
2952. },
2953. {
2954. "name": "LockWindowUpdate",
2955. "address": "0x48f6e4"
2956. },
2957. {
2958. "name": "DispatchMessageW",
2959. "address": "0x48f6e8"
2960. },
2961. {
2962. "name": "TranslateMessage",
2963. "address": "0x48f6ec"
2964. },
2965. {
2966. "name": "PeekMessageW",
2967. "address": "0x48f6f0"
2968. },
2969. {
2970. "name": "UnregisterHotKey",
2971. "address": "0x48f6f4"
2972. },
2973. {
2974. "name": "CheckMenuRadioItem",
2975. "address": "0x48f6f8"
2976. },
2977. {
2978. "name": "CharLowerBuffW",
2979. "address": "0x48f6fc"
2980. },
2981. {
2982. "name": "MoveWindow",
2983. "address": "0x48f700"
2984. },
2985. {
2986. "name": "SetFocus",
2987. "address": "0x48f704"
2988. },
2989. {
2990. "name": "PostQuitMessage",
2991. "address": "0x48f708"
2992. },
2993. {
2994. "name": "KillTimer",
2995. "address": "0x48f70c"
2996. },
2997. {
2998. "name": "CreatePopupMenu",
2999. "address": "0x48f710"
3000. },
3001. {
3002. "name": "RegisterWindowMessageW",
3003. "address": "0x48f714"
3004. },
3005. {
3006. "name": "SetTimer",
3007. "address": "0x48f718"
3008. },
3009. {
3010. "name": "ShowWindow",
3011. "address": "0x48f71c"
3012. },
3013. {
3014. "name": "CreateWindowExW",
3015. "address": "0x48f720"
3016. },
3017. {
3018. "name": "RegisterClassExW",
3019. "address": "0x48f724"
3020. },
3021. {
3022. "name": "LoadIconW",
3023. "address": "0x48f728"
3024. },
3025. {
3026. "name": "LoadCursorW",
3027. "address": "0x48f72c"
3028. },
3029. {
3030. "name": "GetSysColorBrush",
3031. "address": "0x48f730"
3032. },
3033. {
3034. "name": "GetForegroundWindow",
3035. "address": "0x48f734"
3036. },
3037. {
3038. "name": "MessageBoxA",
3039. "address": "0x48f738"
3040. },
3041. {
3042. "name": "DestroyIcon",
3043. "address": "0x48f73c"
3044. },
3045. {
3046. "name": "SystemParametersInfoW",
3047. "address": "0x48f740"
3048. },
3049. {
3050. "name": "LoadImageW",
3051. "address": "0x48f744"
3052. },
3053. {
3054. "name": "GetClassNameW",
3055. "address": "0x48f748"
3056. }
3057. ],
3058. "dll": "USER32.dll"
3059. },
3060. {
3061. "imports": [
3062. {
3063. "name": "StrokePath",
3064. "address": "0x48f0c4"
3065. },
3066. {
3067. "name": "DeleteObject",
3068. "address": "0x48f0c8"
3069. },
3070. {
3071. "name": "GetTextExtentPoint32W",
3072. "address": "0x48f0cc"
3073. },
3074. {
3075. "name": "ExtCreatePen",
3076. "address": "0x48f0d0"
3077. },
3078. {
3079. "name": "GetDeviceCaps",
3080. "address": "0x48f0d4"
3081. },
3082. {
3083. "name": "EndPath",
3084. "address": "0x48f0d8"
3085. },
3086. {
3087. "name": "SetPixel",
3088. "address": "0x48f0dc"
3089. },
3090. {
3091. "name": "CloseFigure",
3092. "address": "0x48f0e0"
3093. },
3094. {
3095. "name": "CreateCompatibleBitmap",
3096. "address": "0x48f0e4"
3097. },
3098. {
3099. "name": "CreateCompatibleDC",
3100. "address": "0x48f0e8"
3101. },
3102. {
3103. "name": "SelectObject",
3104. "address": "0x48f0ec"
3105. },
3106. {
3107. "name": "StretchBlt",
3108. "address": "0x48f0f0"
3109. },
3110. {
3111. "name": "GetDIBits",
3112. "address": "0x48f0f4"
3113. },
3114. {
3115. "name": "LineTo",
3116. "address": "0x48f0f8"
3117. },
3118. {
3119. "name": "AngleArc",
3120. "address": "0x48f0fc"
3121. },
3122. {
3123. "name": "MoveToEx",
3124. "address": "0x48f100"
3125. },
3126. {
3127. "name": "Ellipse",
3128. "address": "0x48f104"
3129. },
3130. {
3131. "name": "DeleteDC",
3132. "address": "0x48f108"
3133. },
3134. {
3135. "name": "GetPixel",
3136. "address": "0x48f10c"
3137. },
3138. {
3139. "name": "CreateDCW",
3140. "address": "0x48f110"
3141. },
3142. {
3143. "name": "GetStockObject",
3144. "address": "0x48f114"
3145. },
3146. {
3147. "name": "GetTextFaceW",
3148. "address": "0x48f118"
3149. },
3150. {
3151. "name": "CreateFontW",
3152. "address": "0x48f11c"
3153. },
3154. {
3155. "name": "SetTextColor",
3156. "address": "0x48f120"
3157. },
3158. {
3159. "name": "PolyDraw",
3160. "address": "0x48f124"
3161. },
3162. {
3163. "name": "BeginPath",
3164. "address": "0x48f128"
3165. },
3166. {
3167. "name": "Rectangle",
3168. "address": "0x48f12c"
3169. },
3170. {
3171. "name": "SetViewportOrgEx",
3172. "address": "0x48f130"
3173. },
3174. {
3175. "name": "GetObjectW",
3176. "address": "0x48f134"
3177. },
3178. {
3179. "name": "SetBkMode",
3180. "address": "0x48f138"
3181. },
3182. {
3183. "name": "RoundRect",
3184. "address": "0x48f13c"
3185. },
3186. {
3187. "name": "SetBkColor",
3188. "address": "0x48f140"
3189. },
3190. {
3191. "name": "CreatePen",
3192. "address": "0x48f144"
3193. },
3194. {
3195. "name": "CreateSolidBrush",
3196. "address": "0x48f148"
3197. },
3198. {
3199. "name": "StrokeAndFillPath",
3200. "address": "0x48f14c"
3201. }
3202. ],
3203. "dll": "GDI32.dll"
3204. },
3205. {
3206. "imports": [
3207. {
3208. "name": "GetOpenFileNameW",
3209. "address": "0x48f0b8"
3210. },
3211. {
3212. "name": "GetSaveFileNameW",
3213. "address": "0x48f0bc"
3214. }
3215. ],
3216. "dll": "COMDLG32.dll"
3217. },
3218. {
3219. "imports": [
3220. {
3221. "name": "GetAce",
3222. "address": "0x48f000"
3223. },
3224. {
3225. "name": "RegEnumValueW",
3226. "address": "0x48f004"
3227. },
3228. {
3229. "name": "RegDeleteValueW",
3230. "address": "0x48f008"
3231. },
3232. {
3233. "name": "RegDeleteKeyW",
3234. "address": "0x48f00c"
3235. },
3236. {
3237. "name": "RegEnumKeyExW",
3238. "address": "0x48f010"
3239. },
3240. {
3241. "name": "RegSetValueExW",
3242. "address": "0x48f014"
3243. },
3244. {
3245. "name": "RegOpenKeyExW",
3246. "address": "0x48f018"
3247. },
3248. {
3249. "name": "RegCloseKey",
3250. "address": "0x48f01c"
3251. },
3252. {
3253. "name": "RegQueryValueExW",
3254. "address": "0x48f020"
3255. },
3256. {
3257. "name": "RegConnectRegistryW",
3258. "address": "0x48f024"
3259. },
3260. {
3261. "name": "InitializeSecurityDescriptor",
3262. "address": "0x48f028"
3263. },
3264. {
3265. "name": "InitializeAcl",
3266. "address": "0x48f02c"
3267. },
3268. {
3269. "name": "AdjustTokenPrivileges",
3270. "address": "0x48f030"
3271. },
3272. {
3273. "name": "OpenThreadToken",
3274. "address": "0x48f034"
3275. },
3276. {
3277. "name": "OpenProcessToken",
3278. "address": "0x48f038"
3279. },
3280. {
3281. "name": "LookupPrivilegeValueW",
3282. "address": "0x48f03c"
3283. },
3284. {
3285. "name": "DuplicateTokenEx",
3286. "address": "0x48f040"
3287. },
3288. {
3289. "name": "CreateProcessAsUserW",
3290. "address": "0x48f044"
3291. },
3292. {
3293. "name": "CreateProcessWithLogonW",
3294. "address": "0x48f048"
3295. },
3296. {
3297. "name": "GetLengthSid",
3298. "address": "0x48f04c"
3299. },
3300. {
3301. "name": "CopySid",
3302. "address": "0x48f050"
3303. },
3304. {
3305. "name": "LogonUserW",
3306. "address": "0x48f054"
3307. },
3308. {
3309. "name": "AllocateAndInitializeSid",
3310. "address": "0x48f058"
3311. },
3312. {
3313. "name": "CheckTokenMembership",
3314. "address": "0x48f05c"
3315. },
3316. {
3317. "name": "RegCreateKeyExW",
3318. "address": "0x48f060"
3319. },
3320. {
3321. "name": "FreeSid",
3322. "address": "0x48f064"
3323. },
3324. {
3325. "name": "GetTokenInformation",
3326. "address": "0x48f068"
3327. },
3328. {
3329. "name": "GetSecurityDescriptorDacl",
3330. "address": "0x48f06c"
3331. },
3332. {
3333. "name": "GetAclInformation",
3334. "address": "0x48f070"
3335. },
3336. {
3337. "name": "AddAce",
3338. "address": "0x48f074"
3339. },
3340. {
3341. "name": "SetSecurityDescriptorDacl",
3342. "address": "0x48f078"
3343. },
3344. {
3345. "name": "GetUserNameW",
3346. "address": "0x48f07c"
3347. },
3348. {
3349. "name": "InitiateSystemShutdownExW",
3350. "address": "0x48f080"
3351. }
3352. ],
3353. "dll": "ADVAPI32.dll"
3354. },
3355. {
3356. "imports": [
3357. {
3358. "name": "DragQueryPoint",
3359. "address": "0x48f48c"
3360. },
3361. {
3362. "name": "ShellExecuteExW",
3363. "address": "0x48f490"
3364. },
3365. {
3366. "name": "DragQueryFileW",
3367. "address": "0x48f494"
3368. },
3369. {
3370. "name": "SHEmptyRecycleBinW",
3371. "address": "0x48f498"
3372. },
3373. {
3374. "name": "SHGetPathFromIDListW",
3375. "address": "0x48f49c"
3376. },
3377. {
3378. "name": "SHBrowseForFolderW",
3379. "address": "0x48f4a0"
3380. },
3381. {
3382. "name": "SHCreateShellItem",
3383. "address": "0x48f4a4"
3384. },
3385. {
3386. "name": "SHGetDesktopFolder",
3387. "address": "0x48f4a8"
3388. },
3389. {
3390. "name": "SHGetSpecialFolderLocation",
3391. "address": "0x48f4ac"
3392. },
3393. {
3394. "name": "SHGetFolderPathW",
3395. "address": "0x48f4b0"
3396. },
3397. {
3398. "name": "SHFileOperationW",
3399. "address": "0x48f4b4"
3400. },
3401. {
3402. "name": "ExtractIconExW",
3403. "address": "0x48f4b8"
3404. },
3405. {
3406. "name": "Shell_NotifyIconW",
3407. "address": "0x48f4bc"
3408. },
3409. {
3410. "name": "ShellExecuteW",
3411. "address": "0x48f4c0"
3412. },
3413. {
3414. "name": "DragFinish",
3415. "address": "0x48f4c4"
3416. }
3417. ],
3418. "dll": "SHELL32.dll"
3419. },
3420. {
3421. "imports": [
3422. {
3423. "name": "CoTaskMemAlloc",
3424. "address": "0x48f828"
3425. },
3426. {
3427. "name": "CoTaskMemFree",
3428. "address": "0x48f82c"
3429. },
3430. {
3431. "name": "CLSIDFromString",
3432. "address": "0x48f830"
3433. },
3434. {
3435. "name": "ProgIDFromCLSID",
3436. "address": "0x48f834"
3437. },
3438. {
3439. "name": "CLSIDFromProgID",
3440. "address": "0x48f838"
3441. },
3442. {
3443. "name": "OleSetMenuDescriptor",
3444. "address": "0x48f83c"
3445. },
3446. {
3447. "name": "MkParseDisplayName",
3448. "address": "0x48f840"
3449. },
3450. {
3451. "name": "OleSetContainedObject",
3452. "address": "0x48f844"
3453. },
3454. {
3455. "name": "CoCreateInstance",
3456. "address": "0x48f848"
3457. },
3458. {
3459. "name": "IIDFromString",
3460. "address": "0x48f84c"
3461. },
3462. {
3463. "name": "StringFromGUID2",
3464. "address": "0x48f850"
3465. },
3466. {
3467. "name": "CreateStreamOnHGlobal",
3468. "address": "0x48f854"
3469. },
3470. {
3471. "name": "OleInitialize",
3472. "address": "0x48f858"
3473. },
3474. {
3475. "name": "OleUninitialize",
3476. "address": "0x48f85c"
3477. },
3478. {
3479. "name": "CoInitialize",
3480. "address": "0x48f860"
3481. },
3482. {
3483. "name": "CoUninitialize",
3484. "address": "0x48f864"
3485. },
3486. {
3487. "name": "GetRunningObjectTable",
3488. "address": "0x48f868"
3489. },
3490. {
3491. "name": "CoGetInstanceFromFile",
3492. "address": "0x48f86c"
3493. },
3494. {
3495. "name": "CoGetObject",
3496. "address": "0x48f870"
3497. },
3498. {
3499. "name": "CoSetProxyBlanket",
3500. "address": "0x48f874"
3501. },
3502. {
3503. "name": "CoCreateInstanceEx",
3504. "address": "0x48f878"
3505. },
3506. {
3507. "name": "CoInitializeSecurity",
3508. "address": "0x48f87c"
3509. }
3510. ],
3511. "dll": "ole32.dll"
3512. },
3513. {
3514. "imports": [
3515. {
3516. "name": "LoadTypeLibEx",
3517. "address": "0x48f40c"
3518. },
3519. {
3520. "name": "VariantCopyInd",
3521. "address": "0x48f410"
3522. },
3523. {
3524. "name": "SysReAllocString",
3525. "address": "0x48f414"
3526. },
3527. {
3528. "name": "SysFreeString",
3529. "address": "0x48f418"
3530. },
3531. {
3532. "name": "SafeArrayDestroyDescriptor",
3533. "address": "0x48f41c"
3534. },
3535. {
3536. "name": "SafeArrayDestroyData",
3537. "address": "0x48f420"
3538. },
3539. {
3540. "name": "SafeArrayUnaccessData",
3541. "address": "0x48f424"
3542. },
3543. {
3544. "name": "SafeArrayAccessData",
3545. "address": "0x48f428"
3546. },
3547. {
3548. "name": "SafeArrayAllocData",
3549. "address": "0x48f42c"
3550. },
3551. {
3552. "name": "SafeArrayAllocDescriptorEx",
3553. "address": "0x48f430"
3554. },
3555. {
3556. "name": "SafeArrayCreateVector",
3557. "address": "0x48f434"
3558. },
3559. {
3560. "name": "RegisterTypeLib",
3561. "address": "0x48f438"
3562. },
3563. {
3564. "name": "CreateStdDispatch",
3565. "address": "0x48f43c"
3566. },
3567. {
3568. "name": "DispCallFunc",
3569. "address": "0x48f440"
3570. },
3571. {
3572. "name": "VariantChangeType",
3573. "address": "0x48f444"
3574. },
3575. {
3576. "name": "SysStringLen",
3577. "address": "0x48f448"
3578. },
3579. {
3580. "name": "VariantTimeToSystemTime",
3581. "address": "0x48f44c"
3582. },
3583. {
3584. "name": "VarR8FromDec",
3585. "address": "0x48f450"
3586. },
3587. {
3588. "name": "SafeArrayGetVartype",
3589. "address": "0x48f454"
3590. },
3591. {
3592. "name": "VariantCopy",
3593. "address": "0x48f458"
3594. },
3595. {
3596. "name": "VariantClear",
3597. "address": "0x48f45c"
3598. },
3599. {
3600. "name": "OleLoadPicture",
3601. "address": "0x48f460"
3602. },
3603. {
3604. "name": "QueryPathOfRegTypeLib",
3605. "address": "0x48f464"
3606. },
3607. {
3608. "name": "RegisterTypeLibForUser",
3609. "address": "0x48f468"
3610. },
3611. {
3612. "name": "UnRegisterTypeLibForUser",
3613. "address": "0x48f46c"
3614. },
3615. {
3616. "name": "UnRegisterTypeLib",
3617. "address": "0x48f470"
3618. },
3619. {
3620. "name": "CreateDispTypeInfo",
3621. "address": "0x48f474"
3622. },
3623. {
3624. "name": "SysAllocString",
3625. "address": "0x48f478"
3626. },
3627. {
3628. "name": "VariantInit",
3629. "address": "0x48f47c"
3630. }
3631. ],
3632. "dll": "OLEAUT32.dll"
3633. }
3634. ],
3635. "digital_signers": null,
3636. "exported_dll_name": null,
3637. "actual_checksum": "0x0014ffb4",
3638. "overlay": null,
3639. "imagebase": "0x00400000",
3640. "reported_checksum": "0x0014b672",
3641. "icon_hash": null,
3642. "entrypoint": "0x0042800a",
3643. "timestamp": "2019-06-17 14:52:01",
3644. "osversion": "5.1",
3645. "sections": [
3646. {
3647. "name": ".text",
3648. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
3649. "virtual_address": "0x00001000",
3650. "size_of_data": "0x0008e000",
3651. "entropy": "6.68",
3652. "raw_address": "0x00000400",
3653. "virtual_size": "0x0008dfdd",
3654. "characteristics_raw": "0x60000020"
3655. },
3656. {
3657. "name": ".rdata",
3658. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
3659. "virtual_address": "0x0008f000",
3660. "size_of_data": "0x0002fe00",
3661. "entropy": "5.76",
3662. "raw_address": "0x0008e400",
3663. "virtual_size": "0x0002fd8e",
3664. "characteristics_raw": "0x40000040"
3665. },
3666. {
3667. "name": ".data",
3668. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3669. "virtual_address": "0x000bf000",
3670. "size_of_data": "0x00005200",
3671. "entropy": "1.20",
3672. "raw_address": "0x000be200",
3673. "virtual_size": "0x00008f74",
3674. "characteristics_raw": "0xc0000040"
3675. },
3676. {
3677. "name": ".rsrc",
3678. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
3679. "virtual_address": "0x000c8000",
3680. "size_of_data": "0x00082200",
3681. "entropy": "7.92",
3682. "raw_address": "0x000c3400",
3683. "virtual_size": "0x00082118",
3684. "characteristics_raw": "0x40000040"
3685. },
3686. {
3687. "name": ".reloc",
3688. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
3689. "virtual_address": "0x0014b000",
3690. "size_of_data": "0x00007200",
3691. "entropy": "6.78",
3692. "raw_address": "0x00145600",
3693. "virtual_size": "0x00007134",
3694. "characteristics_raw": "0x42000040"
3695. }
3696. ],
3697. "resources": [],
3698. "dirents": [
3699. {
3700. "virtual_address": "0x00000000",
3701. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
3702. "size": "0x00000000"
3703. },
3704. {
3705. "virtual_address": "0x000bc0cc",
3706. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
3707. "size": "0x0000017c"
3708. },
3709. {
3710. "virtual_address": "0x000c8000",
3711. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
3712. "size": "0x00082118"
3713. },
3714. {
3715. "virtual_address": "0x00000000",
3716. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
3717. "size": "0x00000000"
3718. },
3719. {
3720. "virtual_address": "0x00000000",
3721. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
3722. "size": "0x00000000"
3723. },
3724. {
3725. "virtual_address": "0x0014b000",
3726. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
3727. "size": "0x00007134"
3728. },
3729. {
3730. "virtual_address": "0x00092bc0",
3731. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
3732. "size": "0x0000001c"
3733. },
3734. {
3735. "virtual_address": "0x00000000",
3736. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
3737. "size": "0x00000000"
3738. },
3739. {
3740. "virtual_address": "0x00000000",
3741. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
3742. "size": "0x00000000"
3743. },
3744. {
3745. "virtual_address": "0x00000000",
3746. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
3747. "size": "0x00000000"
3748. },
3749. {
3750. "virtual_address": "0x000a4b50",
3751. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
3752. "size": "0x00000040"
3753. },
3754. {
3755. "virtual_address": "0x00000000",
3756. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
3757. "size": "0x00000000"
3758. },
3759. {
3760. "virtual_address": "0x0008f000",
3761. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
3762. "size": "0x00000884"
3763. },
3764. {
3765. "virtual_address": "0x00000000",
3766. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
3767. "size": "0x00000000"
3768. },
3769. {
3770. "virtual_address": "0x00000000",
3771. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
3772. "size": "0x00000000"
3773. },
3774. {
3775. "virtual_address": "0x00000000",
3776. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
3777. "size": "0x00000000"
3778. }
3779. ],
3780. "exports": [],
3781. "guest_signers": {},
3782. "imphash": "afcdf79be1557326c854b6e20cb900a7",
3783. "icon_fuzzy": null,
3784. "icon": null,
3785. "pdbpath": null,
3786. "imported_dll_count": 18,
3787. "versioninfo": []
3788. }
3789. }
3790.  
3791. [*] Resolved APIs: [
3792. "kernel32.dll.FlsAlloc",
3793. "kernel32.dll.FlsFree",
3794. "kernel32.dll.FlsGetValue",
3795. "kernel32.dll.FlsSetValue",
3796. "kernel32.dll.InitializeCriticalSectionEx",
3797. "kernel32.dll.CreateEventExW",
3798. "kernel32.dll.CreateSemaphoreExW",
3799. "kernel32.dll.SetThreadStackGuarantee",
3800. "kernel32.dll.CreateThreadpoolTimer",
3801. "kernel32.dll.SetThreadpoolTimer",
3802. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
3803. "kernel32.dll.CloseThreadpoolTimer",
3804. "kernel32.dll.CreateThreadpoolWait",
3805. "kernel32.dll.SetThreadpoolWait",
3806. "kernel32.dll.CloseThreadpoolWait",
3807. "kernel32.dll.FlushProcessWriteBuffers",
3808. "kernel32.dll.FreeLibraryWhenCallbackReturns",
3809. "kernel32.dll.GetCurrentProcessorNumber",
3810. "kernel32.dll.GetLogicalProcessorInformation",
3811. "kernel32.dll.CreateSymbolicLinkW",
3812. "kernel32.dll.EnumSystemLocalesEx",
3813. "kernel32.dll.CompareStringEx",
3814. "kernel32.dll.GetDateFormatEx",
3815. "kernel32.dll.GetLocaleInfoEx",
3816. "kernel32.dll.GetTimeFormatEx",
3817. "kernel32.dll.GetUserDefaultLocaleName",
3818. "kernel32.dll.IsValidLocaleName",
3819. "kernel32.dll.LCMapStringEx",
3820. "kernel32.dll.GetTickCount64",
3821. "kernel32.dll.GetNativeSystemInfo",
3822. "cryptbase.dll.SystemFunction036",
3823. "uxtheme.dll.ThemeInitApiHook",
3824. "user32.dll.IsProcessDPIAware",
3825. "kernel32.dll.Wow64DisableWow64FsRedirection",
3826. "kernel32.dll.Wow64RevertWow64FsRedirection",
3827. "dwmapi.dll.DwmIsCompositionEnabled",
3828. "comctl32.dll.RegisterClassNameW",
3829. "kernel32.dll.SortGetHandle",
3830. "kernel32.dll.SortCloseHandle",
3831. "uxtheme.dll.OpenThemeData",
3832. "uxtheme.dll.GetThemeBool",
3833. "imm32.dll.ImmGetContext",
3834. "imm32.dll.ImmReleaseContext",
3835. "imm32.dll.ImmAssociateContext",
3836. "imm32.dll.ImmIsIME",
3837. "comctl32.dll.HIMAGELIST_QueryInterface",
3838. "comctl32.dll.DrawShadowText",
3839. "comctl32.dll.DrawSizeBox",
3840. "comctl32.dll.DrawScrollBar",
3841. "comctl32.dll.SizeBoxHwnd",
3842. "comctl32.dll.ScrollBar_MouseMove",
3843. "comctl32.dll.ScrollBar_Menu",
3844. "comctl32.dll.HandleScrollCmd",
3845. "comctl32.dll.DetachScrollBars",
3846. "comctl32.dll.AttachScrollBars",
3847. "comctl32.dll.CCSetScrollInfo",
3848. "comctl32.dll.CCGetScrollInfo",
3849. "comctl32.dll.CCEnableScrollBar",
3850. "comctl32.dll.QuerySystemGestureStatus",
3851. "uxtheme.dll.#49",
3852. "shell32.dll.#66",
3853. "ole32.dll.CoTaskMemFree",
3854. "kernel32.dll.GetVersionExW",
3855. "kernel32.dll.FindResourceW",
3856. "kernel32.dll.SizeofResource",
3857. "kernel32.dll.LoadResource",
3858. "kernel32.dll.LockResource",
3859. "crypt32.dll.CryptStringToBinaryA",
3860. "kernel32.dll.VirtualAlloc",
3861. "advapi32.dll.CryptAcquireContextW",
3862. "advapi32.dll.CryptCreateHash",
3863. "advapi32.dll.CryptDecrypt",
3864. "advapi32.dll.CryptDeriveKey",
3865. "advapi32.dll.CryptDestroyHash",
3866. "advapi32.dll.CryptDestroyKey",
3867. "advapi32.dll.CryptHashData",
3868. "advapi32.dll.CryptReleaseContext",
3869. "user32.dll.MessageBoxA",
3870. "ole32.dll.CoInitializeEx",
3871. "ole32.dll.CoCreateInstance",
3872. "kernel32.dll.CreateMutexW",
3873. "apphelp.dll.ApphelpCheckRunAppEx",
3874. "apphelp.dll.ApphelpQueryModuleDataEx",
3875. "apphelp.dll.ApphelpParseModuleData",
3876. "apphelp.dll.ApphelpCreateAppcompatData",
3877. "apphelp.dll.SdbInitDatabaseEx",
3878. "apphelp.dll.SdbReleaseDatabase",
3879. "apphelp.dll.SdbUnpackAppCompatData",
3880. "apphelp.dll.SdbQueryContext",
3881. "kernel32.dll.VirtualFree",
3882. "kernel32.dll.GetProcessId",
3883. "advapi32.dll.InitializeSecurityDescriptor",
3884. "advapi32.dll.InitializeAcl",
3885. "advapi32.dll.SetSecurityDescriptorDacl",
3886. "advapi32.dll.SetKernelObjectSecurity",
3887. "uxtheme.dll.CloseThemeData",
3888. "oleaut32.dll.#500",
3889. "kernel32.dll.CreateFileA",
3890. "kernel32.dll.ReadFile",
3891. "kernel32.dll.CloseHandle",
3892. "kernel32.dll.WriteFile",
3893. "kernel32.dll.lstrlenA",
3894. "kernel32.dll.GlobalLock",
3895. "kernel32.dll.GlobalUnlock",
3896. "kernel32.dll.LocalFree",
3897. "kernel32.dll.LocalAlloc",
3898. "kernel32.dll.GetTickCount",
3899. "kernel32.dll.lstrcpyA",
3900. "kernel32.dll.lstrcatA",
3901. "kernel32.dll.GetFileAttributesA",
3902. "kernel32.dll.ExpandEnvironmentStringsA",
3903. "kernel32.dll.GetFileSize",
3904. "kernel32.dll.CreateFileMappingA",
3905. "kernel32.dll.MapViewOfFile",
3906. "kernel32.dll.UnmapViewOfFile",
3907. "kernel32.dll.LoadLibraryA",
3908. "kernel32.dll.GetProcAddress",
3909. "kernel32.dll.GetTempPathA",
3910. "kernel32.dll.CreateDirectoryA",
3911. "kernel32.dll.DeleteFileA",
3912. "kernel32.dll.GetCurrentProcess",
3913. "kernel32.dll.WideCharToMultiByte",
3914. "kernel32.dll.GetLastError",
3915. "kernel32.dll.lstrcmpA",
3916. "kernel32.dll.CreateToolhelp32Snapshot",
3917. "kernel32.dll.Process32First",
3918. "kernel32.dll.OpenProcess",
3919. "kernel32.dll.Process32Next",
3920. "kernel32.dll.FindFirstFileA",
3921. "kernel32.dll.lstrcmpiA",
3922. "kernel32.dll.FindNextFileA",
3923. "kernel32.dll.FindClose",
3924. "kernel32.dll.GetModuleHandleA",
3925. "kernel32.dll.GetVersionExA",
3926. "kernel32.dll.GetLocaleInfoA",
3927. "kernel32.dll.GetSystemInfo",
3928. "kernel32.dll.GetWindowsDirectoryA",
3929. "kernel32.dll.GetPrivateProfileStringA",
3930. "kernel32.dll.SetCurrentDirectoryA",
3931. "kernel32.dll.GetPrivateProfileSectionNamesA",
3932. "kernel32.dll.GetPrivateProfileIntA",
3933. "kernel32.dll.GetCurrentDirectoryA",
3934. "kernel32.dll.lstrlenW",
3935. "kernel32.dll.MultiByteToWideChar",
3936. "kernel32.dll.Sleep",
3937. "kernel32.dll.GetModuleFileNameA",
3938. "kernel32.dll.LCMapStringA",
3939. "kernel32.dll.ExitProcess",
3940. "kernel32.dll.SetUnhandledExceptionFilter",
3941. "advapi32.dll.RegOpenKeyExA",
3942. "advapi32.dll.RegQueryValueExA",
3943. "advapi32.dll.RegCloseKey",
3944. "advapi32.dll.RegOpenKeyA",
3945. "advapi32.dll.RegEnumKeyExA",
3946. "advapi32.dll.RegCreateKeyA",
3947. "advapi32.dll.RegSetValueExA",
3948. "advapi32.dll.IsTextUnicode",
3949. "advapi32.dll.RegOpenCurrentUser",
3950. "advapi32.dll.RegEnumValueA",
3951. "advapi32.dll.GetUserNameA",
3952. "ole32.dll.CreateStreamOnHGlobal",
3953. "ole32.dll.GetHGlobalFromStream",
3954. "ole32.dll.CoCreateGuid",
3955. "ole32.dll.OleInitialize",
3956. "shlwapi.dll.StrStrIA",
3957. "shlwapi.dll.StrRChrIA",
3958. "shlwapi.dll.StrToIntA",
3959. "shlwapi.dll.StrStrA",
3960. "shlwapi.dll.StrCmpNIA",
3961. "shlwapi.dll.StrStrIW",
3962. "user32.dll.wsprintfA",
3963. "userenv.dll.LoadUserProfileA",
3964. "userenv.dll.UnloadUserProfile",
3965. "wininet.dll.InternetCrackUrlA",
3966. "wininet.dll.InternetCreateUrlA",
3967. "wsock32.dll.inet_addr",
3968. "wsock32.dll.gethostbyname",
3969. "wsock32.dll.socket",
3970. "wsock32.dll.connect",
3971. "wsock32.dll.closesocket",
3972. "wsock32.dll.send",
3973. "wsock32.dll.select",
3974. "wsock32.dll.recv",
3975. "wsock32.dll.setsockopt",
3976. "wsock32.dll.WSAStartup",
3977. "ole32.dll.StgOpenStorage",
3978. "crypt32.dll.CryptUnprotectData",
3979. "crypt32.dll.CertOpenSystemStoreA",
3980. "crypt32.dll.CertEnumCertificatesInStore",
3981. "crypt32.dll.CertCloseStore",
3982. "crypt32.dll.CryptAcquireCertificatePrivateKey",
3983. "advapi32.dll.AllocateAndInitializeSid",
3984. "advapi32.dll.CheckTokenMembership",
3985. "advapi32.dll.FreeSid",
3986. "advapi32.dll.CredEnumerateA",
3987. "advapi32.dll.CredFree",
3988. "advapi32.dll.CryptGetUserKey",
3989. "advapi32.dll.CryptExportKey",
3990. "advapi32.dll.RevertToSelf",
3991. "advapi32.dll.OpenProcessToken",
3992. "advapi32.dll.ImpersonateLoggedOnUser",
3993. "advapi32.dll.GetTokenInformation",
3994. "advapi32.dll.ConvertSidToStringSidA",
3995. "advapi32.dll.LogonUserA",
3996. "advapi32.dll.LookupPrivilegeValueA",
3997. "advapi32.dll.AdjustTokenPrivileges",
3998. "shell32.dll.SHGetFolderPathA",
3999. "netapi32.dll.NetApiBufferFree",
4000. "netapi32.dll.NetUserEnum",
4001. "kernel32.dll.WTSGetActiveConsoleSessionId",
4002. "kernel32.dll.ProcessIdToSessionId",
4003. "msi.dll.MsiGetComponentPathA",
4004. "pstorec.dll.PStoreCreateInstance",
4005. "kernel32.dll.IsWow64Process",
4006. "mlang.dll.#112",
4007. "wininet.dll.FindFirstUrlCacheEntryA",
4008. "kernel32.dll.SetFileInformationByHandle",
4009. "shell32.dll.SHGetFolderPathW",
4010. "urlmon.dll.CreateUri",
4011. "kernel32.dll.InitializeSRWLock",
4012. "kernel32.dll.AcquireSRWLockExclusive",
4013. "kernel32.dll.AcquireSRWLockShared",
4014. "kernel32.dll.ReleaseSRWLockExclusive",
4015. "kernel32.dll.ReleaseSRWLockShared",
4016. "wininet.dll.FindNextUrlCacheEntryA",
4017. "urlmon.dll.CreateIUriBuilder",
4018. "urlmon.dll.IntlPercentEncodeNormalize",
4019. "wininet.dll.FindCloseUrlCache",
4020. "userenv.dll.GetUserProfileDirectoryW",
4021. "sechost.dll.ConvertSidToStringSidW",
4022. "samlib.dll.SamConnect",
4023. "rpcrt4.dll.NdrClientCall2",
4024. "rpcrt4.dll.RpcStringBindingComposeW",
4025. "rpcrt4.dll.RpcBindingFromStringBindingW",
4026. "rpcrt4.dll.RpcStringFreeW",
4027. "rpcrt4.dll.RpcBindingFree",
4028. "samlib.dll.SamGetCompatibilityMode",
4029. "samlib.dll.SamOpenDomain",
4030. "samlib.dll.SamEnumerateDomainsInSamServer",
4031. "samlib.dll.SamLookupDomainInSamServer",
4032. "samlib.dll.SamFreeMemory",
4033. "samlib.dll.SamEnumerateUsersInDomain",
4034. "samlib.dll.SamOpenUser",
4035. "samlib.dll.SamQueryInformationUser",
4036. "samlib.dll.SamQuerySecurityObject",
4037. "samlib.dll.SamGetGroupsForUser",
4038. "samlib.dll.SamRidToSid",
4039. "samlib.dll.SamGetAliasMembership",
4040. "samlib.dll.SamCloseHandle",
4041. "sspicli.dll.LogonUserExExW",
4042. "shell32.dll.ShellExecuteA",
4043. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
4044. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
4045. "advapi32.dll.UnregisterTraceGuids",
4046. "comctl32.dll.#321",
4047. "kernel32.dll.SetThreadUILanguage",
4048. "kernel32.dll.CopyFileExW",
4049. "kernel32.dll.IsDebuggerPresent",
4050. "kernel32.dll.SetConsoleInputExeNameW",
4051. "advapi32.dll.SaferIdentifyLevel",
4052. "advapi32.dll.SaferComputeTokenFromLevel",
4053. "advapi32.dll.SaferCloseLevel"
4054. ]
4055.  
4056. [*] Static Analysis: {
4057. "pe": {
4058. "peid_signatures": null,
4059. "imports": [
4060. {
4061. "imports": [
4062. {
4063. "name": "WSACleanup",
4064. "address": "0x48f7c8"
4065. },
4066. {
4067. "name": "socket",
4068. "address": "0x48f7cc"
4069. },
4070. {
4071. "name": "inet_ntoa",
4072. "address": "0x48f7d0"
4073. },
4074. {
4075. "name": "setsockopt",
4076. "address": "0x48f7d4"
4077. },
4078. {
4079. "name": "ntohs",
4080. "address": "0x48f7d8"
4081. },
4082. {
4083. "name": "recvfrom",
4084. "address": "0x48f7dc"
4085. },
4086. {
4087. "name": "ioctlsocket",
4088. "address": "0x48f7e0"
4089. },
4090. {
4091. "name": "htons",
4092. "address": "0x48f7e4"
4093. },
4094. {
4095. "name": "WSAStartup",
4096. "address": "0x48f7e8"
4097. },
4098. {
4099. "name": "__WSAFDIsSet",
4100. "address": "0x48f7ec"
4101. },
4102. {
4103. "name": "select",
4104. "address": "0x48f7f0"
4105. },
4106. {
4107. "name": "accept",
4108. "address": "0x48f7f4"
4109. },
4110. {
4111. "name": "listen",
4112. "address": "0x48f7f8"
4113. },
4114. {
4115. "name": "bind",
4116. "address": "0x48f7fc"
4117. },
4118. {
4119. "name": "closesocket",
4120. "address": "0x48f800"
4121. },
4122. {
4123. "name": "WSAGetLastError",
4124. "address": "0x48f804"
4125. },
4126. {
4127. "name": "recv",
4128. "address": "0x48f808"
4129. },
4130. {
4131. "name": "sendto",
4132. "address": "0x48f80c"
4133. },
4134. {
4135. "name": "send",
4136. "address": "0x48f810"
4137. },
4138. {
4139. "name": "inet_addr",
4140. "address": "0x48f814"
4141. },
4142. {
4143. "name": "gethostbyname",
4144. "address": "0x48f818"
4145. },
4146. {
4147. "name": "gethostname",
4148. "address": "0x48f81c"
4149. },
4150. {
4151. "name": "connect",
4152. "address": "0x48f820"
4153. }
4154. ],
4155. "dll": "WSOCK32.dll"
4156. },
4157. {
4158. "imports": [
4159. {
4160. "name": "GetFileVersionInfoW",
4161. "address": "0x48f76c"
4162. },
4163. {
4164. "name": "GetFileVersionInfoSizeW",
4165. "address": "0x48f770"
4166. },
4167. {
4168. "name": "VerQueryValueW",
4169. "address": "0x48f774"
4170. }
4171. ],
4172. "dll": "VERSION.dll"
4173. },
4174. {
4175. "imports": [
4176. {
4177. "name": "timeGetTime",
4178. "address": "0x48f7b8"
4179. },
4180. {
4181. "name": "waveOutSetVolume",
4182. "address": "0x48f7bc"
4183. },
4184. {
4185. "name": "mciSendStringW",
4186. "address": "0x48f7c0"
4187. }
4188. ],
4189. "dll": "WINMM.dll"
4190. },
4191. {
4192. "imports": [
4193. {
4194. "name": "ImageList_ReplaceIcon",
4195. "address": "0x48f088"
4196. },
4197. {
4198. "name": "ImageList_Destroy",
4199. "address": "0x48f08c"
4200. },
4201. {
4202. "name": "ImageList_Remove",
4203. "address": "0x48f090"
4204. },
4205. {
4206. "name": "ImageList_SetDragCursorImage",
4207. "address": "0x48f094"
4208. },
4209. {
4210. "name": "ImageList_BeginDrag",
4211. "address": "0x48f098"
4212. },
4213. {
4214. "name": "ImageList_DragEnter",
4215. "address": "0x48f09c"
4216. },
4217. {
4218. "name": "ImageList_DragLeave",
4219. "address": "0x48f0a0"
4220. },
4221. {
4222. "name": "ImageList_EndDrag",
4223. "address": "0x48f0a4"
4224. },
4225. {
4226. "name": "ImageList_DragMove",
4227. "address": "0x48f0a8"
4228. },
4229. {
4230. "name": "InitCommonControlsEx",
4231. "address": "0x48f0ac"
4232. },
4233. {
4234. "name": "ImageList_Create",
4235. "address": "0x48f0b0"
4236. }
4237. ],
4238. "dll": "COMCTL32.dll"
4239. },
4240. {
4241. "imports": [
4242. {
4243. "name": "WNetUseConnectionW",
4244. "address": "0x48f3f8"
4245. },
4246. {
4247. "name": "WNetCancelConnection2W",
4248. "address": "0x48f3fc"
4249. },
4250. {
4251. "name": "WNetGetConnectionW",
4252. "address": "0x48f400"
4253. },
4254. {
4255. "name": "WNetAddConnection2W",
4256. "address": "0x48f404"
4257. }
4258. ],
4259. "dll": "MPR.dll"
4260. },
4261. {
4262. "imports": [
4263. {
4264. "name": "InternetQueryDataAvailable",
4265. "address": "0x48f77c"
4266. },
4267. {
4268. "name": "InternetCloseHandle",
4269. "address": "0x48f780"
4270. },
4271. {
4272. "name": "InternetOpenW",
4273. "address": "0x48f784"
4274. },
4275. {
4276. "name": "InternetSetOptionW",
4277. "address": "0x48f788"
4278. },
4279. {
4280. "name": "InternetCrackUrlW",
4281. "address": "0x48f78c"
4282. },
4283. {
4284. "name": "HttpQueryInfoW",
4285. "address": "0x48f790"
4286. },
4287. {
4288. "name": "InternetQueryOptionW",
4289. "address": "0x48f794"
4290. },
4291. {
4292. "name": "HttpOpenRequestW",
4293. "address": "0x48f798"
4294. },
4295. {
4296. "name": "HttpSendRequestW",
4297. "address": "0x48f79c"
4298. },
4299. {
4300. "name": "FtpOpenFileW",
4301. "address": "0x48f7a0"
4302. },
4303. {
4304. "name": "FtpGetFileSize",
4305. "address": "0x48f7a4"
4306. },
4307. {
4308. "name": "InternetOpenUrlW",
4309. "address": "0x48f7a8"
4310. },
4311. {
4312. "name": "InternetReadFile",
4313. "address": "0x48f7ac"
4314. },
4315. {
4316. "name": "InternetConnectW",
4317. "address": "0x48f7b0"
4318. }
4319. ],
4320. "dll": "WININET.dll"
4321. },
4322. {
4323. "imports": [
4324. {
4325. "name": "GetProcessMemoryInfo",
4326. "address": "0x48f484"
4327. }
4328. ],
4329. "dll": "PSAPI.DLL"
4330. },
4331. {
4332. "imports": [
4333. {
4334. "name": "IcmpCreateFile",
4335. "address": "0x48f154"
4336. },
4337. {
4338. "name": "IcmpCloseHandle",
4339. "address": "0x48f158"
4340. },
4341. {
4342. "name": "IcmpSendEcho",
4343. "address": "0x48f15c"
4344. }
4345. ],
4346. "dll": "IPHLPAPI.DLL"
4347. },
4348. {
4349. "imports": [
4350. {
4351. "name": "DestroyEnvironmentBlock",
4352. "address": "0x48f750"
4353. },
4354. {
4355. "name": "UnloadUserProfile",
4356. "address": "0x48f754"
4357. },
4358. {
4359. "name": "CreateEnvironmentBlock",
4360. "address": "0x48f758"
4361. },
4362. {
4363. "name": "LoadUserProfileW",
4364. "address": "0x48f75c"
4365. }
4366. ],
4367. "dll": "USERENV.dll"
4368. },
4369. {
4370. "imports": [
4371. {
4372. "name": "IsThemeActive",
4373. "address": "0x48f764"
4374. }
4375. ],
4376. "dll": "UxTheme.dll"
4377. },
4378. {
4379. "imports": [
4380. {
4381. "name": "DuplicateHandle",
4382. "address": "0x48f164"
4383. },
4384. {
4385. "name": "CreateThread",
4386. "address": "0x48f168"
4387. },
4388. {
4389. "name": "WaitForSingleObject",
4390. "address": "0x48f16c"
4391. },
4392. {
4393. "name": "HeapAlloc",
4394. "address": "0x48f170"
4395. },
4396. {
4397. "name": "GetProcessHeap",
4398. "address": "0x48f174"
4399. },
4400. {
4401. "name": "HeapFree",
4402. "address": "0x48f178"
4403. },
4404. {
4405. "name": "Sleep",
4406. "address": "0x48f17c"
4407. },
4408. {
4409. "name": "GetCurrentThreadId",
4410. "address": "0x48f180"
4411. },
4412. {
4413. "name": "MultiByteToWideChar",
4414. "address": "0x48f184"
4415. },
4416. {
4417. "name": "MulDiv",
4418. "address": "0x48f188"
4419. },
4420. {
4421. "name": "GetVersionExW",
4422. "address": "0x48f18c"
4423. },
4424. {
4425. "name": "IsWow64Process",
4426. "address": "0x48f190"
4427. },
4428. {
4429. "name": "GetSystemInfo",
4430. "address": "0x48f194"
4431. },
4432. {
4433. "name": "FreeLibrary",
4434. "address": "0x48f198"
4435. },
4436. {
4437. "name": "LoadLibraryA",
4438. "address": "0x48f19c"
4439. },
4440. {
4441. "name": "GetProcAddress",
4442. "address": "0x48f1a0"
4443. },
4444. {
4445. "name": "SetErrorMode",
4446. "address": "0x48f1a4"
4447. },
4448. {
4449. "name": "GetModuleFileNameW",
4450. "address": "0x48f1a8"
4451. },
4452. {
4453. "name": "WideCharToMultiByte",
4454. "address": "0x48f1ac"
4455. },
4456. {
4457. "name": "lstrcpyW",
4458. "address": "0x48f1b0"
4459. },
4460. {
4461. "name": "lstrlenW",
4462. "address": "0x48f1b4"
4463. },
4464. {
4465. "name": "GetModuleHandleW",
4466. "address": "0x48f1b8"
4467. },
4468. {
4469. "name": "QueryPerformanceCounter",
4470. "address": "0x48f1bc"
4471. },
4472. {
4473. "name": "VirtualFreeEx",
4474. "address": "0x48f1c0"
4475. },
4476. {
4477. "name": "OpenProcess",
4478. "address": "0x48f1c4"
4479. },
4480. {
4481. "name": "VirtualAllocEx",
4482. "address": "0x48f1c8"
4483. },
4484. {
4485. "name": "WriteProcessMemory",
4486. "address": "0x48f1cc"
4487. },
4488. {
4489. "name": "ReadProcessMemory",
4490. "address": "0x48f1d0"
4491. },
4492. {
4493. "name": "CreateFileW",
4494. "address": "0x48f1d4"
4495. },
4496. {
4497. "name": "SetFilePointerEx",
4498. "address": "0x48f1d8"
4499. },
4500. {
4501. "name": "SetEndOfFile",
4502. "address": "0x48f1dc"
4503. },
4504. {
4505. "name": "ReadFile",
4506. "address": "0x48f1e0"
4507. },
4508. {
4509. "name": "WriteFile",
4510. "address": "0x48f1e4"
4511. },
4512. {
4513. "name": "FlushFileBuffers",
4514. "address": "0x48f1e8"
4515. },
4516. {
4517. "name": "TerminateProcess",
4518. "address": "0x48f1ec"
4519. },
4520. {
4521. "name": "CreateToolhelp32Snapshot",
4522. "address": "0x48f1f0"
4523. },
4524. {
4525. "name": "Process32FirstW",
4526. "address": "0x48f1f4"
4527. },
4528. {
4529. "name": "Process32NextW",
4530. "address": "0x48f1f8"
4531. },
4532. {
4533. "name": "SetFileTime",
4534. "address": "0x48f1fc"
4535. },
4536. {
4537. "name": "GetFileAttributesW",
4538. "address": "0x48f200"
4539. },
4540. {
4541. "name": "FindFirstFileW",
4542. "address": "0x48f204"
4543. },
4544. {
4545. "name": "SetCurrentDirectoryW",
4546. "address": "0x48f208"
4547. },
4548. {
4549. "name": "GetLongPathNameW",
4550. "address": "0x48f20c"
4551. },
4552. {
4553. "name": "GetShortPathNameW",
4554. "address": "0x48f210"
4555. },
4556. {
4557. "name": "DeleteFileW",
4558. "address": "0x48f214"
4559. },
4560. {
4561. "name": "FindNextFileW",
4562. "address": "0x48f218"
4563. },
4564. {
4565. "name": "CopyFileExW",
4566. "address": "0x48f21c"
4567. },
4568. {
4569. "name": "MoveFileW",
4570. "address": "0x48f220"
4571. },
4572. {
4573. "name": "CreateDirectoryW",
4574. "address": "0x48f224"
4575. },
4576. {
4577. "name": "RemoveDirectoryW",
4578. "address": "0x48f228"
4579. },
4580. {
4581. "name": "SetSystemPowerState",
4582. "address": "0x48f22c"
4583. },
4584. {
4585. "name": "QueryPerformanceFrequency",
4586. "address": "0x48f230"
4587. },
4588. {
4589. "name": "FindResourceW",
4590. "address": "0x48f234"
4591. },
4592. {
4593. "name": "LoadResource",
4594. "address": "0x48f238"
4595. },
4596. {
4597. "name": "LockResource",
4598. "address": "0x48f23c"
4599. },
4600. {
4601. "name": "SizeofResource",
4602. "address": "0x48f240"
4603. },
4604. {
4605. "name": "EnumResourceNamesW",
4606. "address": "0x48f244"
4607. },
4608. {
4609. "name": "OutputDebugStringW",
4610. "address": "0x48f248"
4611. },
4612. {
4613. "name": "GetTempPathW",
4614. "address": "0x48f24c"
4615. },
4616. {
4617. "name": "GetTempFileNameW",
4618. "address": "0x48f250"
4619. },
4620. {
4621. "name": "DeviceIoControl",
4622. "address": "0x48f254"
4623. },
4624. {
4625. "name": "GetLocalTime",
4626. "address": "0x48f258"
4627. },
4628. {
4629. "name": "CompareStringW",
4630. "address": "0x48f25c"
4631. },
4632. {
4633. "name": "GetCurrentProcess",
4634. "address": "0x48f260"
4635. },
4636. {
4637. "name": "EnterCriticalSection",
4638. "address": "0x48f264"
4639. },
4640. {
4641. "name": "LeaveCriticalSection",
4642. "address": "0x48f268"
4643. },
4644. {
4645. "name": "GetStdHandle",
4646. "address": "0x48f26c"
4647. },
4648. {
4649. "name": "CreatePipe",
4650. "address": "0x48f270"
4651. },
4652. {
4653. "name": "InterlockedExchange",
4654. "address": "0x48f274"
4655. },
4656. {
4657. "name": "TerminateThread",
4658. "address": "0x48f278"
4659. },
4660. {
4661. "name": "LoadLibraryExW",
4662. "address": "0x48f27c"
4663. },
4664. {
4665. "name": "FindResourceExW",
4666. "address": "0x48f280"
4667. },
4668. {
4669. "name": "CopyFileW",
4670. "address": "0x48f284"
4671. },
4672. {
4673. "name": "VirtualFree",
4674. "address": "0x48f288"
4675. },
4676. {
4677. "name": "FormatMessageW",
4678. "address": "0x48f28c"
4679. },
4680. {
4681. "name": "GetExitCodeProcess",
4682. "address": "0x48f290"
4683. },
4684. {
4685. "name": "GetPrivateProfileStringW",
4686. "address": "0x48f294"
4687. },
4688. {
4689. "name": "WritePrivateProfileStringW",
4690. "address": "0x48f298"
4691. },
4692. {
4693. "name": "GetPrivateProfileSectionW",
4694. "address": "0x48f29c"
4695. },
4696. {
4697. "name": "WritePrivateProfileSectionW",
4698. "address": "0x48f2a0"
4699. },
4700. {
4701. "name": "GetPrivateProfileSectionNamesW",
4702. "address": "0x48f2a4"
4703. },
4704. {
4705. "name": "FileTimeToLocalFileTime",
4706. "address": "0x48f2a8"
4707. },
4708. {
4709. "name": "FileTimeToSystemTime",
4710. "address": "0x48f2ac"
4711. },
4712. {
4713. "name": "SystemTimeToFileTime",
4714. "address": "0x48f2b0"
4715. },
4716. {
4717. "name": "LocalFileTimeToFileTime",
4718. "address": "0x48f2b4"
4719. },
4720. {
4721. "name": "GetDriveTypeW",
4722. "address": "0x48f2b8"
4723. },
4724. {
4725. "name": "GetDiskFreeSpaceExW",
4726. "address": "0x48f2bc"
4727. },
4728. {
4729. "name": "GetDiskFreeSpaceW",
4730. "address": "0x48f2c0"
4731. },
4732. {
4733. "name": "GetVolumeInformationW",
4734. "address": "0x48f2c4"
4735. },
4736. {
4737. "name": "SetVolumeLabelW",
4738. "address": "0x48f2c8"
4739. },
4740. {
4741. "name": "CreateHardLinkW",
4742. "address": "0x48f2cc"
4743. },
4744. {
4745. "name": "SetFileAttributesW",
4746. "address": "0x48f2d0"
4747. },
4748. {
4749. "name": "CreateEventW",
4750. "address": "0x48f2d4"
4751. },
4752. {
4753. "name": "SetEvent",
4754. "address": "0x48f2d8"
4755. },
4756. {
4757. "name": "GetEnvironmentVariableW",
4758. "address": "0x48f2dc"
4759. },
4760. {
4761. "name": "SetEnvironmentVariableW",
4762. "address": "0x48f2e0"
4763. },
4764. {
4765. "name": "GlobalLock",
4766. "address": "0x48f2e4"
4767. },
4768. {
4769. "name": "GlobalUnlock",
4770. "address": "0x48f2e8"
4771. },
4772. {
4773. "name": "GlobalAlloc",
4774. "address": "0x48f2ec"
4775. },
4776. {
4777. "name": "GetFileSize",
4778. "address": "0x48f2f0"
4779. },
4780. {
4781. "name": "GlobalFree",
4782. "address": "0x48f2f4"
4783. },
4784. {
4785. "name": "GlobalMemoryStatusEx",
4786. "address": "0x48f2f8"
4787. },
4788. {
4789. "name": "Beep",
4790. "address": "0x48f2fc"
4791. },
4792. {
4793. "name": "GetSystemDirectoryW",
4794. "address": "0x48f300"
4795. },
4796. {
4797. "name": "HeapReAlloc",
4798. "address": "0x48f304"
4799. },
4800. {
4801. "name": "HeapSize",
4802. "address": "0x48f308"
4803. },
4804. {
4805. "name": "GetComputerNameW",
4806. "address": "0x48f30c"
4807. },
4808. {
4809. "name": "GetWindowsDirectoryW",
4810. "address": "0x48f310"
4811. },
4812. {
4813. "name": "GetCurrentProcessId",
4814. "address": "0x48f314"
4815. },
4816. {
4817. "name": "GetProcessIoCounters",
4818. "address": "0x48f318"
4819. },
4820. {
4821. "name": "CreateProcessW",
4822. "address": "0x48f31c"
4823. },
4824. {
4825. "name": "GetProcessId",
4826. "address": "0x48f320"
4827. },
4828. {
4829. "name": "SetPriorityClass",
4830. "address": "0x48f324"
4831. },
4832. {
4833. "name": "LoadLibraryW",
4834. "address": "0x48f328"
4835. },
4836. {
4837. "name": "VirtualAlloc",
4838. "address": "0x48f32c"
4839. },
4840. {
4841. "name": "IsDebuggerPresent",
4842. "address": "0x48f330"
4843. },
4844. {
4845. "name": "GetCurrentDirectoryW",
4846. "address": "0x48f334"
4847. },
4848. {
4849. "name": "lstrcmpiW",
4850. "address": "0x48f338"
4851. },
4852. {
4853. "name": "DecodePointer",
4854. "address": "0x48f33c"
4855. },
4856. {
4857. "name": "GetLastError",
4858. "address": "0x48f340"
4859. },
4860. {
4861. "name": "RaiseException",
4862. "address": "0x48f344"
4863. },
4864. {
4865. "name": "InitializeCriticalSectionAndSpinCount",
4866. "address": "0x48f348"
4867. },
4868. {
4869. "name": "DeleteCriticalSection",
4870. "address": "0x48f34c"
4871. },
4872. {
4873. "name": "InterlockedDecrement",
4874. "address": "0x48f350"
4875. },
4876. {
4877. "name": "InterlockedIncrement",
4878. "address": "0x48f354"
4879. },
4880. {
4881. "name": "GetCurrentThread",
4882. "address": "0x48f358"
4883. },
4884. {
4885. "name": "CloseHandle",
4886. "address": "0x48f35c"
4887. },
4888. {
4889. "name": "GetFullPathNameW",
4890. "address": "0x48f360"
4891. },
4892. {
4893. "name": "EncodePointer",
4894. "address": "0x48f364"
4895. },
4896. {
4897. "name": "ExitProcess",
4898. "address": "0x48f368"
4899. },
4900. {
4901. "name": "GetModuleHandleExW",
4902. "address": "0x48f36c"
4903. },
4904. {
4905. "name": "ExitThread",
4906. "address": "0x48f370"
4907. },
4908. {
4909. "name": "GetSystemTimeAsFileTime",
4910. "address": "0x48f374"
4911. },
4912. {
4913. "name": "ResumeThread",
4914. "address": "0x48f378"
4915. },
4916. {
4917. "name": "GetCommandLineW",
4918. "address": "0x48f37c"
4919. },
4920. {
4921. "name": "IsProcessorFeaturePresent",
4922. "address": "0x48f380"
4923. },
4924. {
4925. "name": "IsValidCodePage",
4926. "address": "0x48f384"
4927. },
4928. {
4929. "name": "GetACP",
4930. "address": "0x48f388"
4931. },
4932. {
4933. "name": "GetOEMCP",
4934. "address": "0x48f38c"
4935. },
4936. {
4937. "name": "GetCPInfo",
4938. "address": "0x48f390"
4939. },
4940. {
4941. "name": "SetLastError",
4942. "address": "0x48f394"
4943. },
4944. {
4945. "name": "UnhandledExceptionFilter",
4946. "address": "0x48f398"
4947. },
4948. {
4949. "name": "SetUnhandledExceptionFilter",
4950. "address": "0x48f39c"
4951. },
4952. {
4953. "name": "TlsAlloc",
4954. "address": "0x48f3a0"
4955. },
4956. {
4957. "name": "TlsGetValue",
4958. "address": "0x48f3a4"
4959. },
4960. {
4961. "name": "TlsSetValue",
4962. "address": "0x48f3a8"
4963. },
4964. {
4965. "name": "TlsFree",
4966. "address": "0x48f3ac"
4967. },
4968. {
4969. "name": "GetStartupInfoW",
4970. "address": "0x48f3b0"
4971. },
4972. {
4973. "name": "GetStringTypeW",
4974. "address": "0x48f3b4"
4975. },
4976. {
4977. "name": "SetStdHandle",
4978. "address": "0x48f3b8"
4979. },
4980. {
4981. "name": "GetFileType",
4982. "address": "0x48f3bc"
4983. },
4984. {
4985. "name": "GetConsoleCP",
4986. "address": "0x48f3c0"
4987. },
4988. {
4989. "name": "GetConsoleMode",
4990. "address": "0x48f3c4"
4991. },
4992. {
4993. "name": "RtlUnwind",
4994. "address": "0x48f3c8"
4995. },
4996. {
4997. "name": "ReadConsoleW",
4998. "address": "0x48f3cc"
4999. },
5000. {
5001. "name": "GetTimeZoneInformation",
5002. "address": "0x48f3d0"
5003. },
5004. {
5005. "name": "GetDateFormatW",
5006. "address": "0x48f3d4"
5007. },
5008. {
5009. "name": "GetTimeFormatW",
5010. "address": "0x48f3d8"
5011. },
5012. {
5013. "name": "LCMapStringW",
5014. "address": "0x48f3dc"
5015. },
5016. {
5017. "name": "GetEnvironmentStringsW",
5018. "address": "0x48f3e0"
5019. },
5020. {
5021. "name": "FreeEnvironmentStringsW",
5022. "address": "0x48f3e4"
5023. },
5024. {
5025. "name": "WriteConsoleW",
5026. "address": "0x48f3e8"
5027. },
5028. {
5029. "name": "FindClose",
5030. "address": "0x48f3ec"
5031. },
5032. {
5033. "name": "SetEnvironmentVariableA",
5034. "address": "0x48f3f0"
5035. }
5036. ],
5037. "dll": "KERNEL32.dll"
5038. },
5039. {
5040. "imports": [
5041. {
5042. "name": "AdjustWindowRectEx",
5043. "address": "0x48f4cc"
5044. },
5045. {
5046. "name": "CopyImage",
5047. "address": "0x48f4d0"
5048. },
5049. {
5050. "name": "SetWindowPos",
5051. "address": "0x48f4d4"
5052. },
5053. {
5054. "name": "GetCursorInfo",
5055. "address": "0x48f4d8"
5056. },
5057. {
5058. "name": "RegisterHotKey",
5059. "address": "0x48f4dc"
5060. },
5061. {
5062. "name": "ClientToScreen",
5063. "address": "0x48f4e0"
5064. },
5065. {
5066. "name": "GetKeyboardLayoutNameW",
5067. "address": "0x48f4e4"
5068. },
5069. {
5070. "name": "IsCharAlphaW",
5071. "address": "0x48f4e8"
5072. },
5073. {
5074. "name": "IsCharAlphaNumericW",
5075. "address": "0x48f4ec"
5076. },
5077. {
5078. "name": "IsCharLowerW",
5079. "address": "0x48f4f0"
5080. },
5081. {
5082. "name": "IsCharUpperW",
5083. "address": "0x48f4f4"
5084. },
5085. {
5086. "name": "GetMenuStringW",
5087. "address": "0x48f4f8"
5088. },
5089. {
5090. "name": "GetSubMenu",
5091. "address": "0x48f4fc"
5092. },
5093. {
5094. "name": "GetCaretPos",
5095. "address": "0x48f500"
5096. },
5097. {
5098. "name": "IsZoomed",
5099. "address": "0x48f504"
5100. },
5101. {
5102. "name": "MonitorFromPoint",
5103. "address": "0x48f508"
5104. },
5105. {
5106. "name": "GetMonitorInfoW",
5107. "address": "0x48f50c"
5108. },
5109. {
5110. "name": "SetWindowLongW",
5111. "address": "0x48f510"
5112. },
5113. {
5114. "name": "SetLayeredWindowAttributes",
5115. "address": "0x48f514"
5116. },
5117. {
5118. "name": "FlashWindow",
5119. "address": "0x48f518"
5120. },
5121. {
5122. "name": "GetClassLongW",
5123. "address": "0x48f51c"
5124. },
5125. {
5126. "name": "TranslateAcceleratorW",
5127. "address": "0x48f520"
5128. },
5129. {
5130. "name": "IsDialogMessageW",
5131. "address": "0x48f524"
5132. },
5133. {
5134. "name": "GetSysColor",
5135. "address": "0x48f528"
5136. },
5137. {
5138. "name": "InflateRect",
5139. "address": "0x48f52c"
5140. },
5141. {
5142. "name": "DrawFocusRect",
5143. "address": "0x48f530"
5144. },
5145. {
5146. "name": "DrawTextW",
5147. "address": "0x48f534"
5148. },
5149. {
5150. "name": "FrameRect",
5151. "address": "0x48f538"
5152. },
5153. {
5154. "name": "DrawFrameControl",
5155. "address": "0x48f53c"
5156. },
5157. {
5158. "name": "FillRect",
5159. "address": "0x48f540"
5160. },
5161. {
5162. "name": "PtInRect",
5163. "address": "0x48f544"
5164. },
5165. {
5166. "name": "DestroyAcceleratorTable",
5167. "address": "0x48f548"
5168. },
5169. {
5170. "name": "CreateAcceleratorTableW",
5171. "address": "0x48f54c"
5172. },
5173. {
5174. "name": "SetCursor",
5175. "address": "0x48f550"
5176. },
5177. {
5178. "name": "GetWindowDC",
5179. "address": "0x48f554"
5180. },
5181. {
5182. "name": "GetSystemMetrics",
5183. "address": "0x48f558"
5184. },
5185. {
5186. "name": "GetActiveWindow",
5187. "address": "0x48f55c"
5188. },
5189. {
5190. "name": "CharNextW",
5191. "address": "0x48f560"
5192. },
5193. {
5194. "name": "wsprintfW",
5195. "address": "0x48f564"
5196. },
5197. {
5198. "name": "RedrawWindow",
5199. "address": "0x48f568"
5200. },
5201. {
5202. "name": "DrawMenuBar",
5203. "address": "0x48f56c"
5204. },
5205. {
5206. "name": "DestroyMenu",
5207. "address": "0x48f570"
5208. },
5209. {
5210. "name": "SetMenu",
5211. "address": "0x48f574"
5212. },
5213. {
5214. "name": "GetWindowTextLengthW",
5215. "address": "0x48f578"
5216. },
5217. {
5218. "name": "CreateMenu",
5219. "address": "0x48f57c"
5220. },
5221. {
5222. "name": "IsDlgButtonChecked",
5223. "address": "0x48f580"
5224. },
5225. {
5226. "name": "DefDlgProcW",
5227. "address": "0x48f584"
5228. },
5229. {
5230. "name": "CallWindowProcW",
5231. "address": "0x48f588"
5232. },
5233. {
5234. "name": "ReleaseCapture",
5235. "address": "0x48f58c"
5236. },
5237. {
5238. "name": "SetCapture",
5239. "address": "0x48f590"
5240. },
5241. {
5242. "name": "CreateIconFromResourceEx",
5243. "address": "0x48f594"
5244. },
5245. {
5246. "name": "mouse_event",
5247. "address": "0x48f598"
5248. },
5249. {
5250. "name": "ExitWindowsEx",
5251. "address": "0x48f59c"
5252. },
5253. {
5254. "name": "SetActiveWindow",
5255. "address": "0x48f5a0"
5256. },
5257. {
5258. "name": "FindWindowExW",
5259. "address": "0x48f5a4"
5260. },
5261. {
5262. "name": "EnumThreadWindows",
5263. "address": "0x48f5a8"
5264. },
5265. {
5266. "name": "SetMenuDefaultItem",
5267. "address": "0x48f5ac"
5268. },
5269. {
5270. "name": "InsertMenuItemW",
5271. "address": "0x48f5b0"
5272. },
5273. {
5274. "name": "IsMenu",
5275. "address": "0x48f5b4"
5276. },
5277. {
5278. "name": "TrackPopupMenuEx",
5279. "address": "0x48f5b8"
5280. },
5281. {
5282. "name": "GetCursorPos",
5283. "address": "0x48f5bc"
5284. },
5285. {
5286. "name": "DeleteMenu",
5287. "address": "0x48f5c0"
5288. },
5289. {
5290. "name": "SetRect",
5291. "address": "0x48f5c4"
5292. },
5293. {
5294. "name": "GetMenuItemID",
5295. "address": "0x48f5c8"
5296. },
5297. {
5298. "name": "GetMenuItemCount",
5299. "address": "0x48f5cc"
5300. },
5301. {
5302. "name": "SetMenuItemInfoW",
5303. "address": "0x48f5d0"
5304. },
5305. {
5306. "name": "GetMenuItemInfoW",
5307. "address": "0x48f5d4"
5308. },
5309. {
5310. "name": "SetForegroundWindow",
5311. "address": "0x48f5d8"
5312. },
5313. {
5314. "name": "IsIconic",
5315. "address": "0x48f5dc"
5316. },
5317. {
5318. "name": "FindWindowW",
5319. "address": "0x48f5e0"
5320. },
5321. {
5322. "name": "MonitorFromRect",
5323. "address": "0x48f5e4"
5324. },
5325. {
5326. "name": "keybd_event",
5327. "address": "0x48f5e8"
5328. },
5329. {
5330. "name": "SendInput",
5331. "address": "0x48f5ec"
5332. },
5333. {
5334. "name": "GetAsyncKeyState",
5335. "address": "0x48f5f0"
5336. },
5337. {
5338. "name": "SetKeyboardState",
5339. "address": "0x48f5f4"
5340. },
5341. {
5342. "name": "GetKeyboardState",
5343. "address": "0x48f5f8"
5344. },
5345. {
5346. "name": "GetKeyState",
5347. "address": "0x48f5fc"
5348. },
5349. {
5350. "name": "VkKeyScanW",
5351. "address": "0x48f600"
5352. },
5353. {
5354. "name": "LoadStringW",
5355. "address": "0x48f604"
5356. },
5357. {
5358. "name": "DialogBoxParamW",
5359. "address": "0x48f608"
5360. },
5361. {
5362. "name": "MessageBeep",
5363. "address": "0x48f60c"
5364. },
5365. {
5366. "name": "EndDialog",
5367. "address": "0x48f610"
5368. },
5369. {
5370. "name": "SendDlgItemMessageW",
5371. "address": "0x48f614"
5372. },
5373. {
5374. "name": "GetDlgItem",
5375. "address": "0x48f618"
5376. },
5377. {
5378. "name": "SetWindowTextW",
5379. "address": "0x48f61c"
5380. },
5381. {
5382. "name": "CopyRect",
5383. "address": "0x48f620"
5384. },
5385. {
5386. "name": "ReleaseDC",
5387. "address": "0x48f624"
5388. },
5389. {
5390. "name": "GetDC",
5391. "address": "0x48f628"
5392. },
5393. {
5394. "name": "EndPaint",
5395. "address": "0x48f62c"
5396. },
5397. {
5398. "name": "BeginPaint",
5399. "address": "0x48f630"
5400. },
5401. {
5402. "name": "GetClientRect",
5403. "address": "0x48f634"
5404. },
5405. {
5406. "name": "GetMenu",
5407. "address": "0x48f638"
5408. },
5409. {
5410. "name": "DestroyWindow",
5411. "address": "0x48f63c"
5412. },
5413. {
5414. "name": "EnumWindows",
5415. "address": "0x48f640"
5416. },
5417. {
5418. "name": "GetDesktopWindow",
5419. "address": "0x48f644"
5420. },
5421. {
5422. "name": "IsWindow",
5423. "address": "0x48f648"
5424. },
5425. {
5426. "name": "IsWindowEnabled",
5427. "address": "0x48f64c"
5428. },
5429. {
5430. "name": "IsWindowVisible",
5431. "address": "0x48f650"
5432. },
5433. {
5434. "name": "EnableWindow",
5435. "address": "0x48f654"
5436. },
5437. {
5438. "name": "InvalidateRect",
5439. "address": "0x48f658"
5440. },
5441. {
5442. "name": "GetWindowLongW",
5443. "address": "0x48f65c"
5444. },
5445. {
5446. "name": "GetWindowThreadProcessId",
5447. "address": "0x48f660"
5448. },
5449. {
5450. "name": "AttachThreadInput",
5451. "address": "0x48f664"
5452. },
5453. {
5454. "name": "GetFocus",
5455. "address": "0x48f668"
5456. },
5457. {
5458. "name": "GetWindowTextW",
5459. "address": "0x48f66c"
5460. },
5461. {
5462. "name": "ScreenToClient",
5463. "address": "0x48f670"
5464. },
5465. {
5466. "name": "SendMessageTimeoutW",
5467. "address": "0x48f674"
5468. },
5469. {
5470. "name": "EnumChildWindows",
5471. "address": "0x48f678"
5472. },
5473. {
5474. "name": "CharUpperBuffW",
5475. "address": "0x48f67c"
5476. },
5477. {
5478. "name": "GetParent",
5479. "address": "0x48f680"
5480. },
5481. {
5482. "name": "GetDlgCtrlID",
5483. "address": "0x48f684"
5484. },
5485. {
5486. "name": "SendMessageW",
5487. "address": "0x48f688"
5488. },
5489. {
5490. "name": "MapVirtualKeyW",
5491. "address": "0x48f68c"
5492. },
5493. {
5494. "name": "PostMessageW",
5495. "address": "0x48f690"
5496. },
5497. {
5498. "name": "GetWindowRect",
5499. "address": "0x48f694"
5500. },
5501. {
5502. "name": "SetUserObjectSecurity",
5503. "address": "0x48f698"
5504. },
5505. {
5506. "name": "CloseDesktop",
5507. "address": "0x48f69c"
5508. },
5509. {
5510. "name": "CloseWindowStation",
5511. "address": "0x48f6a0"
5512. },
5513. {
5514. "name": "OpenDesktopW",
5515. "address": "0x48f6a4"
5516. },
5517. {
5518. "name": "SetProcessWindowStation",
5519. "address": "0x48f6a8"
5520. },
5521. {
5522. "name": "GetProcessWindowStation",
5523. "address": "0x48f6ac"
5524. },
5525. {
5526. "name": "OpenWindowStationW",
5527. "address": "0x48f6b0"
5528. },
5529. {
5530. "name": "GetUserObjectSecurity",
5531. "address": "0x48f6b4"
5532. },
5533. {
5534. "name": "MessageBoxW",
5535. "address": "0x48f6b8"
5536. },
5537. {
5538. "name": "DefWindowProcW",
5539. "address": "0x48f6bc"
5540. },
5541. {
5542. "name": "SetClipboardData",
5543. "address": "0x48f6c0"
5544. },
5545. {
5546. "name": "EmptyClipboard",
5547. "address": "0x48f6c4"
5548. },
5549. {
5550. "name": "CountClipboardFormats",
5551. "address": "0x48f6c8"
5552. },
5553. {
5554. "name": "CloseClipboard",
5555. "address": "0x48f6cc"
5556. },
5557. {
5558. "name": "GetClipboardData",
5559. "address": "0x48f6d0"
5560. },
5561. {
5562. "name": "IsClipboardFormatAvailable",
5563. "address": "0x48f6d4"
5564. },
5565. {
5566. "name": "OpenClipboard",
5567. "address": "0x48f6d8"
5568. },
5569. {
5570. "name": "BlockInput",
5571. "address": "0x48f6dc"
5572. },
5573. {
5574. "name": "GetMessageW",
5575. "address": "0x48f6e0"
5576. },
5577. {
5578. "name": "LockWindowUpdate",
5579. "address": "0x48f6e4"
5580. },
5581. {
5582. "name": "DispatchMessageW",
5583. "address": "0x48f6e8"
5584. },
5585. {
5586. "name": "TranslateMessage",
5587. "address": "0x48f6ec"
5588. },
5589. {
5590. "name": "PeekMessageW",
5591. "address": "0x48f6f0"
5592. },
5593. {
5594. "name": "UnregisterHotKey",
5595. "address": "0x48f6f4"
5596. },
5597. {
5598. "name": "CheckMenuRadioItem",
5599. "address": "0x48f6f8"
5600. },
5601. {
5602. "name": "CharLowerBuffW",
5603. "address": "0x48f6fc"
5604. },
5605. {
5606. "name": "MoveWindow",
5607. "address": "0x48f700"
5608. },
5609. {
5610. "name": "SetFocus",
5611. "address": "0x48f704"
5612. },
5613. {
5614. "name": "PostQuitMessage",
5615. "address": "0x48f708"
5616. },
5617. {
5618. "name": "KillTimer",
5619. "address": "0x48f70c"
5620. },
5621. {
5622. "name": "CreatePopupMenu",
5623. "address": "0x48f710"
5624. },
5625. {
5626. "name": "RegisterWindowMessageW",
5627. "address": "0x48f714"
5628. },
5629. {
5630. "name": "SetTimer",
5631. "address": "0x48f718"
5632. },
5633. {
5634. "name": "ShowWindow",
5635. "address": "0x48f71c"
5636. },
5637. {
5638. "name": "CreateWindowExW",
5639. "address": "0x48f720"
5640. },
5641. {
5642. "name": "RegisterClassExW",
5643. "address": "0x48f724"
5644. },
5645. {
5646. "name": "LoadIconW",
5647. "address": "0x48f728"
5648. },
5649. {
5650. "name": "LoadCursorW",
5651. "address": "0x48f72c"
5652. },
5653. {
5654. "name": "GetSysColorBrush",
5655. "address": "0x48f730"
5656. },
5657. {
5658. "name": "GetForegroundWindow",
5659. "address": "0x48f734"
5660. },
5661. {
5662. "name": "MessageBoxA",
5663. "address": "0x48f738"
5664. },
5665. {
5666. "name": "DestroyIcon",
5667. "address": "0x48f73c"
5668. },
5669. {
5670. "name": "SystemParametersInfoW",
5671. "address": "0x48f740"
5672. },
5673. {
5674. "name": "LoadImageW",
5675. "address": "0x48f744"
5676. },
5677. {
5678. "name": "GetClassNameW",
5679. "address": "0x48f748"
5680. }
5681. ],
5682. "dll": "USER32.dll"
5683. },
5684. {
5685. "imports": [
5686. {
5687. "name": "StrokePath",
5688. "address": "0x48f0c4"
5689. },
5690. {
5691. "name": "DeleteObject",
5692. "address": "0x48f0c8"
5693. },
5694. {
5695. "name": "GetTextExtentPoint32W",
5696. "address": "0x48f0cc"
5697. },
5698. {
5699. "name": "ExtCreatePen",
5700. "address": "0x48f0d0"
5701. },
5702. {
5703. "name": "GetDeviceCaps",
5704. "address": "0x48f0d4"
5705. },
5706. {
5707. "name": "EndPath",
5708. "address": "0x48f0d8"
5709. },
5710. {
5711. "name": "SetPixel",
5712. "address": "0x48f0dc"
5713. },
5714. {
5715. "name": "CloseFigure",
5716. "address": "0x48f0e0"
5717. },
5718. {
5719. "name": "CreateCompatibleBitmap",
5720. "address": "0x48f0e4"
5721. },
5722. {
5723. "name": "CreateCompatibleDC",
5724. "address": "0x48f0e8"
5725. },
5726. {
5727. "name": "SelectObject",
5728. "address": "0x48f0ec"
5729. },
5730. {
5731. "name": "StretchBlt",
5732. "address": "0x48f0f0"
5733. },
5734. {
5735. "name": "GetDIBits",
5736. "address": "0x48f0f4"
5737. },
5738. {
5739. "name": "LineTo",
5740. "address": "0x48f0f8"
5741. },
5742. {
5743. "name": "AngleArc",
5744. "address": "0x48f0fc"
5745. },
5746. {
5747. "name": "MoveToEx",
5748. "address": "0x48f100"
5749. },
5750. {
5751. "name": "Ellipse",
5752. "address": "0x48f104"
5753. },
5754. {
5755. "name": "DeleteDC",
5756. "address": "0x48f108"
5757. },
5758. {
5759. "name": "GetPixel",
5760. "address": "0x48f10c"
5761. },
5762. {
5763. "name": "CreateDCW",
5764. "address": "0x48f110"
5765. },
5766. {
5767. "name": "GetStockObject",
5768. "address": "0x48f114"
5769. },
5770. {
5771. "name": "GetTextFaceW",
5772. "address": "0x48f118"
5773. },
5774. {
5775. "name": "CreateFontW",
5776. "address": "0x48f11c"
5777. },
5778. {
5779. "name": "SetTextColor",
5780. "address": "0x48f120"
5781. },
5782. {
5783. "name": "PolyDraw",
5784. "address": "0x48f124"
5785. },
5786. {
5787. "name": "BeginPath",
5788. "address": "0x48f128"
5789. },
5790. {
5791. "name": "Rectangle",
5792. "address": "0x48f12c"
5793. },
5794. {
5795. "name": "SetViewportOrgEx",
5796. "address": "0x48f130"
5797. },
5798. {
5799. "name": "GetObjectW",
5800. "address": "0x48f134"
5801. },
5802. {
5803. "name": "SetBkMode",
5804. "address": "0x48f138"
5805. },
5806. {
5807. "name": "RoundRect",
5808. "address": "0x48f13c"
5809. },
5810. {
5811. "name": "SetBkColor",
5812. "address": "0x48f140"
5813. },
5814. {
5815. "name": "CreatePen",
5816. "address": "0x48f144"
5817. },
5818. {
5819. "name": "CreateSolidBrush",
5820. "address": "0x48f148"
5821. },
5822. {
5823. "name": "StrokeAndFillPath",
5824. "address": "0x48f14c"
5825. }
5826. ],
5827. "dll": "GDI32.dll"
5828. },
5829. {
5830. "imports": [
5831. {
5832. "name": "GetOpenFileNameW",
5833. "address": "0x48f0b8"
5834. },
5835. {
5836. "name": "GetSaveFileNameW",
5837. "address": "0x48f0bc"
5838. }
5839. ],
5840. "dll": "COMDLG32.dll"
5841. },
5842. {
5843. "imports": [
5844. {
5845. "name": "GetAce",
5846. "address": "0x48f000"
5847. },
5848. {
5849. "name": "RegEnumValueW",
5850. "address": "0x48f004"
5851. },
5852. {
5853. "name": "RegDeleteValueW",
5854. "address": "0x48f008"
5855. },
5856. {
5857. "name": "RegDeleteKeyW",
5858. "address": "0x48f00c"
5859. },
5860. {
5861. "name": "RegEnumKeyExW",
5862. "address": "0x48f010"
5863. },
5864. {
5865. "name": "RegSetValueExW",
5866. "address": "0x48f014"
5867. },
5868. {
5869. "name": "RegOpenKeyExW",
5870. "address": "0x48f018"
5871. },
5872. {
5873. "name": "RegCloseKey",
5874. "address": "0x48f01c"
5875. },
5876. {
5877. "name": "RegQueryValueExW",
5878. "address": "0x48f020"
5879. },
5880. {
5881. "name": "RegConnectRegistryW",
5882. "address": "0x48f024"
5883. },
5884. {
5885. "name": "InitializeSecurityDescriptor",
5886. "address": "0x48f028"
5887. },
5888. {
5889. "name": "InitializeAcl",
5890. "address": "0x48f02c"
5891. },
5892. {
5893. "name": "AdjustTokenPrivileges",
5894. "address": "0x48f030"
5895. },
5896. {
5897. "name": "OpenThreadToken",
5898. "address": "0x48f034"
5899. },
5900. {
5901. "name": "OpenProcessToken",
5902. "address": "0x48f038"
5903. },
5904. {
5905. "name": "LookupPrivilegeValueW",
5906. "address": "0x48f03c"
5907. },
5908. {
5909. "name": "DuplicateTokenEx",
5910. "address": "0x48f040"
5911. },
5912. {
5913. "name": "CreateProcessAsUserW",
5914. "address": "0x48f044"
5915. },
5916. {
5917. "name": "CreateProcessWithLogonW",
5918. "address": "0x48f048"
5919. },
5920. {
5921. "name": "GetLengthSid",
5922. "address": "0x48f04c"
5923. },
5924. {
5925. "name": "CopySid",
5926. "address": "0x48f050"
5927. },
5928. {
5929. "name": "LogonUserW",
5930. "address": "0x48f054"
5931. },
5932. {
5933. "name": "AllocateAndInitializeSid",
5934. "address": "0x48f058"
5935. },
5936. {
5937. "name": "CheckTokenMembership",
5938. "address": "0x48f05c"
5939. },
5940. {
5941. "name": "RegCreateKeyExW",
5942. "address": "0x48f060"
5943. },
5944. {
5945. "name": "FreeSid",
5946. "address": "0x48f064"
5947. },
5948. {
5949. "name": "GetTokenInformation",
5950. "address": "0x48f068"
5951. },
5952. {
5953. "name": "GetSecurityDescriptorDacl",
5954. "address": "0x48f06c"
5955. },
5956. {
5957. "name": "GetAclInformation",
5958. "address": "0x48f070"
5959. },
5960. {
5961. "name": "AddAce",
5962. "address": "0x48f074"
5963. },
5964. {
5965. "name": "SetSecurityDescriptorDacl",
5966. "address": "0x48f078"
5967. },
5968. {
5969. "name": "GetUserNameW",
5970. "address": "0x48f07c"
5971. },
5972. {
5973. "name": "InitiateSystemShutdownExW",
5974. "address": "0x48f080"
5975. }
5976. ],
5977. "dll": "ADVAPI32.dll"
5978. },
5979. {
5980. "imports": [
5981. {
5982. "name": "DragQueryPoint",
5983. "address": "0x48f48c"
5984. },
5985. {
5986. "name": "ShellExecuteExW",
5987. "address": "0x48f490"
5988. },
5989. {
5990. "name": "DragQueryFileW",
5991. "address": "0x48f494"
5992. },
5993. {
5994. "name": "SHEmptyRecycleBinW",
5995. "address": "0x48f498"
5996. },
5997. {
5998. "name": "SHGetPathFromIDListW",
5999. "address": "0x48f49c"
6000. },
6001. {
6002. "name": "SHBrowseForFolderW",
6003. "address": "0x48f4a0"
6004. },
6005. {
6006. "name": "SHCreateShellItem",
6007. "address": "0x48f4a4"
6008. },
6009. {
6010. "name": "SHGetDesktopFolder",
6011. "address": "0x48f4a8"
6012. },
6013. {
6014. "name": "SHGetSpecialFolderLocation",
6015. "address": "0x48f4ac"
6016. },
6017. {
6018. "name": "SHGetFolderPathW",
6019. "address": "0x48f4b0"
6020. },
6021. {
6022. "name": "SHFileOperationW",
6023. "address": "0x48f4b4"
6024. },
6025. {
6026. "name": "ExtractIconExW",
6027. "address": "0x48f4b8"
6028. },
6029. {
6030. "name": "Shell_NotifyIconW",
6031. "address": "0x48f4bc"
6032. },
6033. {
6034. "name": "ShellExecuteW",
6035. "address": "0x48f4c0"
6036. },
6037. {
6038. "name": "DragFinish",
6039. "address": "0x48f4c4"
6040. }
6041. ],
6042. "dll": "SHELL32.dll"
6043. },
6044. {
6045. "imports": [
6046. {
6047. "name": "CoTaskMemAlloc",
6048. "address": "0x48f828"
6049. },
6050. {
6051. "name": "CoTaskMemFree",
6052. "address": "0x48f82c"
6053. },
6054. {
6055. "name": "CLSIDFromString",
6056. "address": "0x48f830"
6057. },
6058. {
6059. "name": "ProgIDFromCLSID",
6060. "address": "0x48f834"
6061. },
6062. {
6063. "name": "CLSIDFromProgID",
6064. "address": "0x48f838"
6065. },
6066. {
6067. "name": "OleSetMenuDescriptor",
6068. "address": "0x48f83c"
6069. },
6070. {
6071. "name": "MkParseDisplayName",
6072. "address": "0x48f840"
6073. },
6074. {
6075. "name": "OleSetContainedObject",
6076. "address": "0x48f844"
6077. },
6078. {
6079. "name": "CoCreateInstance",
6080. "address": "0x48f848"
6081. },
6082. {
6083. "name": "IIDFromString",
6084. "address": "0x48f84c"
6085. },
6086. {
6087. "name": "StringFromGUID2",
6088. "address": "0x48f850"
6089. },
6090. {
6091. "name": "CreateStreamOnHGlobal",
6092. "address": "0x48f854"
6093. },
6094. {
6095. "name": "OleInitialize",
6096. "address": "0x48f858"
6097. },
6098. {
6099. "name": "OleUninitialize",
6100. "address": "0x48f85c"
6101. },
6102. {
6103. "name": "CoInitialize",
6104. "address": "0x48f860"
6105. },
6106. {
6107. "name": "CoUninitialize",
6108. "address": "0x48f864"
6109. },
6110. {
6111. "name": "GetRunningObjectTable",
6112. "address": "0x48f868"
6113. },
6114. {
6115. "name": "CoGetInstanceFromFile",
6116. "address": "0x48f86c"
6117. },
6118. {
6119. "name": "CoGetObject",
6120. "address": "0x48f870"
6121. },
6122. {
6123. "name": "CoSetProxyBlanket",
6124. "address": "0x48f874"
6125. },
6126. {
6127. "name": "CoCreateInstanceEx",
6128. "address": "0x48f878"
6129. },
6130. {
6131. "name": "CoInitializeSecurity",
6132. "address": "0x48f87c"
6133. }
6134. ],
6135. "dll": "ole32.dll"
6136. },
6137. {
6138. "imports": [
6139. {
6140. "name": "LoadTypeLibEx",
6141. "address": "0x48f40c"
6142. },
6143. {
6144. "name": "VariantCopyInd",
6145. "address": "0x48f410"
6146. },
6147. {
6148. "name": "SysReAllocString",
6149. "address": "0x48f414"
6150. },
6151. {
6152. "name": "SysFreeString",
6153. "address": "0x48f418"
6154. },
6155. {
6156. "name": "SafeArrayDestroyDescriptor",
6157. "address": "0x48f41c"
6158. },
6159. {
6160. "name": "SafeArrayDestroyData",
6161. "address": "0x48f420"
6162. },
6163. {
6164. "name": "SafeArrayUnaccessData",
6165. "address": "0x48f424"
6166. },
6167. {
6168. "name": "SafeArrayAccessData",
6169. "address": "0x48f428"
6170. },
6171. {
6172. "name": "SafeArrayAllocData",
6173. "address": "0x48f42c"
6174. },
6175. {
6176. "name": "SafeArrayAllocDescriptorEx",
6177. "address": "0x48f430"
6178. },
6179. {
6180. "name": "SafeArrayCreateVector",
6181. "address": "0x48f434"
6182. },
6183. {
6184. "name": "RegisterTypeLib",
6185. "address": "0x48f438"
6186. },
6187. {
6188. "name": "CreateStdDispatch",
6189. "address": "0x48f43c"
6190. },
6191. {
6192. "name": "DispCallFunc",
6193. "address": "0x48f440"
6194. },
6195. {
6196. "name": "VariantChangeType",
6197. "address": "0x48f444"
6198. },
6199. {
6200. "name": "SysStringLen",
6201. "address": "0x48f448"
6202. },
6203. {
6204. "name": "VariantTimeToSystemTime",
6205. "address": "0x48f44c"
6206. },
6207. {
6208. "name": "VarR8FromDec",
6209. "address": "0x48f450"
6210. },
6211. {
6212. "name": "SafeArrayGetVartype",
6213. "address": "0x48f454"
6214. },
6215. {
6216. "name": "VariantCopy",
6217. "address": "0x48f458"
6218. },
6219. {
6220. "name": "VariantClear",
6221. "address": "0x48f45c"
6222. },
6223. {
6224. "name": "OleLoadPicture",
6225. "address": "0x48f460"
6226. },
6227. {
6228. "name": "QueryPathOfRegTypeLib",
6229. "address": "0x48f464"
6230. },
6231. {
6232. "name": "RegisterTypeLibForUser",
6233. "address": "0x48f468"
6234. },
6235. {
6236. "name": "UnRegisterTypeLibForUser",
6237. "address": "0x48f46c"
6238. },
6239. {
6240. "name": "UnRegisterTypeLib",
6241. "address": "0x48f470"
6242. },
6243. {
6244. "name": "CreateDispTypeInfo",
6245. "address": "0x48f474"
6246. },
6247. {
6248. "name": "SysAllocString",
6249. "address": "0x48f478"
6250. },
6251. {
6252. "name": "VariantInit",
6253. "address": "0x48f47c"
6254. }
6255. ],
6256. "dll": "OLEAUT32.dll"
6257. }
6258. ],
6259. "digital_signers": null,
6260. "exported_dll_name": null,
6261. "actual_checksum": "0x0014ffb4",
6262. "overlay": null,
6263. "imagebase": "0x00400000",
6264. "reported_checksum": "0x0014b672",
6265. "icon_hash": null,
6266. "entrypoint": "0x0042800a",
6267. "timestamp": "2019-06-17 14:52:01",
6268. "osversion": "5.1",
6269. "sections": [
6270. {
6271. "name": ".text",
6272. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
6273. "virtual_address": "0x00001000",
6274. "size_of_data": "0x0008e000",
6275. "entropy": "6.68",
6276. "raw_address": "0x00000400",
6277. "virtual_size": "0x0008dfdd",
6278. "characteristics_raw": "0x60000020"
6279. },
6280. {
6281. "name": ".rdata",
6282. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
6283. "virtual_address": "0x0008f000",
6284. "size_of_data": "0x0002fe00",
6285. "entropy": "5.76",
6286. "raw_address": "0x0008e400",
6287. "virtual_size": "0x0002fd8e",
6288. "characteristics_raw": "0x40000040"
6289. },
6290. {
6291. "name": ".data",
6292. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
6293. "virtual_address": "0x000bf000",
6294. "size_of_data": "0x00005200",
6295. "entropy": "1.20",
6296. "raw_address": "0x000be200",
6297. "virtual_size": "0x00008f74",
6298. "characteristics_raw": "0xc0000040"
6299. },
6300. {
6301. "name": ".rsrc",
6302. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
6303. "virtual_address": "0x000c8000",
6304. "size_of_data": "0x00082200",
6305. "entropy": "7.92",
6306. "raw_address": "0x000c3400",
6307. "virtual_size": "0x00082118",
6308. "characteristics_raw": "0x40000040"
6309. },
6310. {
6311. "name": ".reloc",
6312. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
6313. "virtual_address": "0x0014b000",
6314. "size_of_data": "0x00007200",
6315. "entropy": "6.78",
6316. "raw_address": "0x00145600",
6317. "virtual_size": "0x00007134",
6318. "characteristics_raw": "0x42000040"
6319. }
6320. ],
6321. "resources": [],
6322. "dirents": [
6323. {
6324. "virtual_address": "0x00000000",
6325. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
6326. "size": "0x00000000"
6327. },
6328. {
6329. "virtual_address": "0x000bc0cc",
6330. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
6331. "size": "0x0000017c"
6332. },
6333. {
6334. "virtual_address": "0x000c8000",
6335. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
6336. "size": "0x00082118"
6337. },
6338. {
6339. "virtual_address": "0x00000000",
6340. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
6341. "size": "0x00000000"
6342. },
6343. {
6344. "virtual_address": "0x00000000",
6345. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
6346. "size": "0x00000000"
6347. },
6348. {
6349. "virtual_address": "0x0014b000",
6350. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
6351. "size": "0x00007134"
6352. },
6353. {
6354. "virtual_address": "0x00092bc0",
6355. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
6356. "size": "0x0000001c"
6357. },
6358. {
6359. "virtual_address": "0x00000000",
6360. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
6361. "size": "0x00000000"
6362. },
6363. {
6364. "virtual_address": "0x00000000",
6365. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
6366. "size": "0x00000000"
6367. },
6368. {
6369. "virtual_address": "0x00000000",
6370. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
6371. "size": "0x00000000"
6372. },
6373. {
6374. "virtual_address": "0x000a4b50",
6375. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
6376. "size": "0x00000040"
6377. },
6378. {
6379. "virtual_address": "0x00000000",
6380. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
6381. "size": "0x00000000"
6382. },
6383. {
6384. "virtual_address": "0x0008f000",
6385. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
6386. "size": "0x00000884"
6387. },
6388. {
6389. "virtual_address": "0x00000000",
6390. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
6391. "size": "0x00000000"
6392. },
6393. {
6394. "virtual_address": "0x00000000",
6395. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
6396. "size": "0x00000000"
6397. },
6398. {
6399. "virtual_address": "0x00000000",
6400. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
6401. "size": "0x00000000"
6402. }
6403. ],
6404. "exports": [],
6405. "guest_signers": {},
6406. "imphash": "afcdf79be1557326c854b6e20cb900a7",
6407. "icon_fuzzy": null,
6408. "icon": null,
6409. "pdbpath": null,
6410. "imported_dll_count": 18,
6411. "versioninfo": []
6412. }
6413. }