Exes_c025e2d5_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_c025e2d5.exe"
7. [*] File Size: 282112
8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
9. [*] SHA256: "4fc1db18c9e7e31b076db758f678c88f0866c203173ef00b2504da28632240d6"
10. [*] MD5: "0a376855ef9379c9f418be772aa930ab"
11. [*] SHA1: "7999600404c58736e51cae2cd0fc6399388efe40"
12. [*] SHA512: "0ae9c573e618a6736e51bdf3c896e88e087b5c7c84851df94c3c8bc17b9d5bfc04a06a54c943f8814d774ec2e63b6d903076fea12a778ca071788a493a813253"
13. [*] CRC32: "C025E2D5"
14. [*] SSDEEP: "6144:omlBYsAFLUvRddBWZlEaZ60zWmKPhPWzc1og/7mZqwbze:omzYsAFwvDdBSlEaZ60zWmKVvoZ"
15.  
16. [*] Process Execution: [
17. "Exes_c025e2d5.exe",
18. "services.exe",
19. "svchost.exe",
20. "WmiPrvSE.exe",
21. "svchost.exe",
22. "msiexec.exe",
23. "GoogleUpdate.exe",
24. "svchost.exe",
25. "taskhost.exe"
26. ]
27.  
28. [*] Signatures Detected: [
29. {
30. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
31. "Details": [
32. {
33. "IP": "172.217.4.163:443"
34. }
35. ]
36. },
37. {
38. "Description": "Creates RWX memory",
39. "Details": []
40. },
41. {
42. "Description": "A process attempted to delay the analysis task.",
43. "Details": [
44. {
45. "Process": "Exes_c025e2d5.exe tried to sleep 595 seconds, actually delayed analysis time by 0 seconds"
46. }
47. ]
48. },
49. {
50. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
51. "Details": [
52. {
53. "ioc": "http://crl.globalsign.net/root-r2.crl0"
54. }
55. ]
56. },
57. {
58. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
59. "Details": [
60. {
61. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
62. },
63. {
64. "suspicious_request": "http://checkip.amazonaws.com/"
65. }
66. ]
67. },
68. {
69. "Description": "Performs some HTTP requests",
70. "Details": [
71. {
72. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
73. },
74. {
75. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
76. },
77. {
78. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
79. },
80. {
81. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
82. },
83. {
84. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
85. },
86. {
87. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
88. },
89. {
90. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
91. },
92. {
93. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
94. },
95. {
96. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
97. },
98. {
99. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
100. },
101. {
102. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
103. },
104. {
105. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
106. },
107. {
108. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
109. },
110. {
111. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
112. },
113. {
114. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
115. },
116. {
117. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
118. },
119. {
120. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
121. },
122. {
123. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
124. },
125. {
126. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
127. },
128. {
129. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
130. },
131. {
132. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
133. },
134. {
135. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
136. },
137. {
138. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
139. },
140. {
141. "url": "http://checkip.amazonaws.com/"
142. }
143. ]
144. },
145. {
146. "Description": "Anomalous .NET characteristics",
147. "Details": [
148. {
149. "anomalous_version": "Assembly version is set to 0"
150. }
151. ]
152. },
153. {
154. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
155. "Details": [
156. {
157. "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 18069493 times"
158. }
159. ]
160. },
161. {
162. "Description": "Steals private information from local Internet browsers",
163. "Details": [
164. {
165. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
166. }
167. ]
168. },
169. {
170. "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
171. "Details": []
172. },
173. {
174. "Description": "File has been identified by 54 Antiviruses on VirusTotal as malicious",
175. "Details": [
176. {
177. "MicroWorld-eScan": "Gen:Variant.Razy.490164"
178. },
179. {
180. "CAT-QuickHeal": "TrojanSpy.MSIL"
181. },
182. {
183. "Qihoo-360": "Win32/Trojan.Spy.0f3"
184. },
185. {
186. "McAfee": "RDN/Generic PWS.y"
187. },
188. {
189. "Cylance": "Unsafe"
190. },
191. {
192. "K7AntiVirus": "Spyware ( 004bf53c1 )"
193. },
194. {
195. "Alibaba": "TrojanSpy:MSIL/Agent.5f70c9ad"
196. },
197. {
198. "K7GW": "Spyware ( 004bf53c1 )"
199. },
200. {
201. "Cybereason": "malicious.5ef937"
202. },
203. {
204. "TrendMicro": "TROJ_GEN.R002C0DF319"
205. },
206. {
207. "Cyren": "W32/MSIL_Stealer.A.gen!Eldorado"
208. },
209. {
210. "Symantec": "Trojan.Gen.MBT"
211. },
212. {
213. "APEX": "Malicious"
214. },
215. {
216. "ClamAV": "Win.Malware.Razy-6952874-0"
217. },
218. {
219. "Kaspersky": "Trojan-Spy.MSIL.Agent.tfqt"
220. },
221. {
222. "BitDefender": "Gen:Variant.Razy.490164"
223. },
224. {
225. "NANO-Antivirus": "Trojan.Win32.Stealer.fqxtvl"
226. },
227. {
228. "ViRobot": "Trojan.Win32.Z.Razy.282112.V"
229. },
230. {
231. "AegisLab": "Trojan.MSIL.Agent.4!c"
232. },
233. {
234. "Rising": "Spyware.AgentTesla!1.B864 (CLOUD)"
235. },
236. {
237. "Endgame": "malicious (high confidence)"
238. },
239. {
240. "Sophos": "Mal/Generic-S"
241. },
242. {
243. "Comodo": "Malware@#2f32y0mt2ha2v"
244. },
245. {
246. "F-Secure": "Trojan.TR/Spy.Agent.lkofd"
247. },
248. {
249. "DrWeb": "Trojan.PWS.Stealer.19347"
250. },
251. {
252. "VIPRE": "Trojan.Win32.Generic!BT"
253. },
254. {
255. "Invincea": "heuristic"
256. },
257. {
258. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.dh"
259. },
260. {
261. "Trapmine": "malicious.moderate.ml.score"
262. },
263. {
264. "FireEye": "Generic.mg.0a376855ef9379c9"
265. },
266. {
267. "Emsisoft": "Gen:Variant.Razy.490164 (B)"
268. },
269. {
270. "SentinelOne": "DFI - Malicious PE"
271. },
272. {
273. "F-Prot": "W32/MSIL_Stealer.A.gen!Eldorado"
274. },
275. {
276. "Avira": "TR/Spy.Agent.lkofd"
277. },
278. {
279. "MAX": "malware (ai score=100)"
280. },
281. {
282. "Microsoft": "Trojan:Win32/Occamy.C"
283. },
284. {
285. "Arcabit": "Trojan.Razy.D77AB4"
286. },
287. {
288. "ZoneAlarm": "Trojan-Spy.MSIL.Agent.tfqt"
289. },
290. {
291. "GData": "Win32.Trojan-Stealer.Brilik.87BRB8"
292. },
293. {
294. "ESET-NOD32": "a variant of MSIL/Spy.Agent.AES"
295. },
296. {
297. "VBA32": "TScope.Trojan.MSIL"
298. },
299. {
300. "ALYac": "Gen:Variant.Razy.490164"
301. },
302. {
303. "Ad-Aware": "Gen:Variant.Razy.490164"
304. },
305. {
306. "Malwarebytes": "Spyware.PasswordStealer.MSIL.Generic"
307. },
308. {
309. "Panda": "Trj/GdSda.A"
310. },
311. {
312. "TrendMicro-HouseCall": "TROJ_GEN.R002C0DF319"
313. },
314. {
315. "Tencent": "Msil.Trojan-spy.Agent.Eyh"
316. },
317. {
318. "Yandex": "TrojanSpy.Agent!+wY/n6L6H5s"
319. },
320. {
321. "Ikarus": "Trojan-Spy.Keylogger.AgentTesla"
322. },
323. {
324. "Fortinet": "MSIL/Stealer.AGI!tr"
325. },
326. {
327. "AVG": "MSIL:IELib-A [Trj]"
328. },
329. {
330. "Avast": "MSIL:IELib-A [Trj]"
331. },
332. {
333. "CrowdStrike": "win/malicious_confidence_100% (W)"
334. },
335. {
336. "MaxSecure": "Trojan.Malware.74168226.susgen"
337. }
338. ]
339. },
340. {
341. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
342. "Details": []
343. },
344. {
345. "Description": "Harvests credentials from local FTP client softwares",
346. "Details": [
347. {
348. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
349. },
350. {
351. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
352. },
353. {
354. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
355. },
356. {
357. "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
358. },
359. {
360. "file": "C:\\cftp\\Ftplist.txt"
361. },
362. {
363. "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
364. }
365. ]
366. },
367. {
368. "Description": "Harvests information related to installed mail clients",
369. "Details": [
370. {
371. "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
372. },
373. {
374. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
375. },
376. {
377. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
378. },
379. {
380. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
381. },
382. {
383. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
384. },
385. {
386. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
387. },
388. {
389. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
390. },
391. {
392. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
393. },
394. {
395. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
396. },
397. {
398. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
399. },
400. {
401. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
402. },
403. {
404. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
405. },
406. {
407. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
408. },
409. {
410. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
411. },
412. {
413. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
414. },
415. {
416. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
417. },
418. {
419. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
420. }
421. ]
422. },
423. {
424. "Description": "Collects information to fingerprint the system",
425. "Details": []
426. }
427. ]
428.  
429. [*] Started Service: [
430. "VaultSvc",
431. "msiserver",
432. "gupdate"
433. ]
434.  
435. [*] Executed Commands: [
436. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
437. "C:\\Windows\\system32\\lsass.exe",
438. "C:\\Windows\\system32\\msiexec.exe /V",
439. "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /svc",
440. "C:\\Windows\\System32\\svchost.exe -k netsvcs"
441. ]
442.  
443. [*] Mutexes: [
444. "Global\\CLR_CASOFF_MUTEX",
445. "Local\\_!MSFTHISTORY!_",
446. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
447. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
448. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
449. "Global\\.net clr networking",
450. "Global\\_MSIExecute",
451. "Global\\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}",
452. "Global\\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}",
453. "Global\\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}",
454. "Global\\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}"
455. ]
456.  
457. [*] Modified Files: [
458. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
459. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
460. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
461. "\\??\\PIPE\\samr",
462. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
463. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
464. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
465. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
466. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
467. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
468. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
469. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
470. "\\??\\WMIDataDevice",
471. "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
472. "C:\\Windows\\Installer\\f25088.msi",
473. "C:\\Windows\\Installer\\f25089.msi",
474. "\\??\\PIPE\\wkssvc",
475. "\\??\\pipe\\GoogleCrashServices\\S-1-5-18",
476. "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat",
477. "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat"
478. ]
479.  
480. [*] Deleted Files: [
481. "C:\\Windows\\Installer\\f25088.msi",
482. "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}\\GoogleUpdateSetup.exe",
483. "C:\\Program Files (x86)\\Google\\Update\\Install\\{0E51DEF1-ED79-4FDA-92A7-D7F8B9999365}"
484. ]
485.  
486. [*] Modified Registry Keys: [
487. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32",
488. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\EnableFileTracing",
489. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\EnableConsoleTracing",
490. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\FileTracingMask",
491. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\ConsoleTracingMask",
492. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\MaxFileSize",
493. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_c025e2d5_RASAPI32\\FileDirectory",
494. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
495. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
496. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
497. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
498. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
499. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
500. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
501. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
502. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msiserver\\Type",
503. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gupdate\\Type",
504. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
505. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Type",
506. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}",
507. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}\\PersistedPingString",
508. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{5237CFA8-7E64-4CA5-B3B6-947ECAEDD262}\\PersistedPingTime",
509. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\pv",
510. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\pv",
511. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState",
512. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue",
513. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000_CLASSES\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
514. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\proxy\\source",
515. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\RollCallDayStartSec",
516. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\DayOfLastRollCall",
517. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\ping_freshness",
518. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\(Default)",
519. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\hint",
520. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\cohort\\name",
521. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\LastCheckSuccess",
522. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
523. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ActivePingDayStartSec",
524. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\RollCallDayStartSec",
525. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastActivity",
526. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\DayOfLastRollCall",
527. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\ping_freshness",
528. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\(Default)",
529. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\hint",
530. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\cohort\\name",
531. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableCount",
532. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\UpdateAvailableSince",
533. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\LastChecked",
534. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\PersistedPings\\{8789A270-6461-4B27-AA47-830514BDA0FF}",
535. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{8789A270-6461-4B27-AA47-830514BDA0FF}\\PersistedPingString",
536. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\PersistedPings\\{8789A270-6461-4B27-AA47-830514BDA0FF}\\PersistedPingTime",
537. "HKEY_LOCAL_MACHINE\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState",
538. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadTimeRemainingMs",
539. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\DownloadProgressPercent",
540. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\CurrentState\\StateValue",
541. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Performance\\PerfMMFileName",
542. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG",
543. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK"
544. ]
545.  
546. [*] Deleted Registry Keys: [
547. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\uid",
548. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\old-uid",
549. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\tttoken",
550. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableCount",
551. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\UpdateAvailableSince",
552. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\dr",
553. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\tttoken"
554. ]
555.  
556. [*] DNS Communications: [
557. {
558. "type": "A",
559. "request": "checkip.amazonaws.com",
560. "answers": [
561. {
562. "data": "52.206.161.133",
563. "type": "A"
564. },
565. {
566. "data": "52.200.125.74",
567. "type": "A"
568. },
569. {
570. "data": "checkip.check-ip.aws.a2z.com",
571. "type": "CNAME"
572. },
573. {
574. "data": "52.6.79.229",
575. "type": "A"
576. },
577. {
578. "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
579. "type": "CNAME"
580. },
581. {
582. "data": "34.233.102.38",
583. "type": "A"
584. },
585. {
586. "data": "52.202.139.131",
587. "type": "A"
588. },
589. {
590. "data": "18.211.215.84",
591. "type": "A"
592. }
593. ]
594. }
595. ]
596.  
597. [*] Domains: [
598. {
599. "ip": "52.202.139.131",
600. "domain": "checkip.amazonaws.com"
601. }
602. ]
603.  
604. [*] Network Communication - ICMP: []
605.  
606. [*] Network Communication - HTTP: [
607. {
608. "count": 1,
609. "body": "",
610. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
611. "user-agent": "Microsoft-CryptoAPI/6.1",
612. "method": "GET",
613. "host": "ocsp.digicert.com",
614. "version": "1.1",
615. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
616. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
617. "port": 80
618. },
619. {
620. "count": 1,
621. "body": "",
622. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
623. "user-agent": "Microsoft-CryptoAPI/6.1",
624. "method": "GET",
625. "host": "ocsp.digicert.com",
626. "version": "1.1",
627. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
628. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
629. "port": 80
630. },
631. {
632. "count": 1,
633. "body": "",
634. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
635. "user-agent": "Microsoft-CryptoAPI/6.1",
636. "method": "GET",
637. "host": "ocsp.digicert.com",
638. "version": "1.1",
639. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
640. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
641. "port": 80
642. },
643. {
644. "count": 1,
645. "body": "",
646. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
647. "user-agent": "Microsoft-CryptoAPI/6.1",
648. "method": "GET",
649. "host": "ocsp.pki.goog",
650. "version": "1.1",
651. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
652. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
653. "port": 80
654. },
655. {
656. "count": 1,
657. "body": "",
658. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
659. "user-agent": "Microsoft-CryptoAPI/6.1",
660. "method": "GET",
661. "host": "ocsp.digicert.com",
662. "version": "1.1",
663. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
664. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
665. "port": 80
666. },
667. {
668. "count": 1,
669. "body": "",
670. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
671. "user-agent": "Microsoft-CryptoAPI/6.1",
672. "method": "GET",
673. "host": "crl.microsoft.com",
674. "version": "1.1",
675. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
676. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
677. "port": 80
678. },
679. {
680. "count": 1,
681. "body": "",
682. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
683. "user-agent": "Microsoft-CryptoAPI/6.1",
684. "method": "GET",
685. "host": "ocsp.comodoca.com",
686. "version": "1.1",
687. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
688. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
689. "port": 80
690. },
691. {
692. "count": 1,
693. "body": "",
694. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
695. "user-agent": "Microsoft-CryptoAPI/6.1",
696. "method": "GET",
697. "host": "ocsp.pki.goog",
698. "version": "1.1",
699. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
700. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
701. "port": 80
702. },
703. {
704. "count": 1,
705. "body": "",
706. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
707. "user-agent": "Microsoft-CryptoAPI/6.1",
708. "method": "GET",
709. "host": "ocsp.digicert.com",
710. "version": "1.1",
711. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
712. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
713. "port": 80
714. },
715. {
716. "count": 1,
717. "body": "",
718. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
719. "user-agent": "Microsoft-CryptoAPI/6.1",
720. "method": "GET",
721. "host": "www.download.windowsupdate.com",
722. "version": "1.1",
723. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
724. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
725. "port": 80
726. },
727. {
728. "count": 1,
729. "body": "",
730. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
731. "user-agent": "Microsoft-CryptoAPI/6.1",
732. "method": "GET",
733. "host": "crl.microsoft.com",
734. "version": "1.1",
735. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
736. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
737. "port": 80
738. },
739. {
740. "count": 1,
741. "body": "",
742. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
743. "user-agent": "Microsoft-CryptoAPI/6.1",
744. "method": "GET",
745. "host": "ocsp.digicert.com",
746. "version": "1.1",
747. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
748. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
749. "port": 80
750. },
751. {
752. "count": 1,
753. "body": "",
754. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
755. "user-agent": "Microsoft-CryptoAPI/6.1",
756. "method": "GET",
757. "host": "ocsp.digicert.com",
758. "version": "1.1",
759. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
760. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
761. "port": 80
762. },
763. {
764. "count": 1,
765. "body": "",
766. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
767. "user-agent": "Microsoft-CryptoAPI/6.1",
768. "method": "GET",
769. "host": "ocsp.digicert.com",
770. "version": "1.1",
771. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
772. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
773. "port": 80
774. },
775. {
776. "count": 1,
777. "body": "",
778. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
779. "user-agent": "Microsoft-CryptoAPI/6.1",
780. "method": "GET",
781. "host": "ocsp.pki.goog",
782. "version": "1.1",
783. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
784. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
785. "port": 80
786. },
787. {
788. "count": 1,
789. "body": "",
790. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
791. "user-agent": "Microsoft-CryptoAPI/6.1",
792. "method": "GET",
793. "host": "ocsp.pki.goog",
794. "version": "1.1",
795. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
796. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
797. "port": 80
798. },
799. {
800. "count": 1,
801. "body": "",
802. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
803. "user-agent": "Microsoft-CryptoAPI/6.1",
804. "method": "GET",
805. "host": "ocsp.digicert.com",
806. "version": "1.1",
807. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
808. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
809. "port": 80
810. },
811. {
812. "count": 1,
813. "body": "",
814. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
815. "user-agent": "Microsoft-CryptoAPI/6.1",
816. "method": "GET",
817. "host": "ocsp.pki.goog",
818. "version": "1.1",
819. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
820. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
821. "port": 80
822. },
823. {
824. "count": 1,
825. "body": "",
826. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
827. "user-agent": "Microsoft-CryptoAPI/6.1",
828. "method": "GET",
829. "host": "ocsp.msocsp.com",
830. "version": "1.1",
831. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
832. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
833. "port": 80
834. },
835. {
836. "count": 1,
837. "body": "",
838. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
839. "user-agent": "Microsoft-CryptoAPI/6.1",
840. "method": "GET",
841. "host": "ocsp.thawte.com",
842. "version": "1.1",
843. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
844. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
845. "port": 80
846. },
847. {
848. "count": 1,
849. "body": "",
850. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
851. "user-agent": "Microsoft-CryptoAPI/6.1",
852. "method": "GET",
853. "host": "ocsp.usertrust.com",
854. "version": "1.1",
855. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
856. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
857. "port": 80
858. },
859. {
860. "count": 1,
861. "body": "",
862. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
863. "user-agent": "Microsoft-CryptoAPI/6.1",
864. "method": "GET",
865. "host": "th.symcd.com",
866. "version": "1.1",
867. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
868. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
869. "port": 80
870. },
871. {
872. "count": 1,
873. "body": "",
874. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
875. "user-agent": "Microsoft-CryptoAPI/6.1",
876. "method": "GET",
877. "host": "ocsp.digicert.com",
878. "version": "1.1",
879. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
880. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
881. "port": 80
882. },
883. {
884. "count": 1,
885. "body": "",
886. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
887. "user-agent": "Microsoft-CryptoAPI/6.1",
888. "method": "GET",
889. "host": "ocsp.digicert.com",
890. "version": "1.1",
891. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
892. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
893. "port": 80
894. },
895. {
896. "count": 1,
897. "body": "",
898. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
899. "user-agent": "Microsoft-CryptoAPI/6.1",
900. "method": "GET",
901. "host": "ocsp.pki.goog",
902. "version": "1.1",
903. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
904. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
905. "port": 80
906. },
907. {
908. "count": 1,
909. "body": "",
910. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
911. "user-agent": "Microsoft-CryptoAPI/6.1",
912. "method": "GET",
913. "host": "crl.microsoft.com",
914. "version": "1.1",
915. "path": "/pki/crl/products/microsoftrootcert.crl",
916. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
917. "port": 80
918. },
919. {
920. "count": 2,
921. "body": "",
922. "uri": "http://checkip.amazonaws.com/",
923. "user-agent": "",
924. "method": "GET",
925. "host": "checkip.amazonaws.com",
926. "version": "1.1",
927. "path": "/",
928. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
929. "port": 80
930. },
931. {
932. "count": 2,
933. "body": "",
934. "uri": "http://checkip.amazonaws.com/",
935. "user-agent": "",
936. "method": "GET",
937. "host": "checkip.amazonaws.com",
938. "version": "1.1",
939. "path": "/",
940. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\n\r\n",
941. "port": 80
942. }
943. ]
944.  
945. [*] Network Communication - SMTP: []
946.  
947. [*] Network Communication - Hosts: []
948.  
949. [*] Network Communication - IRC: []
950.  
951. [*] Static Analysis: {
952. "dotnet": {
953. "customattrs": null,
954. "assemblyinfo": {
955. "version": "0.0.0.0",
956. "name": "QESQUOGQDYNGPLCGAZVYTMVIRLZITNITIVWIKAKH_20190603002917118"
957. },
958. "assemblyrefs": [
959. {
960. "version": "2.0.0.0",
961. "name": "mscorlib"
962. },
963. {
964. "version": "8.0.0.0",
965. "name": "Microsoft.VisualBasic"
966. },
967. {
968. "version": "2.0.0.0",
969. "name": "System.Drawing"
970. },
971. {
972. "version": "2.0.0.0",
973. "name": "System"
974. },
975. {
976. "version": "2.0.0.0",
977. "name": "System.Windows.Forms"
978. },
979. {
980. "version": "2.0.0.0",
981. "name": "System.Management"
982. },
983. {
984. "version": "2.0.0.0",
985. "name": "System.Security"
986. }
987. ],
988. "typerefs": [
989. {
990. "typename": "Microsoft.VisualBasic.AppWinStyle",
991. "assembly": "Microsoft.VisualBasic"
992. },
993. {
994. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
995. "assembly": "Microsoft.VisualBasic"
996. },
997. {
998. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
999. "assembly": "Microsoft.VisualBasic"
1000. },
1001. {
1002. "typename": "Microsoft.VisualBasic.CompareMethod",
1003. "assembly": "Microsoft.VisualBasic"
1004. },
1005. {
1006. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
1007. "assembly": "Microsoft.VisualBasic"
1008. },
1009. {
1010. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
1011. "assembly": "Microsoft.VisualBasic"
1012. },
1013. {
1014. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
1015. "assembly": "Microsoft.VisualBasic"
1016. },
1017. {
1018. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
1019. "assembly": "Microsoft.VisualBasic"
1020. },
1021. {
1022. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
1023. "assembly": "Microsoft.VisualBasic"
1024. },
1025. {
1026. "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
1027. "assembly": "Microsoft.VisualBasic"
1028. },
1029. {
1030. "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
1031. "assembly": "Microsoft.VisualBasic"
1032. },
1033. {
1034. "typename": "Microsoft.VisualBasic.Conversion",
1035. "assembly": "Microsoft.VisualBasic"
1036. },
1037. {
1038. "typename": "Microsoft.VisualBasic.Devices.Computer",
1039. "assembly": "Microsoft.VisualBasic"
1040. },
1041. {
1042. "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
1043. "assembly": "Microsoft.VisualBasic"
1044. },
1045. {
1046. "typename": "Microsoft.VisualBasic.Devices.Keyboard",
1047. "assembly": "Microsoft.VisualBasic"
1048. },
1049. {
1050. "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
1051. "assembly": "Microsoft.VisualBasic"
1052. },
1053. {
1054. "typename": "Microsoft.VisualBasic.FileAttribute",
1055. "assembly": "Microsoft.VisualBasic"
1056. },
1057. {
1058. "typename": "Microsoft.VisualBasic.FileSystem",
1059. "assembly": "Microsoft.VisualBasic"
1060. },
1061. {
1062. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
1063. "assembly": "Microsoft.VisualBasic"
1064. },
1065. {
1066. "typename": "Microsoft.VisualBasic.Information",
1067. "assembly": "Microsoft.VisualBasic"
1068. },
1069. {
1070. "typename": "Microsoft.VisualBasic.Interaction",
1071. "assembly": "Microsoft.VisualBasic"
1072. },
1073. {
1074. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
1075. "assembly": "Microsoft.VisualBasic"
1076. },
1077. {
1078. "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
1079. "assembly": "Microsoft.VisualBasic"
1080. },
1081. {
1082. "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
1083. "assembly": "Microsoft.VisualBasic"
1084. },
1085. {
1086. "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
1087. "assembly": "Microsoft.VisualBasic"
1088. },
1089. {
1090. "typename": "Microsoft.VisualBasic.OpenAccess",
1091. "assembly": "Microsoft.VisualBasic"
1092. },
1093. {
1094. "typename": "Microsoft.VisualBasic.OpenMode",
1095. "assembly": "Microsoft.VisualBasic"
1096. },
1097. {
1098. "typename": "Microsoft.VisualBasic.OpenShare",
1099. "assembly": "Microsoft.VisualBasic"
1100. },
1101. {
1102. "typename": "Microsoft.VisualBasic.Strings",
1103. "assembly": "Microsoft.VisualBasic"
1104. },
1105. {
1106. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
1107. "assembly": "System"
1108. },
1109. {
1110. "typename": "System.ComponentModel.DefaultValueAttribute",
1111. "assembly": "System"
1112. },
1113. {
1114. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
1115. "assembly": "System"
1116. },
1117. {
1118. "typename": "System.ComponentModel.EditorBrowsableAttribute",
1119. "assembly": "System"
1120. },
1121. {
1122. "typename": "System.ComponentModel.EditorBrowsableState",
1123. "assembly": "System"
1124. },
1125. {
1126. "typename": "System.Diagnostics.FileVersionInfo",
1127. "assembly": "System"
1128. },
1129. {
1130. "typename": "System.Diagnostics.Process",
1131. "assembly": "System"
1132. },
1133. {
1134. "typename": "System.Diagnostics.ProcessModule",
1135. "assembly": "System"
1136. },
1137. {
1138. "typename": "System.Diagnostics.ProcessStartInfo",
1139. "assembly": "System"
1140. },
1141. {
1142. "typename": "System.Diagnostics.ProcessWindowStyle",
1143. "assembly": "System"
1144. },
1145. {
1146. "typename": "System.Net.CredentialCache",
1147. "assembly": "System"
1148. },
1149. {
1150. "typename": "System.Net.FtpWebRequest",
1151. "assembly": "System"
1152. },
1153. {
1154. "typename": "System.Net.HttpWebRequest",
1155. "assembly": "System"
1156. },
1157. {
1158. "typename": "System.Net.ICredentials",
1159. "assembly": "System"
1160. },
1161. {
1162. "typename": "System.Net.ICredentialsByHost",
1163. "assembly": "System"
1164. },
1165. {
1166. "typename": "System.Net.Mail.Attachment",
1167. "assembly": "System"
1168. },
1169. {
1170. "typename": "System.Net.Mail.AttachmentCollection",
1171. "assembly": "System"
1172. },
1173. {
1174. "typename": "System.Net.Mail.MailAddress",
1175. "assembly": "System"
1176. },
1177. {
1178. "typename": "System.Net.Mail.MailMessage",
1179. "assembly": "System"
1180. },
1181. {
1182. "typename": "System.Net.Mail.SmtpClient",
1183. "assembly": "System"
1184. },
1185. {
1186. "typename": "System.Net.NetworkCredential",
1187. "assembly": "System"
1188. },
1189. {
1190. "typename": "System.Net.WebClient",
1191. "assembly": "System"
1192. },
1193. {
1194. "typename": "System.Net.WebRequest",
1195. "assembly": "System"
1196. },
1197. {
1198. "typename": "System.Net.WebResponse",
1199. "assembly": "System"
1200. },
1201. {
1202. "typename": "System.Text.RegularExpressions.Capture",
1203. "assembly": "System"
1204. },
1205. {
1206. "typename": "System.Text.RegularExpressions.Group",
1207. "assembly": "System"
1208. },
1209. {
1210. "typename": "System.Text.RegularExpressions.GroupCollection",
1211. "assembly": "System"
1212. },
1213. {
1214. "typename": "System.Text.RegularExpressions.Match",
1215. "assembly": "System"
1216. },
1217. {
1218. "typename": "System.Text.RegularExpressions.MatchCollection",
1219. "assembly": "System"
1220. },
1221. {
1222. "typename": "System.Text.RegularExpressions.Regex",
1223. "assembly": "System"
1224. },
1225. {
1226. "typename": "System.Timers.ElapsedEventArgs",
1227. "assembly": "System"
1228. },
1229. {
1230. "typename": "System.Timers.ElapsedEventHandler",
1231. "assembly": "System"
1232. },
1233. {
1234. "typename": "System.Timers.Timer",
1235. "assembly": "System"
1236. },
1237. {
1238. "typename": "System.Uri",
1239. "assembly": "System"
1240. },
1241. {
1242. "typename": "System.Drawing.Bitmap",
1243. "assembly": "System.Drawing"
1244. },
1245. {
1246. "typename": "System.Drawing.Graphics",
1247. "assembly": "System.Drawing"
1248. },
1249. {
1250. "typename": "System.Drawing.Image",
1251. "assembly": "System.Drawing"
1252. },
1253. {
1254. "typename": "System.Drawing.Imaging.Encoder",
1255. "assembly": "System.Drawing"
1256. },
1257. {
1258. "typename": "System.Drawing.Imaging.EncoderParameter",
1259. "assembly": "System.Drawing"
1260. },
1261. {
1262. "typename": "System.Drawing.Imaging.EncoderParameters",
1263. "assembly": "System.Drawing"
1264. },
1265. {
1266. "typename": "System.Drawing.Imaging.ImageCodecInfo",
1267. "assembly": "System.Drawing"
1268. },
1269. {
1270. "typename": "System.Drawing.Imaging.ImageFormat",
1271. "assembly": "System.Drawing"
1272. },
1273. {
1274. "typename": "System.Drawing.Point",
1275. "assembly": "System.Drawing"
1276. },
1277. {
1278. "typename": "System.Drawing.Rectangle",
1279. "assembly": "System.Drawing"
1280. },
1281. {
1282. "typename": "System.Drawing.Size",
1283. "assembly": "System.Drawing"
1284. },
1285. {
1286. "typename": "System.Management.ManagementBaseObject",
1287. "assembly": "System.Management"
1288. },
1289. {
1290. "typename": "System.Management.ManagementClass",
1291. "assembly": "System.Management"
1292. },
1293. {
1294. "typename": "System.Management.ManagementObject",
1295. "assembly": "System.Management"
1296. },
1297. {
1298. "typename": "System.Management.ManagementObjectCollection",
1299. "assembly": "System.Management"
1300. },
1301. {
1302. "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
1303. "assembly": "System.Management"
1304. },
1305. {
1306. "typename": "System.Management.ManagementObjectSearcher",
1307. "assembly": "System.Management"
1308. },
1309. {
1310. "typename": "System.Management.PropertyData",
1311. "assembly": "System.Management"
1312. },
1313. {
1314. "typename": "System.Management.PropertyDataCollection",
1315. "assembly": "System.Management"
1316. },
1317. {
1318. "typename": "System.Security.Cryptography.DataProtectionScope",
1319. "assembly": "System.Security"
1320. },
1321. {
1322. "typename": "System.Security.Cryptography.ProtectedData",
1323. "assembly": "System.Security"
1324. },
1325. {
1326. "typename": "System.Windows.Forms.Application",
1327. "assembly": "System.Windows.Forms"
1328. },
1329. {
1330. "typename": "System.Windows.Forms.CreateParams",
1331. "assembly": "System.Windows.Forms"
1332. },
1333. {
1334. "typename": "System.Windows.Forms.Keys",
1335. "assembly": "System.Windows.Forms"
1336. },
1337. {
1338. "typename": "System.Windows.Forms.Message",
1339. "assembly": "System.Windows.Forms"
1340. },
1341. {
1342. "typename": "System.Windows.Forms.MouseButtons",
1343. "assembly": "System.Windows.Forms"
1344. },
1345. {
1346. "typename": "System.Windows.Forms.NativeWindow",
1347. "assembly": "System.Windows.Forms"
1348. },
1349. {
1350. "typename": "System.Windows.Forms.Screen",
1351. "assembly": "System.Windows.Forms"
1352. },
1353. {
1354. "typename": "System.Windows.Forms.SystemInformation",
1355. "assembly": "System.Windows.Forms"
1356. },
1357. {
1358. "typename": "Microsoft.Win32.Registry",
1359. "assembly": "mscorlib"
1360. },
1361. {
1362. "typename": "Microsoft.Win32.RegistryKey",
1363. "assembly": "mscorlib"
1364. },
1365. {
1366. "typename": "Microsoft.Win32.RegistryValueKind",
1367. "assembly": "mscorlib"
1368. },
1369. {
1370. "typename": "System.Activator",
1371. "assembly": "mscorlib"
1372. },
1373. {
1374. "typename": "System.ArgumentOutOfRangeException",
1375. "assembly": "mscorlib"
1376. },
1377. {
1378. "typename": "System.Array",
1379. "assembly": "mscorlib"
1380. },
1381. {
1382. "typename": "System.AsyncCallback",
1383. "assembly": "mscorlib"
1384. },
1385. {
1386. "typename": "System.BitConverter",
1387. "assembly": "mscorlib"
1388. },
1389. {
1390. "typename": "System.Boolean",
1391. "assembly": "mscorlib"
1392. },
1393. {
1394. "typename": "System.Buffer",
1395. "assembly": "mscorlib"
1396. },
1397. {
1398. "typename": "System.Byte",
1399. "assembly": "mscorlib"
1400. },
1401. {
1402. "typename": "System.Char",
1403. "assembly": "mscorlib"
1404. },
1405. {
1406. "typename": "System.Collections.Generic.Dictionary`2",
1407. "assembly": "mscorlib"
1408. },
1409. {
1410. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
1411. "assembly": "mscorlib"
1412. },
1413. {
1414. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
1415. "assembly": "mscorlib"
1416. },
1417. {
1418. "typename": "System.Collections.Generic.IEnumerable`1",
1419. "assembly": "mscorlib"
1420. },
1421. {
1422. "typename": "System.Collections.Generic.KeyValuePair`2",
1423. "assembly": "mscorlib"
1424. },
1425. {
1426. "typename": "System.Collections.Generic.List`1",
1427. "assembly": "mscorlib"
1428. },
1429. {
1430. "typename": "System.Collections.Generic.List`1/Enumerator",
1431. "assembly": "mscorlib"
1432. },
1433. {
1434. "typename": "System.Collections.IEnumerable",
1435. "assembly": "mscorlib"
1436. },
1437. {
1438. "typename": "System.Collections.IEnumerator",
1439. "assembly": "mscorlib"
1440. },
1441. {
1442. "typename": "System.Collections.ObjectModel.Collection`1",
1443. "assembly": "mscorlib"
1444. },
1445. {
1446. "typename": "System.Convert",
1447. "assembly": "mscorlib"
1448. },
1449. {
1450. "typename": "System.DateTime",
1451. "assembly": "mscorlib"
1452. },
1453. {
1454. "typename": "System.Decimal",
1455. "assembly": "mscorlib"
1456. },
1457. {
1458. "typename": "System.Delegate",
1459. "assembly": "mscorlib"
1460. },
1461. {
1462. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
1463. "assembly": "mscorlib"
1464. },
1465. {
1466. "typename": "System.Double",
1467. "assembly": "mscorlib"
1468. },
1469. {
1470. "typename": "System.Enum",
1471. "assembly": "mscorlib"
1472. },
1473. {
1474. "typename": "System.Environment",
1475. "assembly": "mscorlib"
1476. },
1477. {
1478. "typename": "System.Environment/SpecialFolder",
1479. "assembly": "mscorlib"
1480. },
1481. {
1482. "typename": "System.Exception",
1483. "assembly": "mscorlib"
1484. },
1485. {
1486. "typename": "System.FlagsAttribute",
1487. "assembly": "mscorlib"
1488. },
1489. {
1490. "typename": "System.Globalization.CultureInfo",
1491. "assembly": "mscorlib"
1492. },
1493. {
1494. "typename": "System.Globalization.NumberStyles",
1495. "assembly": "mscorlib"
1496. },
1497. {
1498. "typename": "System.Guid",
1499. "assembly": "mscorlib"
1500. },
1501. {
1502. "typename": "System.IAsyncResult",
1503. "assembly": "mscorlib"
1504. },
1505. {
1506. "typename": "System.IDisposable",
1507. "assembly": "mscorlib"
1508. },
1509. {
1510. "typename": "System.IFormatProvider",
1511. "assembly": "mscorlib"
1512. },
1513. {
1514. "typename": "System.IO.BinaryReader",
1515. "assembly": "mscorlib"
1516. },
1517. {
1518. "typename": "System.IO.Directory",
1519. "assembly": "mscorlib"
1520. },
1521. {
1522. "typename": "System.IO.DirectoryInfo",
1523. "assembly": "mscorlib"
1524. },
1525. {
1526. "typename": "System.IO.DriveInfo",
1527. "assembly": "mscorlib"
1528. },
1529. {
1530. "typename": "System.IO.DriveType",
1531. "assembly": "mscorlib"
1532. },
1533. {
1534. "typename": "System.IO.File",
1535. "assembly": "mscorlib"
1536. },
1537. {
1538. "typename": "System.IO.FileAttributes",
1539. "assembly": "mscorlib"
1540. },
1541. {
1542. "typename": "System.IO.FileInfo",
1543. "assembly": "mscorlib"
1544. },
1545. {
1546. "typename": "System.IO.FileMode",
1547. "assembly": "mscorlib"
1548. },
1549. {
1550. "typename": "System.IO.FileStream",
1551. "assembly": "mscorlib"
1552. },
1553. {
1554. "typename": "System.IO.FileSystemInfo",
1555. "assembly": "mscorlib"
1556. },
1557. {
1558. "typename": "System.IO.MemoryStream",
1559. "assembly": "mscorlib"
1560. },
1561. {
1562. "typename": "System.IO.Path",
1563. "assembly": "mscorlib"
1564. },
1565. {
1566. "typename": "System.IO.SearchOption",
1567. "assembly": "mscorlib"
1568. },
1569. {
1570. "typename": "System.IO.Stream",
1571. "assembly": "mscorlib"
1572. },
1573. {
1574. "typename": "System.IO.StreamReader",
1575. "assembly": "mscorlib"
1576. },
1577. {
1578. "typename": "System.Int16",
1579. "assembly": "mscorlib"
1580. },
1581. {
1582. "typename": "System.Int32",
1583. "assembly": "mscorlib"
1584. },
1585. {
1586. "typename": "System.Int64",
1587. "assembly": "mscorlib"
1588. },
1589. {
1590. "typename": "System.IntPtr",
1591. "assembly": "mscorlib"
1592. },
1593. {
1594. "typename": "System.Math",
1595. "assembly": "mscorlib"
1596. },
1597. {
1598. "typename": "System.MulticastDelegate",
1599. "assembly": "mscorlib"
1600. },
1601. {
1602. "typename": "System.Object",
1603. "assembly": "mscorlib"
1604. },
1605. {
1606. "typename": "System.OperatingSystem",
1607. "assembly": "mscorlib"
1608. },
1609. {
1610. "typename": "System.Random",
1611. "assembly": "mscorlib"
1612. },
1613. {
1614. "typename": "System.Reflection.Assembly",
1615. "assembly": "mscorlib"
1616. },
1617. {
1618. "typename": "System.Reflection.FieldInfo",
1619. "assembly": "mscorlib"
1620. },
1621. {
1622. "typename": "System.Reflection.MethodBase",
1623. "assembly": "mscorlib"
1624. },
1625. {
1626. "typename": "System.Reflection.MethodInfo",
1627. "assembly": "mscorlib"
1628. },
1629. {
1630. "typename": "System.Reflection.Module",
1631. "assembly": "mscorlib"
1632. },
1633. {
1634. "typename": "System.Resources.ResourceManager",
1635. "assembly": "mscorlib"
1636. },
1637. {
1638. "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
1639. "assembly": "mscorlib"
1640. },
1641. {
1642. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
1643. "assembly": "mscorlib"
1644. },
1645. {
1646. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
1647. "assembly": "mscorlib"
1648. },
1649. {
1650. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
1651. "assembly": "mscorlib"
1652. },
1653. {
1654. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
1655. "assembly": "mscorlib"
1656. },
1657. {
1658. "typename": "System.Runtime.ConstrainedExecution.Cer",
1659. "assembly": "mscorlib"
1660. },
1661. {
1662. "typename": "System.Runtime.ConstrainedExecution.Consistency",
1663. "assembly": "mscorlib"
1664. },
1665. {
1666. "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
1667. "assembly": "mscorlib"
1668. },
1669. {
1670. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
1671. "assembly": "mscorlib"
1672. },
1673. {
1674. "typename": "System.Runtime.InteropServices.Marshal",
1675. "assembly": "mscorlib"
1676. },
1677. {
1678. "typename": "System.Runtime.InteropServices.SafeHandle",
1679. "assembly": "mscorlib"
1680. },
1681. {
1682. "typename": "System.RuntimeFieldHandle",
1683. "assembly": "mscorlib"
1684. },
1685. {
1686. "typename": "System.RuntimeTypeHandle",
1687. "assembly": "mscorlib"
1688. },
1689. {
1690. "typename": "System.STAThreadAttribute",
1691. "assembly": "mscorlib"
1692. },
1693. {
1694. "typename": "System.Security.AccessControl.AceFlags",
1695. "assembly": "mscorlib"
1696. },
1697. {
1698. "typename": "System.Security.AccessControl.AceQualifier",
1699. "assembly": "mscorlib"
1700. },
1701. {
1702. "typename": "System.Security.AccessControl.CommonAce",
1703. "assembly": "mscorlib"
1704. },
1705. {
1706. "typename": "System.Security.AccessControl.GenericAce",
1707. "assembly": "mscorlib"
1708. },
1709. {
1710. "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
1711. "assembly": "mscorlib"
1712. },
1713. {
1714. "typename": "System.Security.AccessControl.RawAcl",
1715. "assembly": "mscorlib"
1716. },
1717. {
1718. "typename": "System.Security.AccessControl.RawSecurityDescriptor",
1719. "assembly": "mscorlib"
1720. },
1721. {
1722. "typename": "System.Security.Cryptography.CipherMode",
1723. "assembly": "mscorlib"
1724. },
1725. {
1726. "typename": "System.Security.Cryptography.HMACSHA1",
1727. "assembly": "mscorlib"
1728. },
1729. {
1730. "typename": "System.Security.Cryptography.HashAlgorithm",
1731. "assembly": "mscorlib"
1732. },
1733. {
1734. "typename": "System.Security.Cryptography.ICryptoTransform",
1735. "assembly": "mscorlib"
1736. },
1737. {
1738. "typename": "System.Security.Cryptography.MD5",
1739. "assembly": "mscorlib"
1740. },
1741. {
1742. "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
1743. "assembly": "mscorlib"
1744. },
1745. {
1746. "typename": "System.Security.Cryptography.PaddingMode",
1747. "assembly": "mscorlib"
1748. },
1749. {
1750. "typename": "System.Security.Cryptography.Rijndael",
1751. "assembly": "mscorlib"
1752. },
1753. {
1754. "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
1755. "assembly": "mscorlib"
1756. },
1757. {
1758. "typename": "System.Security.Cryptography.SymmetricAlgorithm",
1759. "assembly": "mscorlib"
1760. },
1761. {
1762. "typename": "System.Security.Cryptography.TripleDES",
1763. "assembly": "mscorlib"
1764. },
1765. {
1766. "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
1767. "assembly": "mscorlib"
1768. },
1769. {
1770. "typename": "System.Security.Principal.SecurityIdentifier",
1771. "assembly": "mscorlib"
1772. },
1773. {
1774. "typename": "System.Security.Principal.WellKnownSidType",
1775. "assembly": "mscorlib"
1776. },
1777. {
1778. "typename": "System.Security.Principal.WindowsBuiltInRole",
1779. "assembly": "mscorlib"
1780. },
1781. {
1782. "typename": "System.Security.Principal.WindowsIdentity",
1783. "assembly": "mscorlib"
1784. },
1785. {
1786. "typename": "System.Security.Principal.WindowsPrincipal",
1787. "assembly": "mscorlib"
1788. },
1789. {
1790. "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
1791. "assembly": "mscorlib"
1792. },
1793. {
1794. "typename": "System.String",
1795. "assembly": "mscorlib"
1796. },
1797. {
1798. "typename": "System.StringComparison",
1799. "assembly": "mscorlib"
1800. },
1801. {
1802. "typename": "System.Text.Decoder",
1803. "assembly": "mscorlib"
1804. },
1805. {
1806. "typename": "System.Text.Encoding",
1807. "assembly": "mscorlib"
1808. },
1809. {
1810. "typename": "System.Text.StringBuilder",
1811. "assembly": "mscorlib"
1812. },
1813. {
1814. "typename": "System.Text.UTF8Encoding",
1815. "assembly": "mscorlib"
1816. },
1817. {
1818. "typename": "System.ThreadStaticAttribute",
1819. "assembly": "mscorlib"
1820. },
1821. {
1822. "typename": "System.Threading.Monitor",
1823. "assembly": "mscorlib"
1824. },
1825. {
1826. "typename": "System.Threading.Mutex",
1827. "assembly": "mscorlib"
1828. },
1829. {
1830. "typename": "System.Threading.Thread",
1831. "assembly": "mscorlib"
1832. },
1833. {
1834. "typename": "System.Threading.ThreadStart",
1835. "assembly": "mscorlib"
1836. },
1837. {
1838. "typename": "System.Type",
1839. "assembly": "mscorlib"
1840. },
1841. {
1842. "typename": "System.UInt32",
1843. "assembly": "mscorlib"
1844. },
1845. {
1846. "typename": "System.UInt64",
1847. "assembly": "mscorlib"
1848. },
1849. {
1850. "typename": "System.ValueType",
1851. "assembly": "mscorlib"
1852. },
1853. {
1854. "typename": "System.Version",
1855. "assembly": "mscorlib"
1856. }
1857. ]
1858. },
1859. "pe": {
1860. "peid_signatures": null,
1861. "imports": [
1862. {
1863. "imports": [
1864. {
1865. "name": "_CorExeMain",
1866. "address": "0x402000"
1867. }
1868. ],
1869. "dll": "mscoree.dll"
1870. }
1871. ],
1872. "digital_signers": null,
1873. "exported_dll_name": null,
1874. "actual_checksum": "0x00046b89",
1875. "overlay": null,
1876. "imagebase": "0x00400000",
1877. "reported_checksum": "0x00000000",
1878. "icon_hash": null,
1879. "entrypoint": "0x0044640e",
1880. "timestamp": "2019-06-02 21:29:17",
1881. "osversion": "4.0",
1882. "sections": [
1883. {
1884. "name": ".text",
1885. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1886. "virtual_address": "0x00002000",
1887. "size_of_data": "0x00044600",
1888. "entropy": "6.60",
1889. "raw_address": "0x00000200",
1890. "virtual_size": "0x00044414",
1891. "characteristics_raw": "0x60000020"
1892. },
1893. {
1894. "name": ".rsrc",
1895. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1896. "virtual_address": "0x00048000",
1897. "size_of_data": "0x00000400",
1898. "entropy": "2.95",
1899. "raw_address": "0x00044800",
1900. "virtual_size": "0x00000370",
1901. "characteristics_raw": "0x40000040"
1902. },
1903. {
1904. "name": ".reloc",
1905. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1906. "virtual_address": "0x0004a000",
1907. "size_of_data": "0x00000200",
1908. "entropy": "0.10",
1909. "raw_address": "0x00044c00",
1910. "virtual_size": "0x0000000c",
1911. "characteristics_raw": "0x42000040"
1912. }
1913. ],
1914. "resources": [],
1915. "dirents": [
1916. {
1917. "virtual_address": "0x00000000",
1918. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1919. "size": "0x00000000"
1920. },
1921. {
1922. "virtual_address": "0x000463bc",
1923. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1924. "size": "0x0000004f"
1925. },
1926. {
1927. "virtual_address": "0x00048000",
1928. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1929. "size": "0x00000370"
1930. },
1931. {
1932. "virtual_address": "0x00000000",
1933. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1934. "size": "0x00000000"
1935. },
1936. {
1937. "virtual_address": "0x00000000",
1938. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1939. "size": "0x00000000"
1940. },
1941. {
1942. "virtual_address": "0x0004a000",
1943. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1944. "size": "0x0000000c"
1945. },
1946. {
1947. "virtual_address": "0x00000000",
1948. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1949. "size": "0x00000000"
1950. },
1951. {
1952. "virtual_address": "0x00000000",
1953. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1954. "size": "0x00000000"
1955. },
1956. {
1957. "virtual_address": "0x00000000",
1958. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1959. "size": "0x00000000"
1960. },
1961. {
1962. "virtual_address": "0x00000000",
1963. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1964. "size": "0x00000000"
1965. },
1966. {
1967. "virtual_address": "0x00000000",
1968. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1969. "size": "0x00000000"
1970. },
1971. {
1972. "virtual_address": "0x00000000",
1973. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1974. "size": "0x00000000"
1975. },
1976. {
1977. "virtual_address": "0x00002000",
1978. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1979. "size": "0x00000008"
1980. },
1981. {
1982. "virtual_address": "0x00000000",
1983. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1984. "size": "0x00000000"
1985. },
1986. {
1987. "virtual_address": "0x00002008",
1988. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1989. "size": "0x00000048"
1990. },
1991. {
1992. "virtual_address": "0x00000000",
1993. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1994. "size": "0x00000000"
1995. }
1996. ],
1997. "exports": [],
1998. "guest_signers": {},
1999. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
2000. "icon_fuzzy": null,
2001. "icon": null,
2002. "pdbpath": null,
2003. "imported_dll_count": 1,
2004. "versioninfo": []
2005. }
2006. }
2007.  
2008. [*] Resolved APIs: [
2009. "advapi32.dll.RegOpenKeyExW",
2010. "advapi32.dll.RegQueryInfoKeyW",
2011. "advapi32.dll.RegEnumKeyExW",
2012. "advapi32.dll.RegEnumValueW",
2013. "advapi32.dll.RegCloseKey",
2014. "advapi32.dll.RegQueryValueExW",
2015. "kernel32.dll.QueryActCtxW",
2016. "shlwapi.dll.UrlIsW",
2017. "kernel32.dll.FlsAlloc",
2018. "kernel32.dll.FlsGetValue",
2019. "kernel32.dll.FlsSetValue",
2020. "kernel32.dll.FlsFree",
2021. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2022. "kernel32.dll.IsProcessorFeaturePresent",
2023. "msvcrt.dll._set_error_mode",
2024. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2025. "kernel32.dll.FindActCtxSectionStringW",
2026. "kernel32.dll.GetSystemWindowsDirectoryW",
2027. "mscoree.dll.GetProcessExecutableHeap",
2028. "mscorwks.dll._CorExeMain",
2029. "mscorwks.dll.GetCLRFunction",
2030. "advapi32.dll.RegisterTraceGuidsW",
2031. "advapi32.dll.UnregisterTraceGuids",
2032. "advapi32.dll.GetTraceLoggerHandle",
2033. "advapi32.dll.GetTraceEnableLevel",
2034. "advapi32.dll.GetTraceEnableFlags",
2035. "advapi32.dll.TraceEvent",
2036. "mscoree.dll.IEE",
2037. "mscorwks.dll.IEE",
2038. "mscoree.dll.GetStartupFlags",
2039. "mscoree.dll.GetHostConfigurationFile",
2040. "mscoree.dll.GetCORSystemDirectory",
2041. "ntdll.dll.RtlUnwind",
2042. "kernel32.dll.IsWow64Process",
2043. "advapi32.dll.AllocateAndInitializeSid",
2044. "advapi32.dll.OpenProcessToken",
2045. "advapi32.dll.GetTokenInformation",
2046. "advapi32.dll.InitializeAcl",
2047. "advapi32.dll.AddAccessAllowedAce",
2048. "advapi32.dll.FreeSid",
2049. "kernel32.dll.SetThreadStackGuarantee",
2050. "kernel32.dll.AddVectoredContinueHandler",
2051. "kernel32.dll.RemoveVectoredContinueHandler",
2052. "advapi32.dll.ConvertSidToStringSidW",
2053. "shell32.dll.SHGetFolderPathW",
2054. "kernel32.dll.FlushProcessWriteBuffers",
2055. "kernel32.dll.GetWriteWatch",
2056. "kernel32.dll.ResetWriteWatch",
2057. "kernel32.dll.CreateMemoryResourceNotification",
2058. "kernel32.dll.QueryMemoryResourceNotification",
2059. "ole32.dll.CoInitializeEx",
2060. "cryptbase.dll.SystemFunction036",
2061. "uxtheme.dll.ThemeInitApiHook",
2062. "user32.dll.IsProcessDPIAware",
2063. "ole32.dll.CoGetContextToken",
2064. "kernel32.dll.GetVersionExW",
2065. "kernel32.dll.GetFullPathNameW",
2066. "advapi32.dll.CryptAcquireContextA",
2067. "advapi32.dll.CryptReleaseContext",
2068. "advapi32.dll.CryptCreateHash",
2069. "advapi32.dll.CryptDestroyHash",
2070. "advapi32.dll.CryptHashData",
2071. "advapi32.dll.CryptGetHashParam",
2072. "advapi32.dll.CryptImportKey",
2073. "advapi32.dll.CryptExportKey",
2074. "advapi32.dll.CryptGenKey",
2075. "advapi32.dll.CryptGetKeyParam",
2076. "advapi32.dll.CryptDestroyKey",
2077. "advapi32.dll.CryptVerifySignatureA",
2078. "advapi32.dll.CryptSignHashA",
2079. "advapi32.dll.CryptGetProvParam",
2080. "advapi32.dll.CryptGetUserKey",
2081. "advapi32.dll.CryptEnumProvidersA",
2082. "mscoree.dll.GetMetaDataInternalInterface",
2083. "mscorwks.dll.GetMetaDataInternalInterface",
2084. "mscorjit.dll.getJit",
2085. "kernel32.dll.lstrlen",
2086. "kernel32.dll.lstrlenW",
2087. "kernel32.dll.GetUserDefaultUILanguage",
2088. "kernel32.dll.SetErrorMode",
2089. "kernel32.dll.GetFileAttributesExW",
2090. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
2091. "kernel32.dll.GetEnvironmentVariableW",
2092. "cryptsp.dll.CryptAcquireContextW",
2093. "cryptsp.dll.CryptCreateHash",
2094. "ole32.dll.CreateBindCtx",
2095. "ole32.dll.CoGetObjectContext",
2096. "sechost.dll.LookupAccountNameLocalW",
2097. "advapi32.dll.LookupAccountSidW",
2098. "sechost.dll.LookupAccountSidLocalW",
2099. "cryptsp.dll.CryptGenRandom",
2100. "ole32.dll.NdrOleInitializeExtension",
2101. "ole32.dll.CoGetClassObject",
2102. "ole32.dll.CoGetMarshalSizeMax",
2103. "ole32.dll.CoMarshalInterface",
2104. "ole32.dll.CoUnmarshalInterface",
2105. "ole32.dll.StringFromIID",
2106. "ole32.dll.CoGetPSClsid",
2107. "ole32.dll.CoTaskMemAlloc",
2108. "ole32.dll.CoTaskMemFree",
2109. "ole32.dll.CoCreateInstance",
2110. "ole32.dll.CoReleaseMarshalData",
2111. "ole32.dll.DcomChannelSetHResult",
2112. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2113. "ole32.dll.MkParseDisplayName",
2114. "oleaut32.dll.#2",
2115. "oleaut32.dll.#6",
2116. "kernel32.dll.GetThreadPreferredUILanguages",
2117. "kernel32.dll.SetThreadPreferredUILanguages",
2118. "kernel32.dll.LocaleNameToLCID",
2119. "kernel32.dll.GetLocaleInfoEx",
2120. "kernel32.dll.LCIDToLocaleName",
2121. "kernel32.dll.GetSystemDefaultLocaleName",
2122. "ole32.dll.BindMoniker",
2123. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
2124. "advapi32.dll.RegOpenKeyW",
2125. "advapi32.dll.RegEnumKeyW",
2126. "advapi32.dll.RegQueryValueW",
2127. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
2128. "sxs.dll.SxsLookupClrGuid",
2129. "kernel32.dll.ReleaseActCtx",
2130. "oleaut32.dll.#9",
2131. "oleaut32.dll.#4",
2132. "oleaut32.dll.#283",
2133. "oleaut32.dll.#284",
2134. "mscoree.dll.GetTokenForVTableEntry",
2135. "mscoree.dll.SetTargetForVTableEntry",
2136. "mscoree.dll.GetTargetForVTableEntry",
2137. "kernel32.dll.GetLastError",
2138. "kernel32.dll.LocalAlloc",
2139. "oleaut32.dll.VariantInit",
2140. "oleaut32.dll.VariantClear",
2141. "oleaut32.dll.#7",
2142. "kernel32.dll.CreateEventW",
2143. "kernel32.dll.CloseHandle",
2144. "kernel32.dll.SwitchToThread",
2145. "kernel32.dll.SetEvent",
2146. "ole32.dll.CoWaitForMultipleHandles",
2147. "ole32.dll.IIDFromString",
2148. "kernel32.dll.LoadLibraryA",
2149. "kernel32.dll.GetProcAddress",
2150. "wminet_utils.dll.ResetSecurity",
2151. "wminet_utils.dll.SetSecurity",
2152. "wminet_utils.dll.BlessIWbemServices",
2153. "wminet_utils.dll.BlessIWbemServicesObject",
2154. "wminet_utils.dll.GetPropertyHandle",
2155. "wminet_utils.dll.WritePropertyValue",
2156. "wminet_utils.dll.Clone",
2157. "wminet_utils.dll.VerifyClientKey",
2158. "wminet_utils.dll.GetQualifierSet",
2159. "wminet_utils.dll.Get",
2160. "wminet_utils.dll.Put",
2161. "wminet_utils.dll.Delete",
2162. "wminet_utils.dll.GetNames",
2163. "wminet_utils.dll.BeginEnumeration",
2164. "wminet_utils.dll.Next",
2165. "wminet_utils.dll.EndEnumeration",
2166. "wminet_utils.dll.GetPropertyQualifierSet",
2167. "wminet_utils.dll.GetObjectText",
2168. "wminet_utils.dll.SpawnDerivedClass",
2169. "wminet_utils.dll.SpawnInstance",
2170. "wminet_utils.dll.CompareTo",
2171. "wminet_utils.dll.GetPropertyOrigin",
2172. "wminet_utils.dll.InheritsFrom",
2173. "wminet_utils.dll.GetMethod",
2174. "wminet_utils.dll.PutMethod",
2175. "wminet_utils.dll.DeleteMethod",
2176. "wminet_utils.dll.BeginMethodEnumeration",
2177. "wminet_utils.dll.NextMethod",
2178. "wminet_utils.dll.EndMethodEnumeration",
2179. "wminet_utils.dll.GetMethodQualifierSet",
2180. "wminet_utils.dll.GetMethodOrigin",
2181. "wminet_utils.dll.QualifierSet_Get",
2182. "wminet_utils.dll.QualifierSet_Put",
2183. "wminet_utils.dll.QualifierSet_Delete",
2184. "wminet_utils.dll.QualifierSet_GetNames",
2185. "wminet_utils.dll.QualifierSet_BeginEnumeration",
2186. "wminet_utils.dll.QualifierSet_Next",
2187. "wminet_utils.dll.QualifierSet_EndEnumeration",
2188. "wminet_utils.dll.GetCurrentApartmentType",
2189. "wminet_utils.dll.GetDemultiplexedStub",
2190. "wminet_utils.dll.CreateInstanceEnumWmi",
2191. "wminet_utils.dll.CreateClassEnumWmi",
2192. "wminet_utils.dll.ExecQueryWmi",
2193. "wminet_utils.dll.ExecNotificationQueryWmi",
2194. "wminet_utils.dll.PutInstanceWmi",
2195. "wminet_utils.dll.PutClassWmi",
2196. "wminet_utils.dll.CloneEnumWbemClassObject",
2197. "wminet_utils.dll.ConnectServerWmi",
2198. "ole32.dll.CoUninitialize",
2199. "oleaut32.dll.#500",
2200. "oleaut32.dll.SysStringLen",
2201. "kernel32.dll.RtlZeroMemory",
2202. "kernel32.dll.RegOpenKeyExW",
2203. "advapi32.dll.GetUserNameW",
2204. "kernel32.dll.GetComputerNameW",
2205. "kernel32.dll.GetModuleHandleW",
2206. "user32.dll.DefWindowProcW",
2207. "gdi32.dll.GetStockObject",
2208. "user32.dll.RegisterClassW",
2209. "user32.dll.CreateWindowExW",
2210. "user32.dll.SetWindowLongW",
2211. "user32.dll.GetWindowLongW",
2212. "kernel32.dll.GetCurrentProcess",
2213. "kernel32.dll.GetCurrentThread",
2214. "kernel32.dll.DuplicateHandle",
2215. "kernel32.dll.GetCurrentThreadId",
2216. "user32.dll.CallWindowProcW",
2217. "user32.dll.RegisterWindowMessageW",
2218. "dwmapi.dll.DwmIsCompositionEnabled",
2219. "kernel32.dll.GetCurrentProcessId",
2220. "advapi32.dll.LookupPrivilegeValueW",
2221. "advapi32.dll.AdjustTokenPrivileges",
2222. "ntdll.dll.NtQuerySystemInformation",
2223. "kernel32.dll.CreateIoCompletionPort",
2224. "kernel32.dll.PostQueuedCompletionStatus",
2225. "ntdll.dll.NtQueryInformationThread",
2226. "ntdll.dll.NtGetCurrentProcessorNumber",
2227. "shfolder.dll.SHGetFolderPathW",
2228. "kernel32.dll.FindFirstFileW",
2229. "kernel32.dll.FindClose",
2230. "kernel32.dll.FindNextFileW",
2231. "kernel32.dll.CreateFileW",
2232. "kernel32.dll.GetFileType",
2233. "kernel32.dll.GetACP",
2234. "kernel32.dll.UnmapViewOfFile",
2235. "kernel32.dll.GetFileSize",
2236. "kernel32.dll.ReadFile",
2237. "oleaut32.dll.#204",
2238. "oleaut32.dll.#203",
2239. "culture.dll.ConvertLangIdToCultureName",
2240. "mlang.dll.#112",
2241. "wininet.dll.FindFirstUrlCacheEntryA",
2242. "kernel32.dll.SetFileInformationByHandle",
2243. "urlmon.dll.CreateUri",
2244. "kernel32.dll.InitializeSRWLock",
2245. "kernel32.dll.AcquireSRWLockExclusive",
2246. "kernel32.dll.AcquireSRWLockShared",
2247. "kernel32.dll.ReleaseSRWLockExclusive",
2248. "kernel32.dll.ReleaseSRWLockShared",
2249. "wininet.dll.FindNextUrlCacheEntryA",
2250. "urlmon.dll.CreateIUriBuilder",
2251. "urlmon.dll.IntlPercentEncodeNormalize",
2252. "wininet.dll.FindCloseUrlCache",
2253. "cryptsp.dll.CryptAcquireContextA",
2254. "cryptsp.dll.CryptHashData",
2255. "cryptsp.dll.CryptGetHashParam",
2256. "cryptsp.dll.CryptDestroyHash",
2257. "cryptsp.dll.CryptReleaseContext",
2258. "vaultcli.dll.VaultEnumerateVaults",
2259. "kernel32.dll.GetSystemTimeAsFileTime",
2260. "user32.dll.GetLastInputInfo",
2261. "ole32.dll.CLSIDFromProgIDEx",
2262. "oleaut32.dll.#201",
2263. "user32.dll.GetSystemMetrics",
2264. "user32.dll.GetClientRect",
2265. "user32.dll.GetWindowRect",
2266. "user32.dll.GetParent",
2267. "ole32.dll.OleInitialize",
2268. "ole32.dll.CoRegisterMessageFilter",
2269. "user32.dll.PeekMessageW",
2270. "user32.dll.WaitMessage",
2271. "mscoree.dll.ND_RI2",
2272. "rasapi32.dll.RasEnumConnectionsW",
2273. "rtutils.dll.TraceRegisterExA",
2274. "rtutils.dll.TracePrintfExA",
2275. "sechost.dll.OpenSCManagerW",
2276. "sechost.dll.OpenServiceW",
2277. "sechost.dll.QueryServiceStatus",
2278. "sechost.dll.CloseServiceHandle",
2279. "ws2_32.dll.WSAStartup",
2280. "ws2_32.dll.WSASocketW",
2281. "ws2_32.dll.setsockopt",
2282. "ws2_32.dll.WSAEventSelect",
2283. "ws2_32.dll.ioctlsocket",
2284. "ws2_32.dll.closesocket",
2285. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2286. "kernel32.dll.LocalFree",
2287. "kernel32.dll.CreateFileMappingW",
2288. "kernel32.dll.MapViewOfFile",
2289. "kernel32.dll.VirtualQuery",
2290. "kernel32.dll.ReleaseMutex",
2291. "advapi32.dll.CreateWellKnownSid",
2292. "kernel32.dll.CreateMutexW",
2293. "kernel32.dll.WaitForSingleObject",
2294. "kernel32.dll.OpenMutexW",
2295. "kernel32.dll.OpenProcess",
2296. "kernel32.dll.GetProcessTimes",
2297. "ws2_32.dll.WSAIoctl",
2298. "kernel32.dll.FormatMessageW",
2299. "rasapi32.dll.RasConnectionNotificationW",
2300. "advapi32.dll.RegOpenCurrentUser",
2301. "advapi32.dll.RegNotifyChangeKeyValue",
2302. "sechost.dll.NotifyServiceStatusChangeA",
2303. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2304. "kernel32.dll.ResetEvent",
2305. "iphlpapi.dll.GetNetworkParams",
2306. "dnsapi.dll.DnsQueryConfig",
2307. "iphlpapi.dll.GetAdaptersAddresses",
2308. "iphlpapi.dll.GetIpInterfaceEntry",
2309. "iphlpapi.dll.GetBestInterfaceEx",
2310. "ws2_32.dll.inet_addr",
2311. "ws2_32.dll.getaddrinfo",
2312. "ws2_32.dll.freeaddrinfo",
2313. "ws2_32.dll.WSAConnect",
2314. "ws2_32.dll.send",
2315. "ws2_32.dll.recv",
2316. "ws2_32.dll.select",
2317. "ws2_32.dll.shutdown",
2318. "vssapi.dll.CreateWriter",
2319. "advapi32.dll.LookupAccountNameW",
2320. "samcli.dll.NetLocalGroupGetMembers",
2321. "samlib.dll.SamConnect",
2322. "rpcrt4.dll.NdrClientCall3",
2323. "rpcrt4.dll.RpcStringBindingComposeW",
2324. "rpcrt4.dll.RpcBindingFromStringBindingW",
2325. "rpcrt4.dll.RpcStringFreeW",
2326. "rpcrt4.dll.RpcBindingFree",
2327. "samlib.dll.SamOpenDomain",
2328. "samlib.dll.SamLookupNamesInDomain",
2329. "samlib.dll.SamOpenAlias",
2330. "samlib.dll.SamFreeMemory",
2331. "samlib.dll.SamCloseHandle",
2332. "samlib.dll.SamGetMembersInAlias",
2333. "netutils.dll.NetApiBufferFree",
2334. "ole32.dll.CoCreateGuid",
2335. "ole32.dll.StringFromCLSID",
2336. "propsys.dll.VariantToPropVariant",
2337. "wbemcore.dll.Reinitialize",
2338. "wbemsvc.dll.DllGetClassObject",
2339. "wbemsvc.dll.DllCanUnloadNow",
2340. "authz.dll.AuthzInitializeContextFromToken",
2341. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
2342. "authz.dll.AuthzAccessCheck",
2343. "authz.dll.AuthzFreeAuditEvent",
2344. "authz.dll.AuthzFreeContext",
2345. "authz.dll.AuthzInitializeResourceManager",
2346. "authz.dll.AuthzFreeResourceManager",
2347. "rpcrt4.dll.RpcBindingCreateW",
2348. "rpcrt4.dll.RpcBindingBind",
2349. "rpcrt4.dll.I_RpcMapWin32Status",
2350. "advapi32.dll.EventRegister",
2351. "advapi32.dll.EventUnregister",
2352. "advapi32.dll.EventWrite",
2353. "kernel32.dll.RegCloseKey",
2354. "kernel32.dll.RegSetValueExW",
2355. "kernel32.dll.RegQueryValueExW",
2356. "wmisvc.dll.IsImproperShutdownDetected",
2357. "wevtapi.dll.EvtRender",
2358. "wevtapi.dll.EvtNext",
2359. "wevtapi.dll.EvtClose",
2360. "wevtapi.dll.EvtQuery",
2361. "wevtapi.dll.EvtCreateRenderContext",
2362. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2363. "rpcrt4.dll.RpcBindingSetOption",
2364. "ole32.dll.CoCreateFreeThreadedMarshaler",
2365. "ole32.dll.CreateStreamOnHGlobal",
2366. "advapi32.dll.RegCreateKeyExW",
2367. "advapi32.dll.RegSetValueExW",
2368. "kernelbase.dll.InitializeAcl",
2369. "kernelbase.dll.AddAce",
2370. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2371. "kernel32.dll.IsThreadAFiber",
2372. "kernel32.dll.OpenProcessToken",
2373. "kernelbase.dll.GetTokenInformation",
2374. "kernelbase.dll.DuplicateTokenEx",
2375. "kernelbase.dll.AdjustTokenPrivileges",
2376. "kernelbase.dll.AllocateAndInitializeSid",
2377. "kernelbase.dll.CheckTokenMembership",
2378. "kernel32.dll.SetThreadToken",
2379. "oleaut32.dll.#285",
2380. "oleaut32.dll.#12",
2381. "oleaut32.dll.#286",
2382. "ole32.dll.CLSIDFromString",
2383. "oleaut32.dll.#17",
2384. "oleaut32.dll.#20",
2385. "oleaut32.dll.#19",
2386. "oleaut32.dll.#25",
2387. "ole32.dll.CoRevertToSelf",
2388. "advapi32.dll.LogonUserExExW",
2389. "sspicli.dll.LogonUserExExW",
2390. "authz.dll.AuthzInitializeContextFromSid",
2391. "ole32.dll.CoGetCallContext",
2392. "ole32.dll.CoImpersonateClient",
2393. "advapi32.dll.OpenThreadToken",
2394. "oleaut32.dll.#8",
2395. "ole32.dll.CoSwitchCallContext",
2396. "oleaut32.dll.#287",
2397. "oleaut32.dll.#288",
2398. "oleaut32.dll.#289",
2399. "kernel32.dll.SortGetHandle",
2400. "kernel32.dll.SortCloseHandle",
2401. "ntmarta.dll.GetMartaExtensionInterface",
2402. "fastprox.dll.DllGetClassObject",
2403. "fastprox.dll.DllCanUnloadNow",
2404. "oleaut32.dll.#290",
2405. "wmi.dll.WmiQueryAllDataW",
2406. "wmi.dll.WmiQuerySingleInstanceW",
2407. "wmi.dll.WmiSetSingleItemW",
2408. "wmi.dll.WmiSetSingleInstanceW",
2409. "wmi.dll.WmiExecuteMethodW",
2410. "wmi.dll.WmiNotificationRegistrationW",
2411. "wmi.dll.WmiMofEnumerateResourcesW",
2412. "wmi.dll.WmiFileHandleToInstanceNameW",
2413. "wmi.dll.WmiDevInstToInstanceNameW",
2414. "wmi.dll.WmiQueryGuidInformation",
2415. "wmi.dll.WmiOpenBlock",
2416. "wmi.dll.WmiCloseBlock",
2417. "wmi.dll.WmiFreeBuffer",
2418. "wmi.dll.WmiEnumerateGuids",
2419. "lpk.dll.LpkEditControl",
2420. "comctl32.dll.InitCommonControlsEx",
2421. "kernel32.dll.HeapSetInformation",
2422. "advapi32.dll.CheckTokenMembership",
2423. "ole32.dll.CoInitializeSecurity",
2424. "kernel32.dll.CreateWaitableTimerW",
2425. "kernel32.dll.SetWaitableTimer",
2426. "ole32.dll.CLSIDFromOle1Class",
2427. "clbcatq.dll.GetCatalogObject",
2428. "clbcatq.dll.GetCatalogObject2",
2429. "msi.dll.QueryInstanceCount",
2430. "kernel32.dll.CancelWaitableTimer",
2431. "msi.dll.DllGetClassObject",
2432. "msi.dll.DllCanUnloadNow",
2433. "rpcrt4.dll.I_RpcBindingInqLocalClientPID",
2434. "userenv.dll.CreateEnvironmentBlock",
2435. "userenv.dll.DestroyEnvironmentBlock",
2436. "ntdll.dll.WinSqmIsOptedIn",
2437. "kernel32.dll.WTSGetActiveConsoleSessionId",
2438. "ole32.dll.CoInitialize",
2439. "netapi32.dll.NetGetJoinInformation",
2440. "netapi32.dll.NetApiBufferFree",
2441. "ole32.dll.StgOpenStorage",
2442. "ole32.dll.CoGetMalloc",
2443. "advapi32.dll.SaferCreateLevel",
2444. "advapi32.dll.SaferCloseLevel",
2445. "apphelp.dll.SdbInitDatabase",
2446. "apphelp.dll.SdbFindFirstMsiPackage_Str",
2447. "apphelp.dll.SdbReleaseDatabase",
2448. "version.dll.GetFileVersionInfoSizeW",
2449. "version.dll.GetFileVersionInfoW",
2450. "version.dll.VerQueryValueW",
2451. "kernel32.dll.SetThreadExecutionState",
2452. "sfc.dll.SfcIsKeyProtected",
2453. "kernel32.dll.LCMapStringEx",
2454. "kernel32.dll.InitializeCriticalSectionEx",
2455. "kernel32.dll.InitOnceExecuteOnce",
2456. "kernel32.dll.CreateEventExW",
2457. "kernel32.dll.CreateSemaphoreW",
2458. "kernel32.dll.CreateSemaphoreExW",
2459. "kernel32.dll.CreateThreadpoolTimer",
2460. "kernel32.dll.SetThreadpoolTimer",
2461. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
2462. "kernel32.dll.CloseThreadpoolTimer",
2463. "kernel32.dll.CreateThreadpoolWait",
2464. "kernel32.dll.SetThreadpoolWait",
2465. "kernel32.dll.CloseThreadpoolWait",
2466. "kernel32.dll.FreeLibraryWhenCallbackReturns",
2467. "kernel32.dll.GetCurrentProcessorNumber",
2468. "kernel32.dll.CreateSymbolicLinkW",
2469. "kernel32.dll.GetTickCount64",
2470. "kernel32.dll.GetFileInformationByHandleEx",
2471. "kernel32.dll.InitializeConditionVariable",
2472. "kernel32.dll.WakeConditionVariable",
2473. "kernel32.dll.WakeAllConditionVariable",
2474. "kernel32.dll.SleepConditionVariableCS",
2475. "kernel32.dll.TryAcquireSRWLockExclusive",
2476. "kernel32.dll.SleepConditionVariableSRW",
2477. "kernel32.dll.CreateThreadpoolWork",
2478. "kernel32.dll.SubmitThreadpoolWork",
2479. "kernel32.dll.CloseThreadpoolWork",
2480. "kernel32.dll.CompareStringEx",
2481. "goopdate.dll.DllEntry",
2482. "kernel32.dll.RtlCaptureStackBackTrace",
2483. "wkscli.dll.NetWkstaGetInfo",
2484. "cscapi.dll.CscNetApiGetInterface",
2485. "kernel32.dll.CreateMutexExW",
2486. "dbghelp.dll.MiniDumpWriteDump",
2487. "rpcrt4.dll.UuidCreate",
2488. "psmachine.dll.DllGetClassObject",
2489. "psmachine.dll.DllCanUnloadNow",
2490. "ntdll.dll.RtlGetVersion",
2491. "kernel32.dll.GetNativeSystemInfo",
2492. "winhttp.dll.WinHttpAddRequestHeaders",
2493. "winhttp.dll.WinHttpCheckPlatform",
2494. "winhttp.dll.WinHttpCloseHandle",
2495. "winhttp.dll.WinHttpConnect",
2496. "winhttp.dll.WinHttpCrackUrl",
2497. "winhttp.dll.WinHttpCreateUrl",
2498. "winhttp.dll.WinHttpDetectAutoProxyConfigUrl",
2499. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
2500. "winhttp.dll.WinHttpGetProxyForUrl",
2501. "winhttp.dll.WinHttpOpen",
2502. "winhttp.dll.WinHttpOpenRequest",
2503. "winhttp.dll.WinHttpQueryAuthSchemes",
2504. "winhttp.dll.WinHttpQueryDataAvailable",
2505. "winhttp.dll.WinHttpQueryHeaders",
2506. "winhttp.dll.WinHttpQueryOption",
2507. "winhttp.dll.WinHttpReadData",
2508. "winhttp.dll.WinHttpReceiveResponse",
2509. "winhttp.dll.WinHttpSendRequest",
2510. "winhttp.dll.WinHttpSetDefaultProxyConfiguration",
2511. "winhttp.dll.WinHttpSetCredentials",
2512. "winhttp.dll.WinHttpSetOption",
2513. "winhttp.dll.WinHttpSetStatusCallback",
2514. "winhttp.dll.WinHttpSetTimeouts",
2515. "winhttp.dll.WinHttpWriteData",
2516. "shlwapi.dll.StrCmpNW",
2517. "shlwapi.dll.#153",
2518. "ws2_32.dll.GetAddrInfoW",
2519. "ws2_32.dll.#2",
2520. "ws2_32.dll.#21",
2521. "ws2_32.dll.#9",
2522. "ws2_32.dll.FreeAddrInfoW",
2523. "ws2_32.dll.#6",
2524. "ws2_32.dll.#5",
2525. "schannel.dll.SpUserModeInitialize",
2526. "ws2_32.dll.WSASend",
2527. "ws2_32.dll.WSARecv",
2528. "advapi32.dll.RevertToSelf",
2529. "secur32.dll.FreeContextBuffer",
2530. "ncrypt.dll.SslOpenProvider",
2531. "ncrypt.dll.GetSChannelInterface",
2532. "bcryptprimitives.dll.GetHashInterface",
2533. "ncrypt.dll.SslIncrementProviderReferenceCount",
2534. "ncrypt.dll.SslImportKey",
2535. "bcryptprimitives.dll.GetCipherInterface",
2536. "ncrypt.dll.SslLookupCipherSuiteInfo",
2537. "user32.dll.LoadStringW",
2538. "ncrypt.dll.BCryptOpenAlgorithmProvider",
2539. "ncrypt.dll.BCryptGetProperty",
2540. "ncrypt.dll.BCryptCreateHash",
2541. "ncrypt.dll.BCryptHashData",
2542. "ncrypt.dll.BCryptFinishHash",
2543. "ncrypt.dll.BCryptDestroyHash",
2544. "crypt32.dll.CertGetCertificateChain",
2545. "userenv.dll.GetUserProfileDirectoryW",
2546. "sechost.dll.ConvertSidToStringSidW",
2547. "sechost.dll.ConvertStringSidToSidW",
2548. "userenv.dll.RegisterGPNotification",
2549. "gpapi.dll.RegisterGPNotificationInternal",
2550. "sechost.dll.QueryServiceConfigW",
2551. "winsta.dll.WinStationRegisterNotificationEvent",
2552. "rpcrt4.dll.RpcAsyncInitializeHandle",
2553. "rpcrt4.dll.NdrClientCall2",
2554. "rpcrt4.dll.NdrAsyncClientCall",
2555. "cryptsp.dll.CryptVerifySignatureA",
2556. "cryptsp.dll.CryptDestroyKey",
2557. "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
2558. "ncrypt.dll.BCryptImportKeyPair",
2559. "ncrypt.dll.BCryptVerifySignature",
2560. "ncrypt.dll.BCryptDestroyKey",
2561. "crypt32.dll.CertVerifyCertificateChainPolicy",
2562. "crypt32.dll.CertFreeCertificateChain",
2563. "crypt32.dll.CertDuplicateCertificateContext",
2564. "ncrypt.dll.SslEncryptPacket",
2565. "ncrypt.dll.SslDecryptPacket",
2566. "winsta.dll.WinStationEnumerateW",
2567. "rpcrt4.dll.I_RpcExceptionFilter",
2568. "winsta.dll.WinStationFreeMemory",
2569. "winsta.dll.WinStationQueryInformationW",
2570. "qmgr.dll.ServiceMain",
2571. "advapi32.dll.SetEntriesInAclW",
2572. "ws2_32.dll.#115",
2573. "ws2_32.dll.#111",
2574. "bitsigd.dll.InitializeEx",
2575. "upnp.dll.DllGetClassObject",
2576. "upnp.dll.DllCanUnloadNow",
2577. "rpcrt4.dll.RpcStringBindingComposeA",
2578. "rpcrt4.dll.RpcBindingFromStringBindingA",
2579. "rpcrt4.dll.RpcStringFreeA",
2580. "oleaut32.dll.DllGetClassObject",
2581. "oleaut32.dll.DllCanUnloadNow",
2582. "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
2583. "oleaut32.dll.BSTR_UserSize",
2584. "oleaut32.dll.BSTR_UserMarshal",
2585. "oleaut32.dll.BSTR_UserUnmarshal",
2586. "oleaut32.dll.BSTR_UserFree",
2587. "oleaut32.dll.VARIANT_UserSize",
2588. "oleaut32.dll.VARIANT_UserMarshal",
2589. "oleaut32.dll.VARIANT_UserUnmarshal",
2590. "oleaut32.dll.VARIANT_UserFree",
2591. "oleaut32.dll.LPSAFEARRAY_UserSize",
2592. "oleaut32.dll.LPSAFEARRAY_UserMarshal",
2593. "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
2594. "oleaut32.dll.LPSAFEARRAY_UserFree",
2595. "advapi32.dll.LogonUserW",
2596. "wtsapi32.dll.WTSQueryUserToken",
2597. "wtsapi32.dll.WTSEnumerateSessionsW",
2598. "wtsapi32.dll.WTSFreeMemory",
2599. "advapi32.dll.QueryAllTracesW",
2600. "ole32.dll.CoRegisterClassObject",
2601. "rpcrt4.dll.UuidFromStringW",
2602. "radarrs.dll.WdiDiagnosticModuleMain",
2603. "radarrs.dll.WdiHandleInstance",
2604. "radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion",
2605. "advapi32.dll.RegGetValueW",
2606. "advapi32.dll.DuplicateToken"
2607. ]
2608.  
2609. [*] Static Analysis: {
2610. "dotnet": {
2611. "customattrs": null,
2612. "assemblyinfo": {
2613. "version": "0.0.0.0",
2614. "name": "QESQUOGQDYNGPLCGAZVYTMVIRLZITNITIVWIKAKH_20190603002917118"
2615. },
2616. "assemblyrefs": [
2617. {
2618. "version": "2.0.0.0",
2619. "name": "mscorlib"
2620. },
2621. {
2622. "version": "8.0.0.0",
2623. "name": "Microsoft.VisualBasic"
2624. },
2625. {
2626. "version": "2.0.0.0",
2627. "name": "System.Drawing"
2628. },
2629. {
2630. "version": "2.0.0.0",
2631. "name": "System"
2632. },
2633. {
2634. "version": "2.0.0.0",
2635. "name": "System.Windows.Forms"
2636. },
2637. {
2638. "version": "2.0.0.0",
2639. "name": "System.Management"
2640. },
2641. {
2642. "version": "2.0.0.0",
2643. "name": "System.Security"
2644. }
2645. ],
2646. "typerefs": [
2647. {
2648. "typename": "Microsoft.VisualBasic.AppWinStyle",
2649. "assembly": "Microsoft.VisualBasic"
2650. },
2651. {
2652. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
2653. "assembly": "Microsoft.VisualBasic"
2654. },
2655. {
2656. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
2657. "assembly": "Microsoft.VisualBasic"
2658. },
2659. {
2660. "typename": "Microsoft.VisualBasic.CompareMethod",
2661. "assembly": "Microsoft.VisualBasic"
2662. },
2663. {
2664. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
2665. "assembly": "Microsoft.VisualBasic"
2666. },
2667. {
2668. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
2669. "assembly": "Microsoft.VisualBasic"
2670. },
2671. {
2672. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
2673. "assembly": "Microsoft.VisualBasic"
2674. },
2675. {
2676. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
2677. "assembly": "Microsoft.VisualBasic"
2678. },
2679. {
2680. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
2681. "assembly": "Microsoft.VisualBasic"
2682. },
2683. {
2684. "typename": "Microsoft.VisualBasic.CompilerServices.StringType",
2685. "assembly": "Microsoft.VisualBasic"
2686. },
2687. {
2688. "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
2689. "assembly": "Microsoft.VisualBasic"
2690. },
2691. {
2692. "typename": "Microsoft.VisualBasic.Conversion",
2693. "assembly": "Microsoft.VisualBasic"
2694. },
2695. {
2696. "typename": "Microsoft.VisualBasic.Devices.Computer",
2697. "assembly": "Microsoft.VisualBasic"
2698. },
2699. {
2700. "typename": "Microsoft.VisualBasic.Devices.ComputerInfo",
2701. "assembly": "Microsoft.VisualBasic"
2702. },
2703. {
2704. "typename": "Microsoft.VisualBasic.Devices.Keyboard",
2705. "assembly": "Microsoft.VisualBasic"
2706. },
2707. {
2708. "typename": "Microsoft.VisualBasic.Devices.ServerComputer",
2709. "assembly": "Microsoft.VisualBasic"
2710. },
2711. {
2712. "typename": "Microsoft.VisualBasic.FileAttribute",
2713. "assembly": "Microsoft.VisualBasic"
2714. },
2715. {
2716. "typename": "Microsoft.VisualBasic.FileSystem",
2717. "assembly": "Microsoft.VisualBasic"
2718. },
2719. {
2720. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
2721. "assembly": "Microsoft.VisualBasic"
2722. },
2723. {
2724. "typename": "Microsoft.VisualBasic.Information",
2725. "assembly": "Microsoft.VisualBasic"
2726. },
2727. {
2728. "typename": "Microsoft.VisualBasic.Interaction",
2729. "assembly": "Microsoft.VisualBasic"
2730. },
2731. {
2732. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
2733. "assembly": "Microsoft.VisualBasic"
2734. },
2735. {
2736. "typename": "Microsoft.VisualBasic.MyServices.ClipboardProxy",
2737. "assembly": "Microsoft.VisualBasic"
2738. },
2739. {
2740. "typename": "Microsoft.VisualBasic.MyServices.FileSystemProxy",
2741. "assembly": "Microsoft.VisualBasic"
2742. },
2743. {
2744. "typename": "Microsoft.VisualBasic.MyServices.RegistryProxy",
2745. "assembly": "Microsoft.VisualBasic"
2746. },
2747. {
2748. "typename": "Microsoft.VisualBasic.OpenAccess",
2749. "assembly": "Microsoft.VisualBasic"
2750. },
2751. {
2752. "typename": "Microsoft.VisualBasic.OpenMode",
2753. "assembly": "Microsoft.VisualBasic"
2754. },
2755. {
2756. "typename": "Microsoft.VisualBasic.OpenShare",
2757. "assembly": "Microsoft.VisualBasic"
2758. },
2759. {
2760. "typename": "Microsoft.VisualBasic.Strings",
2761. "assembly": "Microsoft.VisualBasic"
2762. },
2763. {
2764. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
2765. "assembly": "System"
2766. },
2767. {
2768. "typename": "System.ComponentModel.DefaultValueAttribute",
2769. "assembly": "System"
2770. },
2771. {
2772. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
2773. "assembly": "System"
2774. },
2775. {
2776. "typename": "System.ComponentModel.EditorBrowsableAttribute",
2777. "assembly": "System"
2778. },
2779. {
2780. "typename": "System.ComponentModel.EditorBrowsableState",
2781. "assembly": "System"
2782. },
2783. {
2784. "typename": "System.Diagnostics.FileVersionInfo",
2785. "assembly": "System"
2786. },
2787. {
2788. "typename": "System.Diagnostics.Process",
2789. "assembly": "System"
2790. },
2791. {
2792. "typename": "System.Diagnostics.ProcessModule",
2793. "assembly": "System"
2794. },
2795. {
2796. "typename": "System.Diagnostics.ProcessStartInfo",
2797. "assembly": "System"
2798. },
2799. {
2800. "typename": "System.Diagnostics.ProcessWindowStyle",
2801. "assembly": "System"
2802. },
2803. {
2804. "typename": "System.Net.CredentialCache",
2805. "assembly": "System"
2806. },
2807. {
2808. "typename": "System.Net.FtpWebRequest",
2809. "assembly": "System"
2810. },
2811. {
2812. "typename": "System.Net.HttpWebRequest",
2813. "assembly": "System"
2814. },
2815. {
2816. "typename": "System.Net.ICredentials",
2817. "assembly": "System"
2818. },
2819. {
2820. "typename": "System.Net.ICredentialsByHost",
2821. "assembly": "System"
2822. },
2823. {
2824. "typename": "System.Net.Mail.Attachment",
2825. "assembly": "System"
2826. },
2827. {
2828. "typename": "System.Net.Mail.AttachmentCollection",
2829. "assembly": "System"
2830. },
2831. {
2832. "typename": "System.Net.Mail.MailAddress",
2833. "assembly": "System"
2834. },
2835. {
2836. "typename": "System.Net.Mail.MailMessage",
2837. "assembly": "System"
2838. },
2839. {
2840. "typename": "System.Net.Mail.SmtpClient",
2841. "assembly": "System"
2842. },
2843. {
2844. "typename": "System.Net.NetworkCredential",
2845. "assembly": "System"
2846. },
2847. {
2848. "typename": "System.Net.WebClient",
2849. "assembly": "System"
2850. },
2851. {
2852. "typename": "System.Net.WebRequest",
2853. "assembly": "System"
2854. },
2855. {
2856. "typename": "System.Net.WebResponse",
2857. "assembly": "System"
2858. },
2859. {
2860. "typename": "System.Text.RegularExpressions.Capture",
2861. "assembly": "System"
2862. },
2863. {
2864. "typename": "System.Text.RegularExpressions.Group",
2865. "assembly": "System"
2866. },
2867. {
2868. "typename": "System.Text.RegularExpressions.GroupCollection",
2869. "assembly": "System"
2870. },
2871. {
2872. "typename": "System.Text.RegularExpressions.Match",
2873. "assembly": "System"
2874. },
2875. {
2876. "typename": "System.Text.RegularExpressions.MatchCollection",
2877. "assembly": "System"
2878. },
2879. {
2880. "typename": "System.Text.RegularExpressions.Regex",
2881. "assembly": "System"
2882. },
2883. {
2884. "typename": "System.Timers.ElapsedEventArgs",
2885. "assembly": "System"
2886. },
2887. {
2888. "typename": "System.Timers.ElapsedEventHandler",
2889. "assembly": "System"
2890. },
2891. {
2892. "typename": "System.Timers.Timer",
2893. "assembly": "System"
2894. },
2895. {
2896. "typename": "System.Uri",
2897. "assembly": "System"
2898. },
2899. {
2900. "typename": "System.Drawing.Bitmap",
2901. "assembly": "System.Drawing"
2902. },
2903. {
2904. "typename": "System.Drawing.Graphics",
2905. "assembly": "System.Drawing"
2906. },
2907. {
2908. "typename": "System.Drawing.Image",
2909. "assembly": "System.Drawing"
2910. },
2911. {
2912. "typename": "System.Drawing.Imaging.Encoder",
2913. "assembly": "System.Drawing"
2914. },
2915. {
2916. "typename": "System.Drawing.Imaging.EncoderParameter",
2917. "assembly": "System.Drawing"
2918. },
2919. {
2920. "typename": "System.Drawing.Imaging.EncoderParameters",
2921. "assembly": "System.Drawing"
2922. },
2923. {
2924. "typename": "System.Drawing.Imaging.ImageCodecInfo",
2925. "assembly": "System.Drawing"
2926. },
2927. {
2928. "typename": "System.Drawing.Imaging.ImageFormat",
2929. "assembly": "System.Drawing"
2930. },
2931. {
2932. "typename": "System.Drawing.Point",
2933. "assembly": "System.Drawing"
2934. },
2935. {
2936. "typename": "System.Drawing.Rectangle",
2937. "assembly": "System.Drawing"
2938. },
2939. {
2940. "typename": "System.Drawing.Size",
2941. "assembly": "System.Drawing"
2942. },
2943. {
2944. "typename": "System.Management.ManagementBaseObject",
2945. "assembly": "System.Management"
2946. },
2947. {
2948. "typename": "System.Management.ManagementClass",
2949. "assembly": "System.Management"
2950. },
2951. {
2952. "typename": "System.Management.ManagementObject",
2953. "assembly": "System.Management"
2954. },
2955. {
2956. "typename": "System.Management.ManagementObjectCollection",
2957. "assembly": "System.Management"
2958. },
2959. {
2960. "typename": "System.Management.ManagementObjectCollection/ManagementObjectEnumerator",
2961. "assembly": "System.Management"
2962. },
2963. {
2964. "typename": "System.Management.ManagementObjectSearcher",
2965. "assembly": "System.Management"
2966. },
2967. {
2968. "typename": "System.Management.PropertyData",
2969. "assembly": "System.Management"
2970. },
2971. {
2972. "typename": "System.Management.PropertyDataCollection",
2973. "assembly": "System.Management"
2974. },
2975. {
2976. "typename": "System.Security.Cryptography.DataProtectionScope",
2977. "assembly": "System.Security"
2978. },
2979. {
2980. "typename": "System.Security.Cryptography.ProtectedData",
2981. "assembly": "System.Security"
2982. },
2983. {
2984. "typename": "System.Windows.Forms.Application",
2985. "assembly": "System.Windows.Forms"
2986. },
2987. {
2988. "typename": "System.Windows.Forms.CreateParams",
2989. "assembly": "System.Windows.Forms"
2990. },
2991. {
2992. "typename": "System.Windows.Forms.Keys",
2993. "assembly": "System.Windows.Forms"
2994. },
2995. {
2996. "typename": "System.Windows.Forms.Message",
2997. "assembly": "System.Windows.Forms"
2998. },
2999. {
3000. "typename": "System.Windows.Forms.MouseButtons",
3001. "assembly": "System.Windows.Forms"
3002. },
3003. {
3004. "typename": "System.Windows.Forms.NativeWindow",
3005. "assembly": "System.Windows.Forms"
3006. },
3007. {
3008. "typename": "System.Windows.Forms.Screen",
3009. "assembly": "System.Windows.Forms"
3010. },
3011. {
3012. "typename": "System.Windows.Forms.SystemInformation",
3013. "assembly": "System.Windows.Forms"
3014. },
3015. {
3016. "typename": "Microsoft.Win32.Registry",
3017. "assembly": "mscorlib"
3018. },
3019. {
3020. "typename": "Microsoft.Win32.RegistryKey",
3021. "assembly": "mscorlib"
3022. },
3023. {
3024. "typename": "Microsoft.Win32.RegistryValueKind",
3025. "assembly": "mscorlib"
3026. },
3027. {
3028. "typename": "System.Activator",
3029. "assembly": "mscorlib"
3030. },
3031. {
3032. "typename": "System.ArgumentOutOfRangeException",
3033. "assembly": "mscorlib"
3034. },
3035. {
3036. "typename": "System.Array",
3037. "assembly": "mscorlib"
3038. },
3039. {
3040. "typename": "System.AsyncCallback",
3041. "assembly": "mscorlib"
3042. },
3043. {
3044. "typename": "System.BitConverter",
3045. "assembly": "mscorlib"
3046. },
3047. {
3048. "typename": "System.Boolean",
3049. "assembly": "mscorlib"
3050. },
3051. {
3052. "typename": "System.Buffer",
3053. "assembly": "mscorlib"
3054. },
3055. {
3056. "typename": "System.Byte",
3057. "assembly": "mscorlib"
3058. },
3059. {
3060. "typename": "System.Char",
3061. "assembly": "mscorlib"
3062. },
3063. {
3064. "typename": "System.Collections.Generic.Dictionary`2",
3065. "assembly": "mscorlib"
3066. },
3067. {
3068. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
3069. "assembly": "mscorlib"
3070. },
3071. {
3072. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
3073. "assembly": "mscorlib"
3074. },
3075. {
3076. "typename": "System.Collections.Generic.IEnumerable`1",
3077. "assembly": "mscorlib"
3078. },
3079. {
3080. "typename": "System.Collections.Generic.KeyValuePair`2",
3081. "assembly": "mscorlib"
3082. },
3083. {
3084. "typename": "System.Collections.Generic.List`1",
3085. "assembly": "mscorlib"
3086. },
3087. {
3088. "typename": "System.Collections.Generic.List`1/Enumerator",
3089. "assembly": "mscorlib"
3090. },
3091. {
3092. "typename": "System.Collections.IEnumerable",
3093. "assembly": "mscorlib"
3094. },
3095. {
3096. "typename": "System.Collections.IEnumerator",
3097. "assembly": "mscorlib"
3098. },
3099. {
3100. "typename": "System.Collections.ObjectModel.Collection`1",
3101. "assembly": "mscorlib"
3102. },
3103. {
3104. "typename": "System.Convert",
3105. "assembly": "mscorlib"
3106. },
3107. {
3108. "typename": "System.DateTime",
3109. "assembly": "mscorlib"
3110. },
3111. {
3112. "typename": "System.Decimal",
3113. "assembly": "mscorlib"
3114. },
3115. {
3116. "typename": "System.Delegate",
3117. "assembly": "mscorlib"
3118. },
3119. {
3120. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
3121. "assembly": "mscorlib"
3122. },
3123. {
3124. "typename": "System.Double",
3125. "assembly": "mscorlib"
3126. },
3127. {
3128. "typename": "System.Enum",
3129. "assembly": "mscorlib"
3130. },
3131. {
3132. "typename": "System.Environment",
3133. "assembly": "mscorlib"
3134. },
3135. {
3136. "typename": "System.Environment/SpecialFolder",
3137. "assembly": "mscorlib"
3138. },
3139. {
3140. "typename": "System.Exception",
3141. "assembly": "mscorlib"
3142. },
3143. {
3144. "typename": "System.FlagsAttribute",
3145. "assembly": "mscorlib"
3146. },
3147. {
3148. "typename": "System.Globalization.CultureInfo",
3149. "assembly": "mscorlib"
3150. },
3151. {
3152. "typename": "System.Globalization.NumberStyles",
3153. "assembly": "mscorlib"
3154. },
3155. {
3156. "typename": "System.Guid",
3157. "assembly": "mscorlib"
3158. },
3159. {
3160. "typename": "System.IAsyncResult",
3161. "assembly": "mscorlib"
3162. },
3163. {
3164. "typename": "System.IDisposable",
3165. "assembly": "mscorlib"
3166. },
3167. {
3168. "typename": "System.IFormatProvider",
3169. "assembly": "mscorlib"
3170. },
3171. {
3172. "typename": "System.IO.BinaryReader",
3173. "assembly": "mscorlib"
3174. },
3175. {
3176. "typename": "System.IO.Directory",
3177. "assembly": "mscorlib"
3178. },
3179. {
3180. "typename": "System.IO.DirectoryInfo",
3181. "assembly": "mscorlib"
3182. },
3183. {
3184. "typename": "System.IO.DriveInfo",
3185. "assembly": "mscorlib"
3186. },
3187. {
3188. "typename": "System.IO.DriveType",
3189. "assembly": "mscorlib"
3190. },
3191. {
3192. "typename": "System.IO.File",
3193. "assembly": "mscorlib"
3194. },
3195. {
3196. "typename": "System.IO.FileAttributes",
3197. "assembly": "mscorlib"
3198. },
3199. {
3200. "typename": "System.IO.FileInfo",
3201. "assembly": "mscorlib"
3202. },
3203. {
3204. "typename": "System.IO.FileMode",
3205. "assembly": "mscorlib"
3206. },
3207. {
3208. "typename": "System.IO.FileStream",
3209. "assembly": "mscorlib"
3210. },
3211. {
3212. "typename": "System.IO.FileSystemInfo",
3213. "assembly": "mscorlib"
3214. },
3215. {
3216. "typename": "System.IO.MemoryStream",
3217. "assembly": "mscorlib"
3218. },
3219. {
3220. "typename": "System.IO.Path",
3221. "assembly": "mscorlib"
3222. },
3223. {
3224. "typename": "System.IO.SearchOption",
3225. "assembly": "mscorlib"
3226. },
3227. {
3228. "typename": "System.IO.Stream",
3229. "assembly": "mscorlib"
3230. },
3231. {
3232. "typename": "System.IO.StreamReader",
3233. "assembly": "mscorlib"
3234. },
3235. {
3236. "typename": "System.Int16",
3237. "assembly": "mscorlib"
3238. },
3239. {
3240. "typename": "System.Int32",
3241. "assembly": "mscorlib"
3242. },
3243. {
3244. "typename": "System.Int64",
3245. "assembly": "mscorlib"
3246. },
3247. {
3248. "typename": "System.IntPtr",
3249. "assembly": "mscorlib"
3250. },
3251. {
3252. "typename": "System.Math",
3253. "assembly": "mscorlib"
3254. },
3255. {
3256. "typename": "System.MulticastDelegate",
3257. "assembly": "mscorlib"
3258. },
3259. {
3260. "typename": "System.Object",
3261. "assembly": "mscorlib"
3262. },
3263. {
3264. "typename": "System.OperatingSystem",
3265. "assembly": "mscorlib"
3266. },
3267. {
3268. "typename": "System.Random",
3269. "assembly": "mscorlib"
3270. },
3271. {
3272. "typename": "System.Reflection.Assembly",
3273. "assembly": "mscorlib"
3274. },
3275. {
3276. "typename": "System.Reflection.FieldInfo",
3277. "assembly": "mscorlib"
3278. },
3279. {
3280. "typename": "System.Reflection.MethodBase",
3281. "assembly": "mscorlib"
3282. },
3283. {
3284. "typename": "System.Reflection.MethodInfo",
3285. "assembly": "mscorlib"
3286. },
3287. {
3288. "typename": "System.Reflection.Module",
3289. "assembly": "mscorlib"
3290. },
3291. {
3292. "typename": "System.Resources.ResourceManager",
3293. "assembly": "mscorlib"
3294. },
3295. {
3296. "typename": "System.Runtime.CompilerServices.AccessedThroughPropertyAttribute",
3297. "assembly": "mscorlib"
3298. },
3299. {
3300. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
3301. "assembly": "mscorlib"
3302. },
3303. {
3304. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
3305. "assembly": "mscorlib"
3306. },
3307. {
3308. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
3309. "assembly": "mscorlib"
3310. },
3311. {
3312. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
3313. "assembly": "mscorlib"
3314. },
3315. {
3316. "typename": "System.Runtime.ConstrainedExecution.Cer",
3317. "assembly": "mscorlib"
3318. },
3319. {
3320. "typename": "System.Runtime.ConstrainedExecution.Consistency",
3321. "assembly": "mscorlib"
3322. },
3323. {
3324. "typename": "System.Runtime.ConstrainedExecution.ReliabilityContractAttribute",
3325. "assembly": "mscorlib"
3326. },
3327. {
3328. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
3329. "assembly": "mscorlib"
3330. },
3331. {
3332. "typename": "System.Runtime.InteropServices.Marshal",
3333. "assembly": "mscorlib"
3334. },
3335. {
3336. "typename": "System.Runtime.InteropServices.SafeHandle",
3337. "assembly": "mscorlib"
3338. },
3339. {
3340. "typename": "System.RuntimeFieldHandle",
3341. "assembly": "mscorlib"
3342. },
3343. {
3344. "typename": "System.RuntimeTypeHandle",
3345. "assembly": "mscorlib"
3346. },
3347. {
3348. "typename": "System.STAThreadAttribute",
3349. "assembly": "mscorlib"
3350. },
3351. {
3352. "typename": "System.Security.AccessControl.AceFlags",
3353. "assembly": "mscorlib"
3354. },
3355. {
3356. "typename": "System.Security.AccessControl.AceQualifier",
3357. "assembly": "mscorlib"
3358. },
3359. {
3360. "typename": "System.Security.AccessControl.CommonAce",
3361. "assembly": "mscorlib"
3362. },
3363. {
3364. "typename": "System.Security.AccessControl.GenericAce",
3365. "assembly": "mscorlib"
3366. },
3367. {
3368. "typename": "System.Security.AccessControl.GenericSecurityDescriptor",
3369. "assembly": "mscorlib"
3370. },
3371. {
3372. "typename": "System.Security.AccessControl.RawAcl",
3373. "assembly": "mscorlib"
3374. },
3375. {
3376. "typename": "System.Security.AccessControl.RawSecurityDescriptor",
3377. "assembly": "mscorlib"
3378. },
3379. {
3380. "typename": "System.Security.Cryptography.CipherMode",
3381. "assembly": "mscorlib"
3382. },
3383. {
3384. "typename": "System.Security.Cryptography.HMACSHA1",
3385. "assembly": "mscorlib"
3386. },
3387. {
3388. "typename": "System.Security.Cryptography.HashAlgorithm",
3389. "assembly": "mscorlib"
3390. },
3391. {
3392. "typename": "System.Security.Cryptography.ICryptoTransform",
3393. "assembly": "mscorlib"
3394. },
3395. {
3396. "typename": "System.Security.Cryptography.MD5",
3397. "assembly": "mscorlib"
3398. },
3399. {
3400. "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
3401. "assembly": "mscorlib"
3402. },
3403. {
3404. "typename": "System.Security.Cryptography.PaddingMode",
3405. "assembly": "mscorlib"
3406. },
3407. {
3408. "typename": "System.Security.Cryptography.Rijndael",
3409. "assembly": "mscorlib"
3410. },
3411. {
3412. "typename": "System.Security.Cryptography.SHA1CryptoServiceProvider",
3413. "assembly": "mscorlib"
3414. },
3415. {
3416. "typename": "System.Security.Cryptography.SymmetricAlgorithm",
3417. "assembly": "mscorlib"
3418. },
3419. {
3420. "typename": "System.Security.Cryptography.TripleDES",
3421. "assembly": "mscorlib"
3422. },
3423. {
3424. "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
3425. "assembly": "mscorlib"
3426. },
3427. {
3428. "typename": "System.Security.Principal.SecurityIdentifier",
3429. "assembly": "mscorlib"
3430. },
3431. {
3432. "typename": "System.Security.Principal.WellKnownSidType",
3433. "assembly": "mscorlib"
3434. },
3435. {
3436. "typename": "System.Security.Principal.WindowsBuiltInRole",
3437. "assembly": "mscorlib"
3438. },
3439. {
3440. "typename": "System.Security.Principal.WindowsIdentity",
3441. "assembly": "mscorlib"
3442. },
3443. {
3444. "typename": "System.Security.Principal.WindowsPrincipal",
3445. "assembly": "mscorlib"
3446. },
3447. {
3448. "typename": "System.Security.SuppressUnmanagedCodeSecurityAttribute",
3449. "assembly": "mscorlib"
3450. },
3451. {
3452. "typename": "System.String",
3453. "assembly": "mscorlib"
3454. },
3455. {
3456. "typename": "System.StringComparison",
3457. "assembly": "mscorlib"
3458. },
3459. {
3460. "typename": "System.Text.Decoder",
3461. "assembly": "mscorlib"
3462. },
3463. {
3464. "typename": "System.Text.Encoding",
3465. "assembly": "mscorlib"
3466. },
3467. {
3468. "typename": "System.Text.StringBuilder",
3469. "assembly": "mscorlib"
3470. },
3471. {
3472. "typename": "System.Text.UTF8Encoding",
3473. "assembly": "mscorlib"
3474. },
3475. {
3476. "typename": "System.ThreadStaticAttribute",
3477. "assembly": "mscorlib"
3478. },
3479. {
3480. "typename": "System.Threading.Monitor",
3481. "assembly": "mscorlib"
3482. },
3483. {
3484. "typename": "System.Threading.Mutex",
3485. "assembly": "mscorlib"
3486. },
3487. {
3488. "typename": "System.Threading.Thread",
3489. "assembly": "mscorlib"
3490. },
3491. {
3492. "typename": "System.Threading.ThreadStart",
3493. "assembly": "mscorlib"
3494. },
3495. {
3496. "typename": "System.Type",
3497. "assembly": "mscorlib"
3498. },
3499. {
3500. "typename": "System.UInt32",
3501. "assembly": "mscorlib"
3502. },
3503. {
3504. "typename": "System.UInt64",
3505. "assembly": "mscorlib"
3506. },
3507. {
3508. "typename": "System.ValueType",
3509. "assembly": "mscorlib"
3510. },
3511. {
3512. "typename": "System.Version",
3513. "assembly": "mscorlib"
3514. }
3515. ]
3516. },
3517. "pe": {
3518. "peid_signatures": null,
3519. "imports": [
3520. {
3521. "imports": [
3522. {
3523. "name": "_CorExeMain",
3524. "address": "0x402000"
3525. }
3526. ],
3527. "dll": "mscoree.dll"
3528. }
3529. ],
3530. "digital_signers": null,
3531. "exported_dll_name": null,
3532. "actual_checksum": "0x00046b89",
3533. "overlay": null,
3534. "imagebase": "0x00400000",
3535. "reported_checksum": "0x00000000",
3536. "icon_hash": null,
3537. "entrypoint": "0x0044640e",
3538. "timestamp": "2019-06-02 21:29:17",
3539. "osversion": "4.0",
3540. "sections": [
3541. {
3542. "name": ".text",
3543. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
3544. "virtual_address": "0x00002000",
3545. "size_of_data": "0x00044600",
3546. "entropy": "6.60",
3547. "raw_address": "0x00000200",
3548. "virtual_size": "0x00044414",
3549. "characteristics_raw": "0x60000020"
3550. },
3551. {
3552. "name": ".rsrc",
3553. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
3554. "virtual_address": "0x00048000",
3555. "size_of_data": "0x00000400",
3556. "entropy": "2.95",
3557. "raw_address": "0x00044800",
3558. "virtual_size": "0x00000370",
3559. "characteristics_raw": "0x40000040"
3560. },
3561. {
3562. "name": ".reloc",
3563. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
3564. "virtual_address": "0x0004a000",
3565. "size_of_data": "0x00000200",
3566. "entropy": "0.10",
3567. "raw_address": "0x00044c00",
3568. "virtual_size": "0x0000000c",
3569. "characteristics_raw": "0x42000040"
3570. }
3571. ],
3572. "resources": [],
3573. "dirents": [
3574. {
3575. "virtual_address": "0x00000000",
3576. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
3577. "size": "0x00000000"
3578. },
3579. {
3580. "virtual_address": "0x000463bc",
3581. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
3582. "size": "0x0000004f"
3583. },
3584. {
3585. "virtual_address": "0x00048000",
3586. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
3587. "size": "0x00000370"
3588. },
3589. {
3590. "virtual_address": "0x00000000",
3591. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
3592. "size": "0x00000000"
3593. },
3594. {
3595. "virtual_address": "0x00000000",
3596. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
3597. "size": "0x00000000"
3598. },
3599. {
3600. "virtual_address": "0x0004a000",
3601. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
3602. "size": "0x0000000c"
3603. },
3604. {
3605. "virtual_address": "0x00000000",
3606. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
3607. "size": "0x00000000"
3608. },
3609. {
3610. "virtual_address": "0x00000000",
3611. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
3612. "size": "0x00000000"
3613. },
3614. {
3615. "virtual_address": "0x00000000",
3616. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
3617. "size": "0x00000000"
3618. },
3619. {
3620. "virtual_address": "0x00000000",
3621. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
3622. "size": "0x00000000"
3623. },
3624. {
3625. "virtual_address": "0x00000000",
3626. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
3627. "size": "0x00000000"
3628. },
3629. {
3630. "virtual_address": "0x00000000",
3631. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
3632. "size": "0x00000000"
3633. },
3634. {
3635. "virtual_address": "0x00002000",
3636. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
3637. "size": "0x00000008"
3638. },
3639. {
3640. "virtual_address": "0x00000000",
3641. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
3642. "size": "0x00000000"
3643. },
3644. {
3645. "virtual_address": "0x00002008",
3646. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
3647. "size": "0x00000048"
3648. },
3649. {
3650. "virtual_address": "0x00000000",
3651. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
3652. "size": "0x00000000"
3653. }
3654. ],
3655. "exports": [],
3656. "guest_signers": {},
3657. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
3658. "icon_fuzzy": null,
3659. "icon": null,
3660. "pdbpath": null,
3661. "imported_dll_count": 1,
3662. "versioninfo": []
3663. }
3664. }