Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 9.4
- [*] File Name: "Exes_594994a856e7ba9858350876e77e2fd8.exe"
- [*] File Size: 689152
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "79221dd42d51b693497d6fff9b35309b1a6e4e0cf3d313f2131bbd9e87f702ec"
- [*] MD5: "594994a856e7ba9858350876e77e2fd8"
- [*] SHA1: "7404e11a5e89437a4a6ad2cab343df368d1abbc7"
- [*] SHA512: "2b6846037592d14c38efc88d680e9c8eb277b3631a8af16150cd1241a916d8f6d07dabd6dc50e605937af486ce0b31ffe557a769a44d622349d4b4a3a98271e7"
- [*] CRC32: "2FF4F9DC"
- [*] SSDEEP: "12288:uPkwBVwVwYej2WoNrkDusUY3h6WGXLcSpEBCrf/3bvaLXIg2Cm:YdAVnWolagfOAn3GLXZ2F"
- [*] Process Execution: [
- "Exes_594994a856e7ba9858350876e77e2fd8.exe",
- "Exes_594994a856e7ba9858350876e77e2fd8.exe",
- "Exes_594994a856e7ba9858350876e77e2fd8.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (4 unique times)",
- "Details": [
- {
- "IP": "91.189.180.216:3365"
- },
- {
- "IP": "213.208.129.204:3366"
- },
- {
- "IP": "91.189.180.216:3369"
- },
- {
- "IP": "213.208.129.204:3367"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "Exes_594994a856e7ba9858350876e77e2fd8.exe tried to sleep 1796 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Expresses interest in specific running processes",
- "Details": [
- {
- "process": "Exes_594994a856e7ba9858350876e77e2fd8.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .rsrc, entropy: 7.16, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x0002ba00, virtual_size: 0x0002b8e8"
- }
- ]
- },
- {
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details": [
- {
- "Injection": "Exes_594994a856e7ba9858350876e77e2fd8.exe(1464) -> Exes_594994a856e7ba9858350876e77e2fd8.exe(1460)"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
- }
- ]
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_594994a856e7ba9858350876e77e2fd8.exe\"",
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_594994a856e7ba9858350876e77e2fd8.exe\" 2 1460 35554406"
- ]
- [*] Mutexes: [
- "-"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TimeMachine.exe.vbs"
- ]
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6676\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6677-17285\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17286-27529\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27530-42440\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=42441-64036\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=64037-108164\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=108165-129010\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=129011-240844\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=240845-430365\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=430366-682229\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=682230-1137907\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1137908-1965775\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1965776-3440707\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3440708-5305892\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5305893-7415982\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7415983-9655186\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9655187-11848595\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5meknl7.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5meknl7.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5meknl7&ms=nvh&mt=1560815609&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11848596-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5meknl7.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x476140"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x476144"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x476148"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47614c"
- },
- {
- "name": "VirtualFree",
- "address": "0x476150"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x476154"
- },
- {
- "name": "LocalFree",
- "address": "0x476158"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47615c"
- },
- {
- "name": "GetVersion",
- "address": "0x476160"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x476164"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x476168"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x47616c"
- },
- {
- "name": "VirtualQuery",
- "address": "0x476170"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x476174"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x476178"
- },
- {
- "name": "lstrlenA",
- "address": "0x47617c"
- },
- {
- "name": "lstrcpynA",
- "address": "0x476180"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x476184"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x476188"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x47618c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x476190"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x476194"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x476198"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47619c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4761a0"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4761a4"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x4761a8"
- },
- {
- "name": "FindClose",
- "address": "0x4761ac"
- },
- {
- "name": "ExitProcess",
- "address": "0x4761b0"
- },
- {
- "name": "WriteFile",
- "address": "0x4761b4"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x4761b8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4761bc"
- },
- {
- "name": "RaiseException",
- "address": "0x4761c0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4761c4"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x4761cc"
- },
- {
- "name": "LoadStringA",
- "address": "0x4761d0"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4761d4"
- },
- {
- "name": "CharNextA",
- "address": "0x4761d8"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x4761e0"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x4761e4"
- },
- {
- "name": "RegCloseKey",
- "address": "0x4761e8"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x4761f0"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x4761f4"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x4761f8"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x476200"
- },
- {
- "name": "TlsGetValue",
- "address": "0x476204"
- },
- {
- "name": "LocalAlloc",
- "address": "0x476208"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47620c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x476214"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x476218"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47621c"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x476224"
- },
- {
- "name": "lstrcmpA",
- "address": "0x476228"
- },
- {
- "name": "WriteFile",
- "address": "0x47622c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x476230"
- },
- {
- "name": "VirtualQuery",
- "address": "0x476234"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x476238"
- },
- {
- "name": "Sleep",
- "address": "0x47623c"
- },
- {
- "name": "SizeofResource",
- "address": "0x476240"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x476244"
- },
- {
- "name": "SetFilePointer",
- "address": "0x476248"
- },
- {
- "name": "SetEvent",
- "address": "0x47624c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x476250"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x476254"
- },
- {
- "name": "ResetEvent",
- "address": "0x476258"
- },
- {
- "name": "ReadFile",
- "address": "0x47625c"
- },
- {
- "name": "MulDiv",
- "address": "0x476260"
- },
- {
- "name": "LockResource",
- "address": "0x476264"
- },
- {
- "name": "LoadResource",
- "address": "0x476268"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x47626c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x476270"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x476274"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x476278"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x47627c"
- },
- {
- "name": "GlobalHandle",
- "address": "0x476280"
- },
- {
- "name": "GlobalLock",
- "address": "0x476284"
- },
- {
- "name": "GlobalFree",
- "address": "0x476288"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x47628c"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x476290"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x476294"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x476298"
- },
- {
- "name": "GetVersionExA",
- "address": "0x47629c"
- },
- {
- "name": "GetVersion",
- "address": "0x4762a0"
- },
- {
- "name": "GetTickCount",
- "address": "0x4762a4"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x4762a8"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x4762ac"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x4762b0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4762b4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4762b8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4762bc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4762c0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4762c4"
- },
- {
- "name": "GetLocalTime",
- "address": "0x4762c8"
- },
- {
- "name": "GetLastError",
- "address": "0x4762cc"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x4762d0"
- },
- {
- "name": "GetFileType",
- "address": "0x4762d4"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4762d8"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4762dc"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4762e0"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4762e4"
- },
- {
- "name": "GetCPInfo",
- "address": "0x4762e8"
- },
- {
- "name": "GetACP",
- "address": "0x4762ec"
- },
- {
- "name": "FreeResource",
- "address": "0x4762f0"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x4762f4"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4762f8"
- },
- {
- "name": "FormatMessageA",
- "address": "0x4762fc"
- },
- {
- "name": "FindResourceA",
- "address": "0x476300"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x476304"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x476308"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x47630c"
- },
- {
- "name": "CreateThread",
- "address": "0x476310"
- },
- {
- "name": "CreateFileA",
- "address": "0x476314"
- },
- {
- "name": "CreateEventA",
- "address": "0x476318"
- },
- {
- "name": "CompareStringA",
- "address": "0x47631c"
- },
- {
- "name": "CloseHandle",
- "address": "0x476320"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x476328"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x47632c"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x476330"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x476338"
- },
- {
- "name": "StretchBlt",
- "address": "0x47633c"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x476340"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x476344"
- },
- {
- "name": "SetTextColor",
- "address": "0x476348"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x47634c"
- },
- {
- "name": "SetROP2",
- "address": "0x476350"
- },
- {
- "name": "SetPixel",
- "address": "0x476354"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x476358"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x47635c"
- },
- {
- "name": "SetBkMode",
- "address": "0x476360"
- },
- {
- "name": "SetBkColor",
- "address": "0x476364"
- },
- {
- "name": "SelectPalette",
- "address": "0x476368"
- },
- {
- "name": "SelectObject",
- "address": "0x47636c"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x476370"
- },
- {
- "name": "SaveDC",
- "address": "0x476374"
- },
- {
- "name": "RestoreDC",
- "address": "0x476378"
- },
- {
- "name": "Rectangle",
- "address": "0x47637c"
- },
- {
- "name": "RectVisible",
- "address": "0x476380"
- },
- {
- "name": "RealizePalette",
- "address": "0x476384"
- },
- {
- "name": "PatBlt",
- "address": "0x476388"
- },
- {
- "name": "MoveToEx",
- "address": "0x47638c"
- },
- {
- "name": "MaskBlt",
- "address": "0x476390"
- },
- {
- "name": "LineTo",
- "address": "0x476394"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x476398"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x47639c"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x4763a0"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x4763a4"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x4763a8"
- },
- {
- "name": "GetStockObject",
- "address": "0x4763ac"
- },
- {
- "name": "GetPixel",
- "address": "0x4763b0"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x4763b4"
- },
- {
- "name": "GetObjectA",
- "address": "0x4763b8"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x4763bc"
- },
- {
- "name": "GetDIBits",
- "address": "0x4763c0"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x4763c4"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x4763c8"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x4763cc"
- },
- {
- "name": "GetClipBox",
- "address": "0x4763d0"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x4763d4"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x4763d8"
- },
- {
- "name": "ExtTextOutA",
- "address": "0x4763dc"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x4763e0"
- },
- {
- "name": "DeleteObject",
- "address": "0x4763e4"
- },
- {
- "name": "DeleteDC",
- "address": "0x4763e8"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x4763ec"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x4763f0"
- },
- {
- "name": "CreatePalette",
- "address": "0x4763f4"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x4763f8"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x4763fc"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x476400"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x476404"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x476408"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x47640c"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x476410"
- },
- {
- "name": "CreateBitmap",
- "address": "0x476414"
- },
- {
- "name": "BitBlt",
- "address": "0x476418"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x476420"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x476424"
- },
- {
- "name": "WinHelpA",
- "address": "0x476428"
- },
- {
- "name": "WaitMessage",
- "address": "0x47642c"
- },
- {
- "name": "UpdateWindow",
- "address": "0x476430"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x476434"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x476438"
- },
- {
- "name": "TranslateMessage",
- "address": "0x47643c"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x476440"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x476444"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x476448"
- },
- {
- "name": "ShowWindow",
- "address": "0x47644c"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x476450"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x476454"
- },
- {
- "name": "ShowCursor",
- "address": "0x476458"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x47645c"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x476460"
- },
- {
- "name": "SetWindowPos",
- "address": "0x476464"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x476468"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x47646c"
- },
- {
- "name": "SetTimer",
- "address": "0x476470"
- },
- {
- "name": "SetScrollRange",
- "address": "0x476474"
- },
- {
- "name": "SetScrollPos",
- "address": "0x476478"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x47647c"
- },
- {
- "name": "SetRect",
- "address": "0x476480"
- },
- {
- "name": "SetPropA",
- "address": "0x476484"
- },
- {
- "name": "SetParent",
- "address": "0x476488"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x47648c"
- },
- {
- "name": "SetMenu",
- "address": "0x476490"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x476494"
- },
- {
- "name": "SetFocus",
- "address": "0x476498"
- },
- {
- "name": "SetCursor",
- "address": "0x47649c"
- },
- {
- "name": "SetClassLongA",
- "address": "0x4764a0"
- },
- {
- "name": "SetCapture",
- "address": "0x4764a4"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x4764a8"
- },
- {
- "name": "SendMessageA",
- "address": "0x4764ac"
- },
- {
- "name": "ScrollWindow",
- "address": "0x4764b0"
- },
- {
- "name": "ScreenToClient",
- "address": "0x4764b4"
- },
- {
- "name": "RemovePropA",
- "address": "0x4764b8"
- },
- {
- "name": "RemoveMenu",
- "address": "0x4764bc"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4764c0"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x4764c4"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x4764c8"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x4764cc"
- },
- {
- "name": "RegisterClassA",
- "address": "0x4764d0"
- },
- {
- "name": "RedrawWindow",
- "address": "0x4764d4"
- },
- {
- "name": "PtInRect",
- "address": "0x4764d8"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4764dc"
- },
- {
- "name": "PostMessageA",
- "address": "0x4764e0"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4764e4"
- },
- {
- "name": "OffsetRect",
- "address": "0x4764e8"
- },
- {
- "name": "OemToCharA",
- "address": "0x4764ec"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4764f0"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x4764f4"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x4764f8"
- },
- {
- "name": "LoadStringA",
- "address": "0x4764fc"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x476500"
- },
- {
- "name": "LoadIconA",
- "address": "0x476504"
- },
- {
- "name": "LoadCursorA",
- "address": "0x476508"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x47650c"
- },
- {
- "name": "KillTimer",
- "address": "0x476510"
- },
- {
- "name": "IsZoomed",
- "address": "0x476514"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x476518"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x47651c"
- },
- {
- "name": "IsWindow",
- "address": "0x476520"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x476524"
- },
- {
- "name": "IsIconic",
- "address": "0x476528"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x47652c"
- },
- {
- "name": "IsChild",
- "address": "0x476530"
- },
- {
- "name": "InvalidateRect",
- "address": "0x476534"
- },
- {
- "name": "IntersectRect",
- "address": "0x476538"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x47653c"
- },
- {
- "name": "InsertMenuA",
- "address": "0x476540"
- },
- {
- "name": "InflateRect",
- "address": "0x476544"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x476548"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x47654c"
- },
- {
- "name": "GetWindowRect",
- "address": "0x476550"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x476554"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x476558"
- },
- {
- "name": "GetWindowDC",
- "address": "0x47655c"
- },
- {
- "name": "GetTopWindow",
- "address": "0x476560"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x476564"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x476568"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x47656c"
- },
- {
- "name": "GetSysColor",
- "address": "0x476570"
- },
- {
- "name": "GetSubMenu",
- "address": "0x476574"
- },
- {
- "name": "GetScrollRange",
- "address": "0x476578"
- },
- {
- "name": "GetScrollPos",
- "address": "0x47657c"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x476580"
- },
- {
- "name": "GetPropA",
- "address": "0x476584"
- },
- {
- "name": "GetParent",
- "address": "0x476588"
- },
- {
- "name": "GetWindow",
- "address": "0x47658c"
- },
- {
- "name": "GetMessagePos",
- "address": "0x476590"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x476594"
- },
- {
- "name": "GetMenuState",
- "address": "0x476598"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x47659c"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x4765a0"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x4765a4"
- },
- {
- "name": "GetMenu",
- "address": "0x4765a8"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x4765ac"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x4765b0"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x4765b4"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x4765b8"
- },
- {
- "name": "GetKeyState",
- "address": "0x4765bc"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x4765c0"
- },
- {
- "name": "GetIconInfo",
- "address": "0x4765c4"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x4765c8"
- },
- {
- "name": "GetFocus",
- "address": "0x4765cc"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x4765d0"
- },
- {
- "name": "GetDCEx",
- "address": "0x4765d4"
- },
- {
- "name": "GetDC",
- "address": "0x4765d8"
- },
- {
- "name": "GetCursorPos",
- "address": "0x4765dc"
- },
- {
- "name": "GetCursor",
- "address": "0x4765e0"
- },
- {
- "name": "GetClientRect",
- "address": "0x4765e4"
- },
- {
- "name": "GetClassNameA",
- "address": "0x4765e8"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x4765ec"
- },
- {
- "name": "GetCapture",
- "address": "0x4765f0"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x4765f4"
- },
- {
- "name": "FrameRect",
- "address": "0x4765f8"
- },
- {
- "name": "FindWindowA",
- "address": "0x4765fc"
- },
- {
- "name": "FillRect",
- "address": "0x476600"
- },
- {
- "name": "EqualRect",
- "address": "0x476604"
- },
- {
- "name": "EnumWindows",
- "address": "0x476608"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x47660c"
- },
- {
- "name": "EndPaint",
- "address": "0x476610"
- },
- {
- "name": "EnableWindow",
- "address": "0x476614"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x476618"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x47661c"
- },
- {
- "name": "DrawTextA",
- "address": "0x476620"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x476624"
- },
- {
- "name": "DrawIconEx",
- "address": "0x476628"
- },
- {
- "name": "DrawIcon",
- "address": "0x47662c"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x476630"
- },
- {
- "name": "DrawEdge",
- "address": "0x476634"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x476638"
- },
- {
- "name": "DestroyWindow",
- "address": "0x47663c"
- },
- {
- "name": "DestroyMenu",
- "address": "0x476640"
- },
- {
- "name": "DestroyIcon",
- "address": "0x476644"
- },
- {
- "name": "DestroyCursor",
- "address": "0x476648"
- },
- {
- "name": "DeleteMenu",
- "address": "0x47664c"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x476650"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x476654"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x476658"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x47665c"
- },
- {
- "name": "CreateMenu",
- "address": "0x476660"
- },
- {
- "name": "CreateIcon",
- "address": "0x476664"
- },
- {
- "name": "ClientToScreen",
- "address": "0x476668"
- },
- {
- "name": "ChildWindowFromPoint",
- "address": "0x47666c"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x476670"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x476674"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x476678"
- },
- {
- "name": "BringWindowToTop",
- "address": "0x47667c"
- },
- {
- "name": "BeginPaint",
- "address": "0x476680"
- },
- {
- "name": "CharNextA",
- "address": "0x476684"
- },
- {
- "name": "CharLowerA",
- "address": "0x476688"
- },
- {
- "name": "CharToOemA",
- "address": "0x47668c"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x476690"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x476694"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x47669c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x4766a4"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x4766a8"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x4766ac"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x4766b0"
- },
- {
- "name": "VariantChangeType",
- "address": "0x4766b4"
- },
- {
- "name": "VariantCopy",
- "address": "0x4766b8"
- },
- {
- "name": "VariantClear",
- "address": "0x4766bc"
- },
- {
- "name": "VariantInit",
- "address": "0x4766c0"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "CoTaskMemAlloc",
- "address": "0x4766c8"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x4766cc"
- },
- {
- "name": "CoUninitialize",
- "address": "0x4766d0"
- },
- {
- "name": "CoInitialize",
- "address": "0x4766d4"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x4766dc"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x4766e0"
- },
- {
- "name": "ImageList_Write",
- "address": "0x4766e4"
- },
- {
- "name": "ImageList_Read",
- "address": "0x4766e8"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x4766ec"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x4766f0"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x4766f4"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x4766f8"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x4766fc"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x476700"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x476704"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x476708"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x47670c"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x476710"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x476714"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x476718"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x47671c"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x476720"
- },
- {
- "name": "ImageList_Add",
- "address": "0x476724"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x476728"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x47672c"
- },
- {
- "name": "ImageList_Create",
- "address": "0x476730"
- },
- {
- "name": "InitCommonControls",
- "address": "0x476734"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "ReplaceTextA",
- "address": "0x47673c"
- },
- {
- "name": "FindTextA",
- "address": "0x476740"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000ad73e",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x0046a13c",
- "timestamp": "1992-01-04 00:24:27",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00069200",
- "entropy": "6.52",
- "raw_address": "0x00000400",
- "virtual_size": "0x00069184",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0006b000",
- "size_of_data": "0x00009400",
- "entropy": "5.08",
- "raw_address": "0x00069600",
- "virtual_size": "0x000093d0",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00075000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00072a00",
- "virtual_size": "0x00000d09",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00076000",
- "size_of_data": "0x00002200",
- "entropy": "4.80",
- "raw_address": "0x00072a00",
- "virtual_size": "0x000020c2",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00079000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00074c00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0007a000",
- "size_of_data": "0x00000200",
- "entropy": "0.21",
- "raw_address": "0x00074c00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0007b000",
- "size_of_data": "0x00007c00",
- "entropy": "6.63",
- "raw_address": "0x00074e00",
- "virtual_size": "0x00007ab4",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00083000",
- "size_of_data": "0x0002ba00",
- "entropy": "7.16",
- "raw_address": "0x0007ca00",
- "virtual_size": "0x0002b8e8",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00076000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000020c2"
- },
- {
- "virtual_address": "0x00083000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0002b8e8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007ab4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007a000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "b6b2a783bd5c931709bdc68a1624d6e8",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 15,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.GetDiskFreeSpaceExA",
- "oleaut32.dll.VariantChangeTypeEx",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarI4FromStr",
- "oleaut32.dll.VarR4FromStr",
- "oleaut32.dll.VarR8FromStr",
- "oleaut32.dll.VarDateFromStr",
- "oleaut32.dll.VarCyFromStr",
- "oleaut32.dll.VarBoolFromStr",
- "oleaut32.dll.VarBstrFromCy",
- "oleaut32.dll.VarBstrFromDate",
- "oleaut32.dll.VarBstrFromBool",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.GetSystemMetrics",
- "user32.dll.EnumDisplayMonitors",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "user32.dll.AnimateWindow",
- "comctl32.dll.InitializeFlatSB",
- "comctl32.dll.UninitializeFlatSB",
- "comctl32.dll.FlatSB_GetScrollProp",
- "comctl32.dll.FlatSB_SetScrollProp",
- "comctl32.dll.FlatSB_EnableScrollBar",
- "comctl32.dll.FlatSB_ShowScrollBar",
- "comctl32.dll.FlatSB_GetScrollRange",
- "comctl32.dll.FlatSB_GetScrollInfo",
- "comctl32.dll.FlatSB_GetScrollPos",
- "comctl32.dll.FlatSB_SetScrollPos",
- "comctl32.dll.FlatSB_SetScrollInfo",
- "comctl32.dll.FlatSB_SetScrollRange",
- "user32.dll.SetLayeredWindowAttributes",
- "user32.dll.RegisterRawInputDevices",
- "user32.dll.GetRawInputData",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x476140"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x476144"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x476148"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47614c"
- },
- {
- "name": "VirtualFree",
- "address": "0x476150"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x476154"
- },
- {
- "name": "LocalFree",
- "address": "0x476158"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47615c"
- },
- {
- "name": "GetVersion",
- "address": "0x476160"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x476164"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x476168"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x47616c"
- },
- {
- "name": "VirtualQuery",
- "address": "0x476170"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x476174"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x476178"
- },
- {
- "name": "lstrlenA",
- "address": "0x47617c"
- },
- {
- "name": "lstrcpynA",
- "address": "0x476180"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x476184"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x476188"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x47618c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x476190"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x476194"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x476198"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47619c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4761a0"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4761a4"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x4761a8"
- },
- {
- "name": "FindClose",
- "address": "0x4761ac"
- },
- {
- "name": "ExitProcess",
- "address": "0x4761b0"
- },
- {
- "name": "WriteFile",
- "address": "0x4761b4"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x4761b8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4761bc"
- },
- {
- "name": "RaiseException",
- "address": "0x4761c0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4761c4"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x4761cc"
- },
- {
- "name": "LoadStringA",
- "address": "0x4761d0"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4761d4"
- },
- {
- "name": "CharNextA",
- "address": "0x4761d8"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x4761e0"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x4761e4"
- },
- {
- "name": "RegCloseKey",
- "address": "0x4761e8"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x4761f0"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x4761f4"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x4761f8"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x476200"
- },
- {
- "name": "TlsGetValue",
- "address": "0x476204"
- },
- {
- "name": "LocalAlloc",
- "address": "0x476208"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47620c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x476214"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x476218"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47621c"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x476224"
- },
- {
- "name": "lstrcmpA",
- "address": "0x476228"
- },
- {
- "name": "WriteFile",
- "address": "0x47622c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x476230"
- },
- {
- "name": "VirtualQuery",
- "address": "0x476234"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x476238"
- },
- {
- "name": "Sleep",
- "address": "0x47623c"
- },
- {
- "name": "SizeofResource",
- "address": "0x476240"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x476244"
- },
- {
- "name": "SetFilePointer",
- "address": "0x476248"
- },
- {
- "name": "SetEvent",
- "address": "0x47624c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x476250"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x476254"
- },
- {
- "name": "ResetEvent",
- "address": "0x476258"
- },
- {
- "name": "ReadFile",
- "address": "0x47625c"
- },
- {
- "name": "MulDiv",
- "address": "0x476260"
- },
- {
- "name": "LockResource",
- "address": "0x476264"
- },
- {
- "name": "LoadResource",
- "address": "0x476268"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x47626c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x476270"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x476274"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x476278"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x47627c"
- },
- {
- "name": "GlobalHandle",
- "address": "0x476280"
- },
- {
- "name": "GlobalLock",
- "address": "0x476284"
- },
- {
- "name": "GlobalFree",
- "address": "0x476288"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x47628c"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x476290"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x476294"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x476298"
- },
- {
- "name": "GetVersionExA",
- "address": "0x47629c"
- },
- {
- "name": "GetVersion",
- "address": "0x4762a0"
- },
- {
- "name": "GetTickCount",
- "address": "0x4762a4"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x4762a8"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x4762ac"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x4762b0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4762b4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4762b8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4762bc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4762c0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4762c4"
- },
- {
- "name": "GetLocalTime",
- "address": "0x4762c8"
- },
- {
- "name": "GetLastError",
- "address": "0x4762cc"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x4762d0"
- },
- {
- "name": "GetFileType",
- "address": "0x4762d4"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4762d8"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4762dc"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4762e0"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4762e4"
- },
- {
- "name": "GetCPInfo",
- "address": "0x4762e8"
- },
- {
- "name": "GetACP",
- "address": "0x4762ec"
- },
- {
- "name": "FreeResource",
- "address": "0x4762f0"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x4762f4"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4762f8"
- },
- {
- "name": "FormatMessageA",
- "address": "0x4762fc"
- },
- {
- "name": "FindResourceA",
- "address": "0x476300"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x476304"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x476308"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x47630c"
- },
- {
- "name": "CreateThread",
- "address": "0x476310"
- },
- {
- "name": "CreateFileA",
- "address": "0x476314"
- },
- {
- "name": "CreateEventA",
- "address": "0x476318"
- },
- {
- "name": "CompareStringA",
- "address": "0x47631c"
- },
- {
- "name": "CloseHandle",
- "address": "0x476320"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x476328"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x47632c"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x476330"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x476338"
- },
- {
- "name": "StretchBlt",
- "address": "0x47633c"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x476340"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x476344"
- },
- {
- "name": "SetTextColor",
- "address": "0x476348"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x47634c"
- },
- {
- "name": "SetROP2",
- "address": "0x476350"
- },
- {
- "name": "SetPixel",
- "address": "0x476354"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x476358"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x47635c"
- },
- {
- "name": "SetBkMode",
- "address": "0x476360"
- },
- {
- "name": "SetBkColor",
- "address": "0x476364"
- },
- {
- "name": "SelectPalette",
- "address": "0x476368"
- },
- {
- "name": "SelectObject",
- "address": "0x47636c"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x476370"
- },
- {
- "name": "SaveDC",
- "address": "0x476374"
- },
- {
- "name": "RestoreDC",
- "address": "0x476378"
- },
- {
- "name": "Rectangle",
- "address": "0x47637c"
- },
- {
- "name": "RectVisible",
- "address": "0x476380"
- },
- {
- "name": "RealizePalette",
- "address": "0x476384"
- },
- {
- "name": "PatBlt",
- "address": "0x476388"
- },
- {
- "name": "MoveToEx",
- "address": "0x47638c"
- },
- {
- "name": "MaskBlt",
- "address": "0x476390"
- },
- {
- "name": "LineTo",
- "address": "0x476394"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x476398"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x47639c"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x4763a0"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x4763a4"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x4763a8"
- },
- {
- "name": "GetStockObject",
- "address": "0x4763ac"
- },
- {
- "name": "GetPixel",
- "address": "0x4763b0"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x4763b4"
- },
- {
- "name": "GetObjectA",
- "address": "0x4763b8"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x4763bc"
- },
- {
- "name": "GetDIBits",
- "address": "0x4763c0"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x4763c4"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x4763c8"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x4763cc"
- },
- {
- "name": "GetClipBox",
- "address": "0x4763d0"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x4763d4"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x4763d8"
- },
- {
- "name": "ExtTextOutA",
- "address": "0x4763dc"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x4763e0"
- },
- {
- "name": "DeleteObject",
- "address": "0x4763e4"
- },
- {
- "name": "DeleteDC",
- "address": "0x4763e8"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x4763ec"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x4763f0"
- },
- {
- "name": "CreatePalette",
- "address": "0x4763f4"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x4763f8"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x4763fc"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x476400"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x476404"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x476408"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x47640c"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x476410"
- },
- {
- "name": "CreateBitmap",
- "address": "0x476414"
- },
- {
- "name": "BitBlt",
- "address": "0x476418"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x476420"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x476424"
- },
- {
- "name": "WinHelpA",
- "address": "0x476428"
- },
- {
- "name": "WaitMessage",
- "address": "0x47642c"
- },
- {
- "name": "UpdateWindow",
- "address": "0x476430"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x476434"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x476438"
- },
- {
- "name": "TranslateMessage",
- "address": "0x47643c"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x476440"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x476444"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x476448"
- },
- {
- "name": "ShowWindow",
- "address": "0x47644c"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x476450"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x476454"
- },
- {
- "name": "ShowCursor",
- "address": "0x476458"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x47645c"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x476460"
- },
- {
- "name": "SetWindowPos",
- "address": "0x476464"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x476468"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x47646c"
- },
- {
- "name": "SetTimer",
- "address": "0x476470"
- },
- {
- "name": "SetScrollRange",
- "address": "0x476474"
- },
- {
- "name": "SetScrollPos",
- "address": "0x476478"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x47647c"
- },
- {
- "name": "SetRect",
- "address": "0x476480"
- },
- {
- "name": "SetPropA",
- "address": "0x476484"
- },
- {
- "name": "SetParent",
- "address": "0x476488"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x47648c"
- },
- {
- "name": "SetMenu",
- "address": "0x476490"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x476494"
- },
- {
- "name": "SetFocus",
- "address": "0x476498"
- },
- {
- "name": "SetCursor",
- "address": "0x47649c"
- },
- {
- "name": "SetClassLongA",
- "address": "0x4764a0"
- },
- {
- "name": "SetCapture",
- "address": "0x4764a4"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x4764a8"
- },
- {
- "name": "SendMessageA",
- "address": "0x4764ac"
- },
- {
- "name": "ScrollWindow",
- "address": "0x4764b0"
- },
- {
- "name": "ScreenToClient",
- "address": "0x4764b4"
- },
- {
- "name": "RemovePropA",
- "address": "0x4764b8"
- },
- {
- "name": "RemoveMenu",
- "address": "0x4764bc"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4764c0"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x4764c4"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x4764c8"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x4764cc"
- },
- {
- "name": "RegisterClassA",
- "address": "0x4764d0"
- },
- {
- "name": "RedrawWindow",
- "address": "0x4764d4"
- },
- {
- "name": "PtInRect",
- "address": "0x4764d8"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4764dc"
- },
- {
- "name": "PostMessageA",
- "address": "0x4764e0"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4764e4"
- },
- {
- "name": "OffsetRect",
- "address": "0x4764e8"
- },
- {
- "name": "OemToCharA",
- "address": "0x4764ec"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4764f0"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x4764f4"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x4764f8"
- },
- {
- "name": "LoadStringA",
- "address": "0x4764fc"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x476500"
- },
- {
- "name": "LoadIconA",
- "address": "0x476504"
- },
- {
- "name": "LoadCursorA",
- "address": "0x476508"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x47650c"
- },
- {
- "name": "KillTimer",
- "address": "0x476510"
- },
- {
- "name": "IsZoomed",
- "address": "0x476514"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x476518"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x47651c"
- },
- {
- "name": "IsWindow",
- "address": "0x476520"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x476524"
- },
- {
- "name": "IsIconic",
- "address": "0x476528"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x47652c"
- },
- {
- "name": "IsChild",
- "address": "0x476530"
- },
- {
- "name": "InvalidateRect",
- "address": "0x476534"
- },
- {
- "name": "IntersectRect",
- "address": "0x476538"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x47653c"
- },
- {
- "name": "InsertMenuA",
- "address": "0x476540"
- },
- {
- "name": "InflateRect",
- "address": "0x476544"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x476548"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x47654c"
- },
- {
- "name": "GetWindowRect",
- "address": "0x476550"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x476554"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x476558"
- },
- {
- "name": "GetWindowDC",
- "address": "0x47655c"
- },
- {
- "name": "GetTopWindow",
- "address": "0x476560"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x476564"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x476568"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x47656c"
- },
- {
- "name": "GetSysColor",
- "address": "0x476570"
- },
- {
- "name": "GetSubMenu",
- "address": "0x476574"
- },
- {
- "name": "GetScrollRange",
- "address": "0x476578"
- },
- {
- "name": "GetScrollPos",
- "address": "0x47657c"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x476580"
- },
- {
- "name": "GetPropA",
- "address": "0x476584"
- },
- {
- "name": "GetParent",
- "address": "0x476588"
- },
- {
- "name": "GetWindow",
- "address": "0x47658c"
- },
- {
- "name": "GetMessagePos",
- "address": "0x476590"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x476594"
- },
- {
- "name": "GetMenuState",
- "address": "0x476598"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x47659c"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x4765a0"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x4765a4"
- },
- {
- "name": "GetMenu",
- "address": "0x4765a8"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x4765ac"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x4765b0"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x4765b4"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x4765b8"
- },
- {
- "name": "GetKeyState",
- "address": "0x4765bc"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x4765c0"
- },
- {
- "name": "GetIconInfo",
- "address": "0x4765c4"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x4765c8"
- },
- {
- "name": "GetFocus",
- "address": "0x4765cc"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x4765d0"
- },
- {
- "name": "GetDCEx",
- "address": "0x4765d4"
- },
- {
- "name": "GetDC",
- "address": "0x4765d8"
- },
- {
- "name": "GetCursorPos",
- "address": "0x4765dc"
- },
- {
- "name": "GetCursor",
- "address": "0x4765e0"
- },
- {
- "name": "GetClientRect",
- "address": "0x4765e4"
- },
- {
- "name": "GetClassNameA",
- "address": "0x4765e8"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x4765ec"
- },
- {
- "name": "GetCapture",
- "address": "0x4765f0"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x4765f4"
- },
- {
- "name": "FrameRect",
- "address": "0x4765f8"
- },
- {
- "name": "FindWindowA",
- "address": "0x4765fc"
- },
- {
- "name": "FillRect",
- "address": "0x476600"
- },
- {
- "name": "EqualRect",
- "address": "0x476604"
- },
- {
- "name": "EnumWindows",
- "address": "0x476608"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x47660c"
- },
- {
- "name": "EndPaint",
- "address": "0x476610"
- },
- {
- "name": "EnableWindow",
- "address": "0x476614"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x476618"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x47661c"
- },
- {
- "name": "DrawTextA",
- "address": "0x476620"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x476624"
- },
- {
- "name": "DrawIconEx",
- "address": "0x476628"
- },
- {
- "name": "DrawIcon",
- "address": "0x47662c"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x476630"
- },
- {
- "name": "DrawEdge",
- "address": "0x476634"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x476638"
- },
- {
- "name": "DestroyWindow",
- "address": "0x47663c"
- },
- {
- "name": "DestroyMenu",
- "address": "0x476640"
- },
- {
- "name": "DestroyIcon",
- "address": "0x476644"
- },
- {
- "name": "DestroyCursor",
- "address": "0x476648"
- },
- {
- "name": "DeleteMenu",
- "address": "0x47664c"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x476650"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x476654"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x476658"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x47665c"
- },
- {
- "name": "CreateMenu",
- "address": "0x476660"
- },
- {
- "name": "CreateIcon",
- "address": "0x476664"
- },
- {
- "name": "ClientToScreen",
- "address": "0x476668"
- },
- {
- "name": "ChildWindowFromPoint",
- "address": "0x47666c"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x476670"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x476674"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x476678"
- },
- {
- "name": "BringWindowToTop",
- "address": "0x47667c"
- },
- {
- "name": "BeginPaint",
- "address": "0x476680"
- },
- {
- "name": "CharNextA",
- "address": "0x476684"
- },
- {
- "name": "CharLowerA",
- "address": "0x476688"
- },
- {
- "name": "CharToOemA",
- "address": "0x47668c"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x476690"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x476694"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x47669c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x4766a4"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x4766a8"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x4766ac"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x4766b0"
- },
- {
- "name": "VariantChangeType",
- "address": "0x4766b4"
- },
- {
- "name": "VariantCopy",
- "address": "0x4766b8"
- },
- {
- "name": "VariantClear",
- "address": "0x4766bc"
- },
- {
- "name": "VariantInit",
- "address": "0x4766c0"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "CoTaskMemAlloc",
- "address": "0x4766c8"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x4766cc"
- },
- {
- "name": "CoUninitialize",
- "address": "0x4766d0"
- },
- {
- "name": "CoInitialize",
- "address": "0x4766d4"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x4766dc"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x4766e0"
- },
- {
- "name": "ImageList_Write",
- "address": "0x4766e4"
- },
- {
- "name": "ImageList_Read",
- "address": "0x4766e8"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x4766ec"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x4766f0"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x4766f4"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x4766f8"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x4766fc"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x476700"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x476704"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x476708"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x47670c"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x476710"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x476714"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x476718"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x47671c"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x476720"
- },
- {
- "name": "ImageList_Add",
- "address": "0x476724"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x476728"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x47672c"
- },
- {
- "name": "ImageList_Create",
- "address": "0x476730"
- },
- {
- "name": "InitCommonControls",
- "address": "0x476734"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "ReplaceTextA",
- "address": "0x47673c"
- },
- {
- "name": "FindTextA",
- "address": "0x476740"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000ad73e",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x0046a13c",
- "timestamp": "1992-01-04 00:24:27",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00069200",
- "entropy": "6.52",
- "raw_address": "0x00000400",
- "virtual_size": "0x00069184",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0006b000",
- "size_of_data": "0x00009400",
- "entropy": "5.08",
- "raw_address": "0x00069600",
- "virtual_size": "0x000093d0",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00075000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00072a00",
- "virtual_size": "0x00000d09",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00076000",
- "size_of_data": "0x00002200",
- "entropy": "4.80",
- "raw_address": "0x00072a00",
- "virtual_size": "0x000020c2",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00079000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00074c00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0007a000",
- "size_of_data": "0x00000200",
- "entropy": "0.21",
- "raw_address": "0x00074c00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0007b000",
- "size_of_data": "0x00007c00",
- "entropy": "6.63",
- "raw_address": "0x00074e00",
- "virtual_size": "0x00007ab4",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00083000",
- "size_of_data": "0x0002ba00",
- "entropy": "7.16",
- "raw_address": "0x0007ca00",
- "virtual_size": "0x0002b8e8",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00076000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000020c2"
- },
- {
- "virtual_address": "0x00083000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0002b8e8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007ab4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007a000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "b6b2a783bd5c931709bdc68a1624d6e8",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 15,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement