API tools faq
paste
Advertisement
paladin316

Exes_002e36e3_exe.json

paladin316
Jun 17th, 2019
1,489
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 98.74 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_002e36e3.exe"
  7. [*] File Size: 398336
  8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
  9. [*] SHA256: "b570044467d187690dd6f46e9246d470437651465f9b4d2baa7091a63a5ac214"
  10. [*] MD5: "018e72343ac60f2b405944eb8380e0fe"
  11. [*] SHA1: "e8aa5f6619adb7637605ed723c2d64c745cf4e8d"
  12. [*] SHA512: "60b0d7ae6741f09343be3f908ba2c021be7d760d0ad935581b912487604eba2cf9d982454db027dbd0900bdc807853070820885f35d33fb1ed4b6da1dd00d132"
  13. [*] CRC32: "002E36E3"
  14. [*] SSDEEP: "6144:XTkJkvRAhoED0x8YbkaxBpRH9BgrllentW217UmCi4jn:XwCAhdYbNxj2jer1Yn"
  15.  
  16. [*] Process Execution: [
  17. "Exes_002e36e3.exe",
  18. "Exes_002e36e3.exe"
  19. ]
  20.  
  21. [*] Signatures Detected: [
  22. {
  23. "Description": "Creates RWX memory",
  24. "Details": []
  25. },
  26. {
  27. "Description": "A process created a hidden window",
  28. "Details": [
  29. {
  30. "Process": "Exes_002e36e3.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_002e36e3.exe"
  31. }
  32. ]
  33. },
  34. {
  35. "Description": "Performs some HTTP requests",
  36. "Details": [
  37. {
  38. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  39. },
  40. {
  41. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  42. },
  43. {
  44. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  45. },
  46. {
  47. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  48. },
  49. {
  50. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  51. },
  52. {
  53. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  54. },
  55. {
  56. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  57. },
  58. {
  59. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  60. },
  61. {
  62. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  63. },
  64. {
  65. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  66. },
  67. {
  68. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  69. },
  70. {
  71. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  72. },
  73. {
  74. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  75. },
  76. {
  77. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  78. },
  79. {
  80. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  81. },
  82. {
  83. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  84. },
  85. {
  86. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  87. },
  88. {
  89. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  90. },
  91. {
  92. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  93. },
  94. {
  95. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  96. },
  97. {
  98. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  99. },
  100. {
  101. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  102. },
  103. {
  104. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  105. }
  106. ]
  107. },
  108. {
  109. "Description": "File has been identified by 41 Antiviruses on VirusTotal as malicious",
  110. "Details": [
  111. {
  112. "MicroWorld-eScan": "Gen:Variant.Mikey.99065"
  113. },
  114. {
  115. "Qihoo-360": "Win32/Trojan.c69"
  116. },
  117. {
  118. "McAfee": "RDN/Generic.com"
  119. },
  120. {
  121. "Malwarebytes": "Trojan.MalPack.RES"
  122. },
  123. {
  124. "CrowdStrike": "win/malicious_confidence_80% (W)"
  125. },
  126. {
  127. "BitDefender": "Gen:Variant.Mikey.99065"
  128. },
  129. {
  130. "K7GW": "Trojan ( 0054fcdf1 )"
  131. },
  132. {
  133. "K7AntiVirus": "Trojan ( 0054fcdf1 )"
  134. },
  135. {
  136. "Invincea": "heuristic"
  137. },
  138. {
  139. "NANO-Antivirus": "Trojan.Win32.Bsymem.frdpmk"
  140. },
  141. {
  142. "Symantec": "Trojan.Gen.MBT"
  143. },
  144. {
  145. "APEX": "Malicious"
  146. },
  147. {
  148. "Paloalto": "generic.ml"
  149. },
  150. {
  151. "Rising": "Malware.Heuristic.MLite(95%) (AI-LITE:+i4+5cAKCdMkooNaLvwruA)"
  152. },
  153. {
  154. "Ad-Aware": "Gen:Variant.Mikey.99065"
  155. },
  156. {
  157. "Sophos": "Mal/Generic-S"
  158. },
  159. {
  160. "F-Secure": "Trojan.TR/AD.MoksSteal.bfng"
  161. },
  162. {
  163. "McAfee-GW-Edition": "Artemis!Trojan"
  164. },
  165. {
  166. "Trapmine": "malicious.moderate.ml.score"
  167. },
  168. {
  169. "FireEye": "Generic.mg.018e72343ac60f2b"
  170. },
  171. {
  172. "Emsisoft": "Gen:Variant.Mikey.99065 (B)"
  173. },
  174. {
  175. "Endgame": "malicious (high confidence)"
  176. },
  177. {
  178. "Webroot": "W32.Trojan.Gen"
  179. },
  180. {
  181. "Avira": "TR/AD.MoksSteal.bfng"
  182. },
  183. {
  184. "Fortinet": "W32/GenKryptik.DKGQ!tr"
  185. },
  186. {
  187. "Arcabit": "Trojan.Mikey.D182F9"
  188. },
  189. {
  190. "AhnLab-V3": "Trojan/Win32.Agent.C3286130"
  191. },
  192. {
  193. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  194. },
  195. {
  196. "Microsoft": "TrojanSpy:Win32/Banload.AAA!bit"
  197. },
  198. {
  199. "ESET-NOD32": "a variant of Win32/GenKryptik.DKGQ"
  200. },
  201. {
  202. "Acronis": "suspicious"
  203. },
  204. {
  205. "ALYac": "Gen:Variant.Mikey.99065"
  206. },
  207. {
  208. "MAX": "malware (ai score=84)"
  209. },
  210. {
  211. "Cylance": "Unsafe"
  212. },
  213. {
  214. "TrendMicro-HouseCall": "TROJ_GEN.R020H0CFA19"
  215. },
  216. {
  217. "Yandex": "Trojan.GenKryptik!"
  218. },
  219. {
  220. "SentinelOne": "DFI - Malicious PE"
  221. },
  222. {
  223. "eGambit": "Unsafe.AI_Score_95%"
  224. },
  225. {
  226. "GData": "Gen:Variant.Mikey.99065"
  227. },
  228. {
  229. "AVG": "Win32:RansomX-gen [Ransom]"
  230. },
  231. {
  232. "Avast": "Win32:RansomX-gen [Ransom]"
  233. }
  234. ]
  235. },
  236. {
  237. "Description": "Collects information to fingerprint the system",
  238. "Details": []
  239. }
  240. ]
  241.  
  242. [*] Started Service: []
  243.  
  244. [*] Executed Commands: [
  245. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_002e36e3.exe\""
  246. ]
  247.  
  248. [*] Mutexes: [
  249. "DBWinMutex",
  250. "A81FB8C60-BBE6E186-FC9B5DB5-36DA4559-33946726"
  251. ]
  252.  
  253. [*] Modified Files: []
  254.  
  255. [*] Deleted Files: []
  256.  
  257. [*] Modified Registry Keys: []
  258.  
  259. [*] Deleted Registry Keys: []
  260.  
  261. [*] DNS Communications: [
  262. {
  263. "type": "A",
  264. "request": "fdghfghdfghj.ru",
  265. "answers": [
  266. {
  267. "data": "",
  268. "type": "NXDOMAIN"
  269. }
  270. ]
  271. }
  272. ]
  273.  
  274. [*] Domains: [
  275. {
  276. "ip": "92.242.140.2",
  277. "domain": "fdghfghdfghj.ru"
  278. }
  279. ]
  280.  
  281. [*] Network Communication - ICMP: []
  282.  
  283. [*] Network Communication - HTTP: [
  284. {
  285. "count": 1,
  286. "body": "",
  287. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  288. "user-agent": "Microsoft-CryptoAPI/6.1",
  289. "method": "GET",
  290. "host": "ocsp.digicert.com",
  291. "version": "1.1",
  292. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  293. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  294. "port": 80
  295. },
  296. {
  297. "count": 1,
  298. "body": "",
  299. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  300. "user-agent": "Microsoft-CryptoAPI/6.1",
  301. "method": "GET",
  302. "host": "ocsp.digicert.com",
  303. "version": "1.1",
  304. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  305. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  306. "port": 80
  307. },
  308. {
  309. "count": 1,
  310. "body": "",
  311. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  312. "user-agent": "Microsoft-CryptoAPI/6.1",
  313. "method": "GET",
  314. "host": "ocsp.digicert.com",
  315. "version": "1.1",
  316. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  317. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  318. "port": 80
  319. },
  320. {
  321. "count": 1,
  322. "body": "",
  323. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  324. "user-agent": "Microsoft-CryptoAPI/6.1",
  325. "method": "GET",
  326. "host": "ocsp.pki.goog",
  327. "version": "1.1",
  328. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  329. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  330. "port": 80
  331. },
  332. {
  333. "count": 1,
  334. "body": "",
  335. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  336. "user-agent": "Microsoft-CryptoAPI/6.1",
  337. "method": "GET",
  338. "host": "ocsp.digicert.com",
  339. "version": "1.1",
  340. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  341. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  342. "port": 80
  343. },
  344. {
  345. "count": 1,
  346. "body": "",
  347. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  348. "user-agent": "Microsoft-CryptoAPI/6.1",
  349. "method": "GET",
  350. "host": "crl.microsoft.com",
  351. "version": "1.1",
  352. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  353. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  354. "port": 80
  355. },
  356. {
  357. "count": 1,
  358. "body": "",
  359. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  360. "user-agent": "Microsoft-CryptoAPI/6.1",
  361. "method": "GET",
  362. "host": "ocsp.comodoca.com",
  363. "version": "1.1",
  364. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  365. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  366. "port": 80
  367. },
  368. {
  369. "count": 1,
  370. "body": "",
  371. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  372. "user-agent": "Microsoft-CryptoAPI/6.1",
  373. "method": "GET",
  374. "host": "ocsp.pki.goog",
  375. "version": "1.1",
  376. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  377. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  378. "port": 80
  379. },
  380. {
  381. "count": 1,
  382. "body": "",
  383. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  384. "user-agent": "Microsoft-CryptoAPI/6.1",
  385. "method": "GET",
  386. "host": "ocsp.digicert.com",
  387. "version": "1.1",
  388. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  389. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  390. "port": 80
  391. },
  392. {
  393. "count": 1,
  394. "body": "",
  395. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  396. "user-agent": "Microsoft-CryptoAPI/6.1",
  397. "method": "GET",
  398. "host": "www.download.windowsupdate.com",
  399. "version": "1.1",
  400. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  401. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  402. "port": 80
  403. },
  404. {
  405. "count": 1,
  406. "body": "",
  407. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  408. "user-agent": "Microsoft-CryptoAPI/6.1",
  409. "method": "GET",
  410. "host": "crl.microsoft.com",
  411. "version": "1.1",
  412. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  413. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  414. "port": 80
  415. },
  416. {
  417. "count": 1,
  418. "body": "",
  419. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  420. "user-agent": "Microsoft-CryptoAPI/6.1",
  421. "method": "GET",
  422. "host": "ocsp.digicert.com",
  423. "version": "1.1",
  424. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  425. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  426. "port": 80
  427. },
  428. {
  429. "count": 1,
  430. "body": "",
  431. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  432. "user-agent": "Microsoft-CryptoAPI/6.1",
  433. "method": "GET",
  434. "host": "ocsp.digicert.com",
  435. "version": "1.1",
  436. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  437. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  438. "port": 80
  439. },
  440. {
  441. "count": 1,
  442. "body": "",
  443. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  444. "user-agent": "Microsoft-CryptoAPI/6.1",
  445. "method": "GET",
  446. "host": "ocsp.digicert.com",
  447. "version": "1.1",
  448. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  449. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  450. "port": 80
  451. },
  452. {
  453. "count": 1,
  454. "body": "",
  455. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  456. "user-agent": "Microsoft-CryptoAPI/6.1",
  457. "method": "GET",
  458. "host": "ocsp.pki.goog",
  459. "version": "1.1",
  460. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  461. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  462. "port": 80
  463. },
  464. {
  465. "count": 1,
  466. "body": "",
  467. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  468. "user-agent": "Microsoft-CryptoAPI/6.1",
  469. "method": "GET",
  470. "host": "ocsp.pki.goog",
  471. "version": "1.1",
  472. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  473. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  474. "port": 80
  475. },
  476. {
  477. "count": 1,
  478. "body": "",
  479. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  480. "user-agent": "Microsoft-CryptoAPI/6.1",
  481. "method": "GET",
  482. "host": "ocsp.digicert.com",
  483. "version": "1.1",
  484. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  485. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  486. "port": 80
  487. },
  488. {
  489. "count": 1,
  490. "body": "",
  491. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  492. "user-agent": "Microsoft-CryptoAPI/6.1",
  493. "method": "GET",
  494. "host": "ocsp.pki.goog",
  495. "version": "1.1",
  496. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  497. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  498. "port": 80
  499. },
  500. {
  501. "count": 1,
  502. "body": "",
  503. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  504. "user-agent": "Microsoft-CryptoAPI/6.1",
  505. "method": "GET",
  506. "host": "ocsp.msocsp.com",
  507. "version": "1.1",
  508. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  509. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  510. "port": 80
  511. },
  512. {
  513. "count": 1,
  514. "body": "",
  515. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  516. "user-agent": "Microsoft-CryptoAPI/6.1",
  517. "method": "GET",
  518. "host": "ocsp.thawte.com",
  519. "version": "1.1",
  520. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  521. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  522. "port": 80
  523. },
  524. {
  525. "count": 1,
  526. "body": "",
  527. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  528. "user-agent": "Microsoft-CryptoAPI/6.1",
  529. "method": "GET",
  530. "host": "ocsp.usertrust.com",
  531. "version": "1.1",
  532. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  533. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  534. "port": 80
  535. },
  536. {
  537. "count": 1,
  538. "body": "",
  539. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  540. "user-agent": "Microsoft-CryptoAPI/6.1",
  541. "method": "GET",
  542. "host": "th.symcd.com",
  543. "version": "1.1",
  544. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  545. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  546. "port": 80
  547. },
  548. {
  549. "count": 1,
  550. "body": "",
  551. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  552. "user-agent": "Microsoft-CryptoAPI/6.1",
  553. "method": "GET",
  554. "host": "ocsp.digicert.com",
  555. "version": "1.1",
  556. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  557. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  558. "port": 80
  559. },
  560. {
  561. "count": 1,
  562. "body": "",
  563. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  564. "user-agent": "Microsoft-CryptoAPI/6.1",
  565. "method": "GET",
  566. "host": "ocsp.digicert.com",
  567. "version": "1.1",
  568. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  569. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  570. "port": 80
  571. },
  572. {
  573. "count": 1,
  574. "body": "",
  575. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  576. "user-agent": "Microsoft-CryptoAPI/6.1",
  577. "method": "GET",
  578. "host": "ocsp.pki.goog",
  579. "version": "1.1",
  580. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  581. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  582. "port": 80
  583. },
  584. {
  585. "count": 1,
  586. "body": "",
  587. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  588. "user-agent": "Microsoft-CryptoAPI/6.1",
  589. "method": "GET",
  590. "host": "crl.microsoft.com",
  591. "version": "1.1",
  592. "path": "/pki/crl/products/microsoftrootcert.crl",
  593. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  594. "port": 80
  595. }
  596. ]
  597.  
  598. [*] Network Communication - SMTP: []
  599.  
  600. [*] Network Communication - Hosts: []
  601.  
  602. [*] Network Communication - IRC: []
  603.  
  604. [*] Static Analysis: {
  605. "pe": {
  606. "peid_signatures": null,
  607. "imports": [
  608. {
  609. "imports": [
  610. {
  611. "name": "LCMapStringW",
  612. "address": "0x40d04c"
  613. },
  614. {
  615. "name": "CompareStringW",
  616. "address": "0x40d050"
  617. },
  618. {
  619. "name": "SetEnvironmentVariableA",
  620. "address": "0x40d054"
  621. },
  622. {
  623. "name": "FreeEnvironmentStringsW",
  624. "address": "0x40d058"
  625. },
  626. {
  627. "name": "GetEnvironmentStringsW",
  628. "address": "0x40d05c"
  629. },
  630. {
  631. "name": "GetCPInfo",
  632. "address": "0x40d060"
  633. },
  634. {
  635. "name": "GetOEMCP",
  636. "address": "0x40d064"
  637. },
  638. {
  639. "name": "IsValidCodePage",
  640. "address": "0x40d068"
  641. },
  642. {
  643. "name": "FindNextFileA",
  644. "address": "0x40d06c"
  645. },
  646. {
  647. "name": "FindFirstFileExA",
  648. "address": "0x40d070"
  649. },
  650. {
  651. "name": "FindClose",
  652. "address": "0x40d074"
  653. },
  654. {
  655. "name": "CloseHandle",
  656. "address": "0x40d078"
  657. },
  658. {
  659. "name": "HeapAlloc",
  660. "address": "0x40d07c"
  661. },
  662. {
  663. "name": "HeapFree",
  664. "address": "0x40d080"
  665. },
  666. {
  667. "name": "GetACP",
  668. "address": "0x40d084"
  669. },
  670. {
  671. "name": "GetCommandLineW",
  672. "address": "0x40d088"
  673. },
  674. {
  675. "name": "GetCommandLineA",
  676. "address": "0x40d08c"
  677. },
  678. {
  679. "name": "GetModuleHandleExW",
  680. "address": "0x40d090"
  681. },
  682. {
  683. "name": "ExitProcess",
  684. "address": "0x40d094"
  685. },
  686. {
  687. "name": "WideCharToMultiByte",
  688. "address": "0x40d098"
  689. },
  690. {
  691. "name": "GetModuleFileNameA",
  692. "address": "0x40d09c"
  693. },
  694. {
  695. "name": "WriteFile",
  696. "address": "0x40d0a0"
  697. },
  698. {
  699. "name": "GetStdHandle",
  700. "address": "0x40d0a4"
  701. },
  702. {
  703. "name": "LoadLibraryExW",
  704. "address": "0x40d0a8"
  705. },
  706. {
  707. "name": "GetProcAddress",
  708. "address": "0x40d0ac"
  709. },
  710. {
  711. "name": "FreeLibrary",
  712. "address": "0x40d0b0"
  713. },
  714. {
  715. "name": "TlsFree",
  716. "address": "0x40d0b4"
  717. },
  718. {
  719. "name": "TlsSetValue",
  720. "address": "0x40d0b8"
  721. },
  722. {
  723. "name": "TlsGetValue",
  724. "address": "0x40d0bc"
  725. },
  726. {
  727. "name": "TlsAlloc",
  728. "address": "0x40d0c0"
  729. },
  730. {
  731. "name": "InitializeCriticalSectionAndSpinCount",
  732. "address": "0x40d0c4"
  733. },
  734. {
  735. "name": "DeleteCriticalSection",
  736. "address": "0x40d0c8"
  737. },
  738. {
  739. "name": "LeaveCriticalSection",
  740. "address": "0x40d0cc"
  741. },
  742. {
  743. "name": "EnterCriticalSection",
  744. "address": "0x40d0d0"
  745. },
  746. {
  747. "name": "SetLastError",
  748. "address": "0x40d0d4"
  749. },
  750. {
  751. "name": "GetLastError",
  752. "address": "0x40d0d8"
  753. },
  754. {
  755. "name": "RtlUnwind",
  756. "address": "0x40d0dc"
  757. },
  758. {
  759. "name": "TerminateProcess",
  760. "address": "0x40d0e0"
  761. },
  762. {
  763. "name": "GetCurrentProcess",
  764. "address": "0x40d0e4"
  765. },
  766. {
  767. "name": "GetModuleHandleW",
  768. "address": "0x40d0e8"
  769. },
  770. {
  771. "name": "IsProcessorFeaturePresent",
  772. "address": "0x40d0ec"
  773. },
  774. {
  775. "name": "GetStartupInfoW",
  776. "address": "0x40d0f0"
  777. },
  778. {
  779. "name": "SetUnhandledExceptionFilter",
  780. "address": "0x40d0f4"
  781. },
  782. {
  783. "name": "UnhandledExceptionFilter",
  784. "address": "0x40d0f8"
  785. },
  786. {
  787. "name": "IsDebuggerPresent",
  788. "address": "0x40d0fc"
  789. },
  790. {
  791. "name": "InitializeSListHead",
  792. "address": "0x40d100"
  793. },
  794. {
  795. "name": "GetSystemTimeAsFileTime",
  796. "address": "0x40d104"
  797. },
  798. {
  799. "name": "GetCurrentThreadId",
  800. "address": "0x40d108"
  801. },
  802. {
  803. "name": "GetCurrentProcessId",
  804. "address": "0x40d10c"
  805. },
  806. {
  807. "name": "QueryPerformanceCounter",
  808. "address": "0x40d110"
  809. },
  810. {
  811. "name": "SetStdHandle",
  812. "address": "0x40d114"
  813. },
  814. {
  815. "name": "GetFileType",
  816. "address": "0x40d118"
  817. },
  818. {
  819. "name": "GetStringTypeW",
  820. "address": "0x40d11c"
  821. },
  822. {
  823. "name": "GetProcessHeap",
  824. "address": "0x40d120"
  825. },
  826. {
  827. "name": "HeapSize",
  828. "address": "0x40d124"
  829. },
  830. {
  831. "name": "HeapReAlloc",
  832. "address": "0x40d128"
  833. },
  834. {
  835. "name": "FlushFileBuffers",
  836. "address": "0x40d12c"
  837. },
  838. {
  839. "name": "GetConsoleCP",
  840. "address": "0x40d130"
  841. },
  842. {
  843. "name": "GetConsoleMode",
  844. "address": "0x40d134"
  845. },
  846. {
  847. "name": "SetFilePointerEx",
  848. "address": "0x40d138"
  849. },
  850. {
  851. "name": "WriteConsoleW",
  852. "address": "0x40d13c"
  853. },
  854. {
  855. "name": "DecodePointer",
  856. "address": "0x40d140"
  857. },
  858. {
  859. "name": "CreateFileW",
  860. "address": "0x40d144"
  861. },
  862. {
  863. "name": "LoadLibraryW",
  864. "address": "0x40d148"
  865. },
  866. {
  867. "name": "RaiseException",
  868. "address": "0x40d14c"
  869. },
  870. {
  871. "name": "MultiByteToWideChar",
  872. "address": "0x40d150"
  873. },
  874. {
  875. "name": "VirtualProtect",
  876. "address": "0x40d154"
  877. }
  878. ],
  879. "dll": "KERNEL32.dll"
  880. },
  881. {
  882. "imports": [
  883. {
  884. "name": "CreateMDIWindowA",
  885. "address": "0x40d1c4"
  886. },
  887. {
  888. "name": "ImpersonateDdeClientWindow",
  889. "address": "0x40d1c8"
  890. },
  891. {
  892. "name": "SetKeyboardState",
  893. "address": "0x40d1cc"
  894. },
  895. {
  896. "name": "CreateCursor",
  897. "address": "0x40d1d0"
  898. },
  899. {
  900. "name": "LockWindowUpdate",
  901. "address": "0x40d1d4"
  902. },
  903. {
  904. "name": "GetDesktopWindow",
  905. "address": "0x40d1d8"
  906. },
  907. {
  908. "name": "ReuseDDElParam",
  909. "address": "0x40d1dc"
  910. },
  911. {
  912. "name": "EqualRect",
  913. "address": "0x40d1e0"
  914. },
  915. {
  916. "name": "DefWindowProcW",
  917. "address": "0x40d1e4"
  918. },
  919. {
  920. "name": "CreateIcon",
  921. "address": "0x40d1e8"
  922. },
  923. {
  924. "name": "IsCharAlphaA",
  925. "address": "0x40d1ec"
  926. },
  927. {
  928. "name": "ChangeDisplaySettingsExA",
  929. "address": "0x40d1f0"
  930. },
  931. {
  932. "name": "GetUserObjectSecurity",
  933. "address": "0x40d1f4"
  934. },
  935. {
  936. "name": "SetMessageExtraInfo",
  937. "address": "0x40d1f8"
  938. },
  939. {
  940. "name": "DdeQueryStringW",
  941. "address": "0x40d1fc"
  942. },
  943. {
  944. "name": "DefFrameProcA",
  945. "address": "0x40d200"
  946. },
  947. {
  948. "name": "AnyPopup",
  949. "address": "0x40d204"
  950. },
  951. {
  952. "name": "CharLowerBuffW",
  953. "address": "0x40d208"
  954. },
  955. {
  956. "name": "VkKeyScanExW",
  957. "address": "0x40d20c"
  958. },
  959. {
  960. "name": "UnhookWinEvent",
  961. "address": "0x40d210"
  962. },
  963. {
  964. "name": "IsCharUpperW",
  965. "address": "0x40d214"
  966. },
  967. {
  968. "name": "OpenWindowStationA",
  969. "address": "0x40d218"
  970. },
  971. {
  972. "name": "TranslateAcceleratorW",
  973. "address": "0x40d21c"
  974. },
  975. {
  976. "name": "ChangeDisplaySettingsExW",
  977. "address": "0x40d220"
  978. },
  979. {
  980. "name": "ToUnicodeEx",
  981. "address": "0x40d224"
  982. },
  983. {
  984. "name": "CreateWindowStationA",
  985. "address": "0x40d228"
  986. },
  987. {
  988. "name": "UnregisterHotKey",
  989. "address": "0x40d22c"
  990. }
  991. ],
  992. "dll": "USER32.dll"
  993. },
  994. {
  995. "imports": [
  996. {
  997. "name": "DocumentPropertySheets",
  998. "address": "0x40d288"
  999. },
  1000. {
  1001. "name": "EnumJobsW",
  1002. "address": "0x40d28c"
  1003. },
  1004. {
  1005. "name": "AddJobA",
  1006. "address": "0x40d290"
  1007. },
  1008. {
  1009. "name": "EnumPrintProcessorsA",
  1010. "address": "0x40d294"
  1011. },
  1012. {
  1013. "name": "GetFormW",
  1014. "address": "0x40d298"
  1015. },
  1016. {
  1017. "name": null,
  1018. "address": "0x40d29c"
  1019. },
  1020. {
  1021. "name": "GetSpoolFileHandle",
  1022. "address": "0x40d2a0"
  1023. },
  1024. {
  1025. "name": "PrinterProperties",
  1026. "address": "0x40d2a4"
  1027. },
  1028. {
  1029. "name": "DeleteMonitorW",
  1030. "address": "0x40d2a8"
  1031. },
  1032. {
  1033. "name": "EnumPrinterDriversW",
  1034. "address": "0x40d2ac"
  1035. },
  1036. {
  1037. "name": "EnumPrinterDriversA",
  1038. "address": "0x40d2b0"
  1039. },
  1040. {
  1041. "name": "CloseSpoolFileHandle",
  1042. "address": "0x40d2b4"
  1043. },
  1044. {
  1045. "name": "DeletePrintProcessorA",
  1046. "address": "0x40d2b8"
  1047. },
  1048. {
  1049. "name": "EnumPrintersA",
  1050. "address": "0x40d2bc"
  1051. },
  1052. {
  1053. "name": "GetPrinterA",
  1054. "address": "0x40d2c0"
  1055. },
  1056. {
  1057. "name": "AddPrintProcessorW",
  1058. "address": "0x40d2c4"
  1059. },
  1060. {
  1061. "name": null,
  1062. "address": "0x40d2c8"
  1063. },
  1064. {
  1065. "name": "DeletePrinterKeyA",
  1066. "address": "0x40d2cc"
  1067. },
  1068. {
  1069. "name": "DeletePrinterDriverA",
  1070. "address": "0x40d2d0"
  1071. },
  1072. {
  1073. "name": "PlayGdiScriptOnPrinterIC",
  1074. "address": "0x40d2d4"
  1075. },
  1076. {
  1077. "name": "DeletePrintProcessorW",
  1078. "address": "0x40d2d8"
  1079. },
  1080. {
  1081. "name": "FindClosePrinterChangeNotification",
  1082. "address": "0x40d2dc"
  1083. },
  1084. {
  1085. "name": null,
  1086. "address": "0x40d2e0"
  1087. },
  1088. {
  1089. "name": "DeletePrinterDataExW",
  1090. "address": "0x40d2e4"
  1091. },
  1092. {
  1093. "name": "XcvDataW",
  1094. "address": "0x40d2e8"
  1095. }
  1096. ],
  1097. "dll": "WINSPOOL.DRV"
  1098. },
  1099. {
  1100. "imports": [
  1101. {
  1102. "name": "InternetCloseHandle",
  1103. "address": "0x40d234"
  1104. },
  1105. {
  1106. "name": "HttpSendRequestA",
  1107. "address": "0x40d238"
  1108. },
  1109. {
  1110. "name": "InternetCrackUrlA",
  1111. "address": "0x40d23c"
  1112. },
  1113. {
  1114. "name": "FindNextUrlCacheContainerW",
  1115. "address": "0x40d240"
  1116. },
  1117. {
  1118. "name": "ParseX509EncodedCertificateForListBoxEntry",
  1119. "address": "0x40d244"
  1120. },
  1121. {
  1122. "name": "GetUrlCacheConfigInfoW",
  1123. "address": "0x40d248"
  1124. },
  1125. {
  1126. "name": "GopherCreateLocatorA",
  1127. "address": "0x40d24c"
  1128. },
  1129. {
  1130. "name": "FtpCreateDirectoryA",
  1131. "address": "0x40d250"
  1132. },
  1133. {
  1134. "name": "InternetCombineUrlA",
  1135. "address": "0x40d254"
  1136. },
  1137. {
  1138. "name": "SetUrlCacheEntryInfoA",
  1139. "address": "0x40d258"
  1140. },
  1141. {
  1142. "name": "InternetConnectW",
  1143. "address": "0x40d25c"
  1144. },
  1145. {
  1146. "name": "UnlockUrlCacheEntryFile",
  1147. "address": "0x40d260"
  1148. },
  1149. {
  1150. "name": "RetrieveUrlCacheEntryStreamA",
  1151. "address": "0x40d264"
  1152. },
  1153. {
  1154. "name": "InternetWriteFileExA",
  1155. "address": "0x40d268"
  1156. },
  1157. {
  1158. "name": "GetUrlCacheConfigInfoA",
  1159. "address": "0x40d26c"
  1160. },
  1161. {
  1162. "name": "InternetSetCookieA",
  1163. "address": "0x40d270"
  1164. },
  1165. {
  1166. "name": "GetUrlCacheHeaderData",
  1167. "address": "0x40d274"
  1168. },
  1169. {
  1170. "name": "HttpOpenRequestA",
  1171. "address": "0x40d278"
  1172. },
  1173. {
  1174. "name": "GopherGetAttributeW",
  1175. "address": "0x40d27c"
  1176. },
  1177. {
  1178. "name": "FindFirstUrlCacheContainerA",
  1179. "address": "0x40d280"
  1180. }
  1181. ],
  1182. "dll": "WININET.dll"
  1183. },
  1184. {
  1185. "imports": [
  1186. {
  1187. "name": "PathIsContentTypeW",
  1188. "address": "0x40d15c"
  1189. },
  1190. {
  1191. "name": "StrChrIA",
  1192. "address": "0x40d160"
  1193. },
  1194. {
  1195. "name": "SHDeleteKeyA",
  1196. "address": "0x40d164"
  1197. },
  1198. {
  1199. "name": "UrlGetLocationW",
  1200. "address": "0x40d168"
  1201. },
  1202. {
  1203. "name": "UrlUnescapeA",
  1204. "address": "0x40d16c"
  1205. },
  1206. {
  1207. "name": "StrCSpnA",
  1208. "address": "0x40d170"
  1209. },
  1210. {
  1211. "name": "StrFormatByteSizeA",
  1212. "address": "0x40d174"
  1213. },
  1214. {
  1215. "name": "SHRegCreateUSKeyA",
  1216. "address": "0x40d178"
  1217. },
  1218. {
  1219. "name": "UrlCanonicalizeW",
  1220. "address": "0x40d17c"
  1221. },
  1222. {
  1223. "name": "PathUnquoteSpacesA",
  1224. "address": "0x40d180"
  1225. },
  1226. {
  1227. "name": "SHRegWriteUSValueW",
  1228. "address": "0x40d184"
  1229. },
  1230. {
  1231. "name": "StrSpnW",
  1232. "address": "0x40d188"
  1233. },
  1234. {
  1235. "name": "PathRemoveBackslashW",
  1236. "address": "0x40d18c"
  1237. },
  1238. {
  1239. "name": "PathIsDirectoryW",
  1240. "address": "0x40d190"
  1241. },
  1242. {
  1243. "name": "PathParseIconLocationA",
  1244. "address": "0x40d194"
  1245. },
  1246. {
  1247. "name": "PathUnquoteSpacesW",
  1248. "address": "0x40d198"
  1249. },
  1250. {
  1251. "name": "PathCompactPathExW",
  1252. "address": "0x40d19c"
  1253. },
  1254. {
  1255. "name": "PathCombineW",
  1256. "address": "0x40d1a0"
  1257. },
  1258. {
  1259. "name": "SHEnumValueA",
  1260. "address": "0x40d1a4"
  1261. },
  1262. {
  1263. "name": "PathStripPathA",
  1264. "address": "0x40d1a8"
  1265. },
  1266. {
  1267. "name": "StrCatW",
  1268. "address": "0x40d1ac"
  1269. },
  1270. {
  1271. "name": "SHRegDeleteEmptyUSKeyA",
  1272. "address": "0x40d1b0"
  1273. },
  1274. {
  1275. "name": "StrStrIW",
  1276. "address": "0x40d1b4"
  1277. },
  1278. {
  1279. "name": "SHEnumKeyExA",
  1280. "address": "0x40d1b8"
  1281. },
  1282. {
  1283. "name": "StrCmpW",
  1284. "address": "0x40d1bc"
  1285. }
  1286. ],
  1287. "dll": "SHLWAPI.dll"
  1288. },
  1289. {
  1290. "imports": [
  1291. {
  1292. "name": "CryptHashPublicKeyInfo",
  1293. "address": "0x40d000"
  1294. },
  1295. {
  1296. "name": "CertAddSerializedElementToStore",
  1297. "address": "0x40d004"
  1298. },
  1299. {
  1300. "name": "CertDuplicateCRLContext",
  1301. "address": "0x40d008"
  1302. },
  1303. {
  1304. "name": "CertEnumCertificatesInStore",
  1305. "address": "0x40d00c"
  1306. },
  1307. {
  1308. "name": "CertAddEncodedCRLToStore",
  1309. "address": "0x40d010"
  1310. },
  1311. {
  1312. "name": "CertGetIntendedKeyUsage",
  1313. "address": "0x40d014"
  1314. },
  1315. {
  1316. "name": "CertSerializeCertificateStoreElement",
  1317. "address": "0x40d018"
  1318. },
  1319. {
  1320. "name": "CertIsRDNAttrsInCertificateName",
  1321. "address": "0x40d01c"
  1322. },
  1323. {
  1324. "name": "CryptImportPublicKeyInfo",
  1325. "address": "0x40d020"
  1326. },
  1327. {
  1328. "name": "CryptVerifyCertificateSignature",
  1329. "address": "0x40d024"
  1330. },
  1331. {
  1332. "name": "CertDeleteCTLFromStore",
  1333. "address": "0x40d028"
  1334. },
  1335. {
  1336. "name": "CryptFormatObject",
  1337. "address": "0x40d02c"
  1338. },
  1339. {
  1340. "name": "CryptExportPublicKeyInfo",
  1341. "address": "0x40d030"
  1342. },
  1343. {
  1344. "name": "CertSetEnhancedKeyUsage",
  1345. "address": "0x40d034"
  1346. },
  1347. {
  1348. "name": "CertAddCRLContextToStore",
  1349. "address": "0x40d038"
  1350. },
  1351. {
  1352. "name": "CertCompareCertificate",
  1353. "address": "0x40d03c"
  1354. },
  1355. {
  1356. "name": "CertCreateCTLContext",
  1357. "address": "0x40d040"
  1358. },
  1359. {
  1360. "name": "CryptSignAndEncryptMessage",
  1361. "address": "0x40d044"
  1362. }
  1363. ],
  1364. "dll": "CRYPT32.dll"
  1365. }
  1366. ],
  1367. "digital_signers": null,
  1368. "exported_dll_name": null,
  1369. "actual_checksum": "0x00064204",
  1370. "overlay": null,
  1371. "imagebase": "0x00400000",
  1372. "reported_checksum": "0x00000000",
  1373. "icon_hash": null,
  1374. "entrypoint": "0x00402055",
  1375. "timestamp": "2019-06-08 12:45:24",
  1376. "osversion": "5.1",
  1377. "sections": [
  1378. {
  1379. "name": ".text",
  1380. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1381. "virtual_address": "0x00001000",
  1382. "size_of_data": "0x0000be00",
  1383. "entropy": "6.65",
  1384. "raw_address": "0x00000400",
  1385. "virtual_size": "0x0000bd87",
  1386. "characteristics_raw": "0x60000020"
  1387. },
  1388. {
  1389. "name": ".rdata",
  1390. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1391. "virtual_address": "0x0000d000",
  1392. "size_of_data": "0x00006600",
  1393. "entropy": "5.09",
  1394. "raw_address": "0x0000c200",
  1395. "virtual_size": "0x000065b2",
  1396. "characteristics_raw": "0x40000040"
  1397. },
  1398. {
  1399. "name": ".data",
  1400. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1401. "virtual_address": "0x00014000",
  1402. "size_of_data": "0x00007800",
  1403. "entropy": "6.76",
  1404. "raw_address": "0x00012800",
  1405. "virtual_size": "0x00008120",
  1406. "characteristics_raw": "0xc0000040"
  1407. },
  1408. {
  1409. "name": ".gfids",
  1410. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1411. "virtual_address": "0x0001d000",
  1412. "size_of_data": "0x00000200",
  1413. "entropy": "1.41",
  1414. "raw_address": "0x0001a000",
  1415. "virtual_size": "0x000000ac",
  1416. "characteristics_raw": "0x40000040"
  1417. },
  1418. {
  1419. "name": ".rsrc",
  1420. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1421. "virtual_address": "0x0001e000",
  1422. "size_of_data": "0x00045a00",
  1423. "entropy": "6.22",
  1424. "raw_address": "0x0001a200",
  1425. "virtual_size": "0x000458f9",
  1426. "characteristics_raw": "0x40000040"
  1427. },
  1428. {
  1429. "name": ".reloc",
  1430. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1431. "virtual_address": "0x00064000",
  1432. "size_of_data": "0x00001800",
  1433. "entropy": "6.30",
  1434. "raw_address": "0x0005fc00",
  1435. "virtual_size": "0x00001628",
  1436. "characteristics_raw": "0x42000040"
  1437. }
  1438. ],
  1439. "resources": [],
  1440. "dirents": [
  1441. {
  1442. "virtual_address": "0x00000000",
  1443. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1444. "size": "0x00000000"
  1445. },
  1446. {
  1447. "virtual_address": "0x00012384",
  1448. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1449. "size": "0x0000008c"
  1450. },
  1451. {
  1452. "virtual_address": "0x0001e000",
  1453. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1454. "size": "0x000458f9"
  1455. },
  1456. {
  1457. "virtual_address": "0x00000000",
  1458. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1459. "size": "0x00000000"
  1460. },
  1461. {
  1462. "virtual_address": "0x00000000",
  1463. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1464. "size": "0x00000000"
  1465. },
  1466. {
  1467. "virtual_address": "0x00064000",
  1468. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1469. "size": "0x00001628"
  1470. },
  1471. {
  1472. "virtual_address": "0x00011cc0",
  1473. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1474. "size": "0x0000001c"
  1475. },
  1476. {
  1477. "virtual_address": "0x00000000",
  1478. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1479. "size": "0x00000000"
  1480. },
  1481. {
  1482. "virtual_address": "0x00000000",
  1483. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1484. "size": "0x00000000"
  1485. },
  1486. {
  1487. "virtual_address": "0x00000000",
  1488. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1489. "size": "0x00000000"
  1490. },
  1491. {
  1492. "virtual_address": "0x00011ce0",
  1493. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1494. "size": "0x00000040"
  1495. },
  1496. {
  1497. "virtual_address": "0x00000000",
  1498. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1499. "size": "0x00000000"
  1500. },
  1501. {
  1502. "virtual_address": "0x0000d000",
  1503. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1504. "size": "0x000002f0"
  1505. },
  1506. {
  1507. "virtual_address": "0x00000000",
  1508. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1509. "size": "0x00000000"
  1510. },
  1511. {
  1512. "virtual_address": "0x00000000",
  1513. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1514. "size": "0x00000000"
  1515. },
  1516. {
  1517. "virtual_address": "0x00000000",
  1518. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1519. "size": "0x00000000"
  1520. }
  1521. ],
  1522. "exports": [],
  1523. "guest_signers": {},
  1524. "imphash": "1263d471a0f2e9a98846386838077c21",
  1525. "icon_fuzzy": null,
  1526. "icon": null,
  1527. "pdbpath": null,
  1528. "imported_dll_count": 6,
  1529. "versioninfo": []
  1530. }
  1531. }
  1532.  
  1533. [*] Resolved APIs: [
  1534. "kernel32.dll.FlsAlloc",
  1535. "kernel32.dll.FlsSetValue",
  1536. "kernel32.dll.FlsGetValue",
  1537. "kernel32.dll.LCMapStringEx",
  1538. "crypt32.dll.CryptUnprotectData",
  1539. "crtdll.dll.wcscmp",
  1540. "gdiplus.dll.GdiplusStartup",
  1541. "gdiplus.dll.GdiplusShutdown",
  1542. "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
  1543. "gdiplus.dll.GdipGetImageEncodersSize",
  1544. "gdiplus.dll.GdipGetImageEncoders",
  1545. "gdiplus.dll.GdipDisposeImage",
  1546. "gdiplus.dll.GdipSaveImageToStream",
  1547. "ole32.dll.CreateStreamOnHGlobal",
  1548. "ole32.dll.GetHGlobalFromStream",
  1549. "kernel32.dll.ExpandEnvironmentStringsW",
  1550. "kernel32.dll.GetComputerNameW",
  1551. "kernel32.dll.GlobalMemoryStatus",
  1552. "kernel32.dll.CreateFileW",
  1553. "kernel32.dll.GetFileSize",
  1554. "kernel32.dll.CloseHandle",
  1555. "kernel32.dll.ReadFile",
  1556. "kernel32.dll.GetFileAttributesW",
  1557. "kernel32.dll.CreateMutexA",
  1558. "kernel32.dll.ReleaseMutex",
  1559. "kernel32.dll.GetLastError",
  1560. "kernel32.dll.GetCurrentDirectoryW",
  1561. "kernel32.dll.SetEnvironmentVariableW",
  1562. "kernel32.dll.GetEnvironmentVariableW",
  1563. "kernel32.dll.SetCurrentDirectoryW",
  1564. "kernel32.dll.FindFirstFileW",
  1565. "kernel32.dll.FindNextFileW",
  1566. "kernel32.dll.LocalFree",
  1567. "kernel32.dll.GetTickCount",
  1568. "kernel32.dll.CopyFileW",
  1569. "kernel32.dll.FindClose",
  1570. "kernel32.dll.GlobalMemoryStatusEx",
  1571. "kernel32.dll.CreateToolhelp32Snapshot",
  1572. "kernel32.dll.Process32FirstW",
  1573. "kernel32.dll.Process32NextW",
  1574. "kernel32.dll.GetModuleFileNameW",
  1575. "kernel32.dll.SetDllDirectoryW",
  1576. "kernel32.dll.GetLocaleInfoA",
  1577. "kernel32.dll.GetLocalTime",
  1578. "kernel32.dll.GetTimeZoneInformation",
  1579. "kernel32.dll.RemoveDirectoryW",
  1580. "kernel32.dll.DeleteFileW",
  1581. "kernel32.dll.GetLogicalDriveStringsA",
  1582. "kernel32.dll.GetDriveTypeA",
  1583. "kernel32.dll.CreateProcessW",
  1584. "advapi32.dll.GetUserNameW",
  1585. "advapi32.dll.RegCreateKeyExW",
  1586. "advapi32.dll.RegQueryValueExW",
  1587. "advapi32.dll.RegCloseKey",
  1588. "advapi32.dll.RegOpenKeyExW",
  1589. "advapi32.dll.AllocateAndInitializeSid",
  1590. "advapi32.dll.LookupAccountSidA",
  1591. "advapi32.dll.CreateProcessAsUserW",
  1592. "advapi32.dll.CheckTokenMembership",
  1593. "advapi32.dll.RegOpenKeyW",
  1594. "advapi32.dll.RegEnumKeyW",
  1595. "advapi32.dll.RegEnumValueW",
  1596. "advapi32.dll.CryptAcquireContextA",
  1597. "advapi32.dll.CryptCreateHash",
  1598. "advapi32.dll.CryptHashData",
  1599. "advapi32.dll.CryptGetHashParam",
  1600. "advapi32.dll.CryptDestroyHash",
  1601. "advapi32.dll.CryptReleaseContext",
  1602. "user32.dll.EnumDisplayDevicesW",
  1603. "user32.dll.wvsprintfA",
  1604. "user32.dll.GetKeyboardLayoutList",
  1605. "shell32.dll.ShellExecuteExW",
  1606. "ntdll.dll.RtlComputeCrc32",
  1607. "sechost.dll.LookupAccountSidLocalA",
  1608. "wininet.dll.InternetOpenA",
  1609. "wininet.dll.InternetConnectA",
  1610. "wininet.dll.HttpOpenRequestA",
  1611. "wininet.dll.HttpAddRequestHeadersA",
  1612. "wininet.dll.HttpSendRequestA",
  1613. "wininet.dll.InternetReadFile",
  1614. "wininet.dll.InternetCloseHandle",
  1615. "wininet.dll.InternetCrackUrlA",
  1616. "wininet.dll.InternetSetOptionA",
  1617. "rasapi32.dll.RasConnectionNotificationW",
  1618. "sechost.dll.NotifyServiceStatusChangeA",
  1619. "cryptbase.dll.SystemFunction036",
  1620. "wsock32.dll.WSAStartup",
  1621. "wsock32.dll.gethostbyname",
  1622. "wsock32.dll.socket",
  1623. "wsock32.dll.send",
  1624. "wsock32.dll.recv",
  1625. "wsock32.dll.htons",
  1626. "wsock32.dll.connect",
  1627. "wsock32.dll.closesocket",
  1628. "rpcrt4.dll.RpcBindingFree"
  1629. ]
  1630.  
  1631. [*] Static Analysis: {
  1632. "pe": {
  1633. "peid_signatures": null,
  1634. "imports": [
  1635. {
  1636. "imports": [
  1637. {
  1638. "name": "LCMapStringW",
  1639. "address": "0x40d04c"
  1640. },
  1641. {
  1642. "name": "CompareStringW",
  1643. "address": "0x40d050"
  1644. },
  1645. {
  1646. "name": "SetEnvironmentVariableA",
  1647. "address": "0x40d054"
  1648. },
  1649. {
  1650. "name": "FreeEnvironmentStringsW",
  1651. "address": "0x40d058"
  1652. },
  1653. {
  1654. "name": "GetEnvironmentStringsW",
  1655. "address": "0x40d05c"
  1656. },
  1657. {
  1658. "name": "GetCPInfo",
  1659. "address": "0x40d060"
  1660. },
  1661. {
  1662. "name": "GetOEMCP",
  1663. "address": "0x40d064"
  1664. },
  1665. {
  1666. "name": "IsValidCodePage",
  1667. "address": "0x40d068"
  1668. },
  1669. {
  1670. "name": "FindNextFileA",
  1671. "address": "0x40d06c"
  1672. },
  1673. {
  1674. "name": "FindFirstFileExA",
  1675. "address": "0x40d070"
  1676. },
  1677. {
  1678. "name": "FindClose",
  1679. "address": "0x40d074"
  1680. },
  1681. {
  1682. "name": "CloseHandle",
  1683. "address": "0x40d078"
  1684. },
  1685. {
  1686. "name": "HeapAlloc",
  1687. "address": "0x40d07c"
  1688. },
  1689. {
  1690. "name": "HeapFree",
  1691. "address": "0x40d080"
  1692. },
  1693. {
  1694. "name": "GetACP",
  1695. "address": "0x40d084"
  1696. },
  1697. {
  1698. "name": "GetCommandLineW",
  1699. "address": "0x40d088"
  1700. },
  1701. {
  1702. "name": "GetCommandLineA",
  1703. "address": "0x40d08c"
  1704. },
  1705. {
  1706. "name": "GetModuleHandleExW",
  1707. "address": "0x40d090"
  1708. },
  1709. {
  1710. "name": "ExitProcess",
  1711. "address": "0x40d094"
  1712. },
  1713. {
  1714. "name": "WideCharToMultiByte",
  1715. "address": "0x40d098"
  1716. },
  1717. {
  1718. "name": "GetModuleFileNameA",
  1719. "address": "0x40d09c"
  1720. },
  1721. {
  1722. "name": "WriteFile",
  1723. "address": "0x40d0a0"
  1724. },
  1725. {
  1726. "name": "GetStdHandle",
  1727. "address": "0x40d0a4"
  1728. },
  1729. {
  1730. "name": "LoadLibraryExW",
  1731. "address": "0x40d0a8"
  1732. },
  1733. {
  1734. "name": "GetProcAddress",
  1735. "address": "0x40d0ac"
  1736. },
  1737. {
  1738. "name": "FreeLibrary",
  1739. "address": "0x40d0b0"
  1740. },
  1741. {
  1742. "name": "TlsFree",
  1743. "address": "0x40d0b4"
  1744. },
  1745. {
  1746. "name": "TlsSetValue",
  1747. "address": "0x40d0b8"
  1748. },
  1749. {
  1750. "name": "TlsGetValue",
  1751. "address": "0x40d0bc"
  1752. },
  1753. {
  1754. "name": "TlsAlloc",
  1755. "address": "0x40d0c0"
  1756. },
  1757. {
  1758. "name": "InitializeCriticalSectionAndSpinCount",
  1759. "address": "0x40d0c4"
  1760. },
  1761. {
  1762. "name": "DeleteCriticalSection",
  1763. "address": "0x40d0c8"
  1764. },
  1765. {
  1766. "name": "LeaveCriticalSection",
  1767. "address": "0x40d0cc"
  1768. },
  1769. {
  1770. "name": "EnterCriticalSection",
  1771. "address": "0x40d0d0"
  1772. },
  1773. {
  1774. "name": "SetLastError",
  1775. "address": "0x40d0d4"
  1776. },
  1777. {
  1778. "name": "GetLastError",
  1779. "address": "0x40d0d8"
  1780. },
  1781. {
  1782. "name": "RtlUnwind",
  1783. "address": "0x40d0dc"
  1784. },
  1785. {
  1786. "name": "TerminateProcess",
  1787. "address": "0x40d0e0"
  1788. },
  1789. {
  1790. "name": "GetCurrentProcess",
  1791. "address": "0x40d0e4"
  1792. },
  1793. {
  1794. "name": "GetModuleHandleW",
  1795. "address": "0x40d0e8"
  1796. },
  1797. {
  1798. "name": "IsProcessorFeaturePresent",
  1799. "address": "0x40d0ec"
  1800. },
  1801. {
  1802. "name": "GetStartupInfoW",
  1803. "address": "0x40d0f0"
  1804. },
  1805. {
  1806. "name": "SetUnhandledExceptionFilter",
  1807. "address": "0x40d0f4"
  1808. },
  1809. {
  1810. "name": "UnhandledExceptionFilter",
  1811. "address": "0x40d0f8"
  1812. },
  1813. {
  1814. "name": "IsDebuggerPresent",
  1815. "address": "0x40d0fc"
  1816. },
  1817. {
  1818. "name": "InitializeSListHead",
  1819. "address": "0x40d100"
  1820. },
  1821. {
  1822. "name": "GetSystemTimeAsFileTime",
  1823. "address": "0x40d104"
  1824. },
  1825. {
  1826. "name": "GetCurrentThreadId",
  1827. "address": "0x40d108"
  1828. },
  1829. {
  1830. "name": "GetCurrentProcessId",
  1831. "address": "0x40d10c"
  1832. },
  1833. {
  1834. "name": "QueryPerformanceCounter",
  1835. "address": "0x40d110"
  1836. },
  1837. {
  1838. "name": "SetStdHandle",
  1839. "address": "0x40d114"
  1840. },
  1841. {
  1842. "name": "GetFileType",
  1843. "address": "0x40d118"
  1844. },
  1845. {
  1846. "name": "GetStringTypeW",
  1847. "address": "0x40d11c"
  1848. },
  1849. {
  1850. "name": "GetProcessHeap",
  1851. "address": "0x40d120"
  1852. },
  1853. {
  1854. "name": "HeapSize",
  1855. "address": "0x40d124"
  1856. },
  1857. {
  1858. "name": "HeapReAlloc",
  1859. "address": "0x40d128"
  1860. },
  1861. {
  1862. "name": "FlushFileBuffers",
  1863. "address": "0x40d12c"
  1864. },
  1865. {
  1866. "name": "GetConsoleCP",
  1867. "address": "0x40d130"
  1868. },
  1869. {
  1870. "name": "GetConsoleMode",
  1871. "address": "0x40d134"
  1872. },
  1873. {
  1874. "name": "SetFilePointerEx",
  1875. "address": "0x40d138"
  1876. },
  1877. {
  1878. "name": "WriteConsoleW",
  1879. "address": "0x40d13c"
  1880. },
  1881. {
  1882. "name": "DecodePointer",
  1883. "address": "0x40d140"
  1884. },
  1885. {
  1886. "name": "CreateFileW",
  1887. "address": "0x40d144"
  1888. },
  1889. {
  1890. "name": "LoadLibraryW",
  1891. "address": "0x40d148"
  1892. },
  1893. {
  1894. "name": "RaiseException",
  1895. "address": "0x40d14c"
  1896. },
  1897. {
  1898. "name": "MultiByteToWideChar",
  1899. "address": "0x40d150"
  1900. },
  1901. {
  1902. "name": "VirtualProtect",
  1903. "address": "0x40d154"
  1904. }
  1905. ],
  1906. "dll": "KERNEL32.dll"
  1907. },
  1908. {
  1909. "imports": [
  1910. {
  1911. "name": "CreateMDIWindowA",
  1912. "address": "0x40d1c4"
  1913. },
  1914. {
  1915. "name": "ImpersonateDdeClientWindow",
  1916. "address": "0x40d1c8"
  1917. },
  1918. {
  1919. "name": "SetKeyboardState",
  1920. "address": "0x40d1cc"
  1921. },
  1922. {
  1923. "name": "CreateCursor",
  1924. "address": "0x40d1d0"
  1925. },
  1926. {
  1927. "name": "LockWindowUpdate",
  1928. "address": "0x40d1d4"
  1929. },
  1930. {
  1931. "name": "GetDesktopWindow",
  1932. "address": "0x40d1d8"
  1933. },
  1934. {
  1935. "name": "ReuseDDElParam",
  1936. "address": "0x40d1dc"
  1937. },
  1938. {
  1939. "name": "EqualRect",
  1940. "address": "0x40d1e0"
  1941. },
  1942. {
  1943. "name": "DefWindowProcW",
  1944. "address": "0x40d1e4"
  1945. },
  1946. {
  1947. "name": "CreateIcon",
  1948. "address": "0x40d1e8"
  1949. },
  1950. {
  1951. "name": "IsCharAlphaA",
  1952. "address": "0x40d1ec"
  1953. },
  1954. {
  1955. "name": "ChangeDisplaySettingsExA",
  1956. "address": "0x40d1f0"
  1957. },
  1958. {
  1959. "name": "GetUserObjectSecurity",
  1960. "address": "0x40d1f4"
  1961. },
  1962. {
  1963. "name": "SetMessageExtraInfo",
  1964. "address": "0x40d1f8"
  1965. },
  1966. {
  1967. "name": "DdeQueryStringW",
  1968. "address": "0x40d1fc"
  1969. },
  1970. {
  1971. "name": "DefFrameProcA",
  1972. "address": "0x40d200"
  1973. },
  1974. {
  1975. "name": "AnyPopup",
  1976. "address": "0x40d204"
  1977. },
  1978. {
  1979. "name": "CharLowerBuffW",
  1980. "address": "0x40d208"
  1981. },
  1982. {
  1983. "name": "VkKeyScanExW",
  1984. "address": "0x40d20c"
  1985. },
  1986. {
  1987. "name": "UnhookWinEvent",
  1988. "address": "0x40d210"
  1989. },
  1990. {
  1991. "name": "IsCharUpperW",
  1992. "address": "0x40d214"
  1993. },
  1994. {
  1995. "name": "OpenWindowStationA",
  1996. "address": "0x40d218"
  1997. },
  1998. {
  1999. "name": "TranslateAcceleratorW",
  2000. "address": "0x40d21c"
  2001. },
  2002. {
  2003. "name": "ChangeDisplaySettingsExW",
  2004. "address": "0x40d220"
  2005. },
  2006. {
  2007. "name": "ToUnicodeEx",
  2008. "address": "0x40d224"
  2009. },
  2010. {
  2011. "name": "CreateWindowStationA",
  2012. "address": "0x40d228"
  2013. },
  2014. {
  2015. "name": "UnregisterHotKey",
  2016. "address": "0x40d22c"
  2017. }
  2018. ],
  2019. "dll": "USER32.dll"
  2020. },
  2021. {
  2022. "imports": [
  2023. {
  2024. "name": "DocumentPropertySheets",
  2025. "address": "0x40d288"
  2026. },
  2027. {
  2028. "name": "EnumJobsW",
  2029. "address": "0x40d28c"
  2030. },
  2031. {
  2032. "name": "AddJobA",
  2033. "address": "0x40d290"
  2034. },
  2035. {
  2036. "name": "EnumPrintProcessorsA",
  2037. "address": "0x40d294"
  2038. },
  2039. {
  2040. "name": "GetFormW",
  2041. "address": "0x40d298"
  2042. },
  2043. {
  2044. "name": null,
  2045. "address": "0x40d29c"
  2046. },
  2047. {
  2048. "name": "GetSpoolFileHandle",
  2049. "address": "0x40d2a0"
  2050. },
  2051. {
  2052. "name": "PrinterProperties",
  2053. "address": "0x40d2a4"
  2054. },
  2055. {
  2056. "name": "DeleteMonitorW",
  2057. "address": "0x40d2a8"
  2058. },
  2059. {
  2060. "name": "EnumPrinterDriversW",
  2061. "address": "0x40d2ac"
  2062. },
  2063. {
  2064. "name": "EnumPrinterDriversA",
  2065. "address": "0x40d2b0"
  2066. },
  2067. {
  2068. "name": "CloseSpoolFileHandle",
  2069. "address": "0x40d2b4"
  2070. },
  2071. {
  2072. "name": "DeletePrintProcessorA",
  2073. "address": "0x40d2b8"
  2074. },
  2075. {
  2076. "name": "EnumPrintersA",
  2077. "address": "0x40d2bc"
  2078. },
  2079. {
  2080. "name": "GetPrinterA",
  2081. "address": "0x40d2c0"
  2082. },
  2083. {
  2084. "name": "AddPrintProcessorW",
  2085. "address": "0x40d2c4"
  2086. },
  2087. {
  2088. "name": null,
  2089. "address": "0x40d2c8"
  2090. },
  2091. {
  2092. "name": "DeletePrinterKeyA",
  2093. "address": "0x40d2cc"
  2094. },
  2095. {
  2096. "name": "DeletePrinterDriverA",
  2097. "address": "0x40d2d0"
  2098. },
  2099. {
  2100. "name": "PlayGdiScriptOnPrinterIC",
  2101. "address": "0x40d2d4"
  2102. },
  2103. {
  2104. "name": "DeletePrintProcessorW",
  2105. "address": "0x40d2d8"
  2106. },
  2107. {
  2108. "name": "FindClosePrinterChangeNotification",
  2109. "address": "0x40d2dc"
  2110. },
  2111. {
  2112. "name": null,
  2113. "address": "0x40d2e0"
  2114. },
  2115. {
  2116. "name": "DeletePrinterDataExW",
  2117. "address": "0x40d2e4"
  2118. },
  2119. {
  2120. "name": "XcvDataW",
  2121. "address": "0x40d2e8"
  2122. }
  2123. ],
  2124. "dll": "WINSPOOL.DRV"
  2125. },
  2126. {
  2127. "imports": [
  2128. {
  2129. "name": "InternetCloseHandle",
  2130. "address": "0x40d234"
  2131. },
  2132. {
  2133. "name": "HttpSendRequestA",
  2134. "address": "0x40d238"
  2135. },
  2136. {
  2137. "name": "InternetCrackUrlA",
  2138. "address": "0x40d23c"
  2139. },
  2140. {
  2141. "name": "FindNextUrlCacheContainerW",
  2142. "address": "0x40d240"
  2143. },
  2144. {
  2145. "name": "ParseX509EncodedCertificateForListBoxEntry",
  2146. "address": "0x40d244"
  2147. },
  2148. {
  2149. "name": "GetUrlCacheConfigInfoW",
  2150. "address": "0x40d248"
  2151. },
  2152. {
  2153. "name": "GopherCreateLocatorA",
  2154. "address": "0x40d24c"
  2155. },
  2156. {
  2157. "name": "FtpCreateDirectoryA",
  2158. "address": "0x40d250"
  2159. },
  2160. {
  2161. "name": "InternetCombineUrlA",
  2162. "address": "0x40d254"
  2163. },
  2164. {
  2165. "name": "SetUrlCacheEntryInfoA",
  2166. "address": "0x40d258"
  2167. },
  2168. {
  2169. "name": "InternetConnectW",
  2170. "address": "0x40d25c"
  2171. },
  2172. {
  2173. "name": "UnlockUrlCacheEntryFile",
  2174. "address": "0x40d260"
  2175. },
  2176. {
  2177. "name": "RetrieveUrlCacheEntryStreamA",
  2178. "address": "0x40d264"
  2179. },
  2180. {
  2181. "name": "InternetWriteFileExA",
  2182. "address": "0x40d268"
  2183. },
  2184. {
  2185. "name": "GetUrlCacheConfigInfoA",
  2186. "address": "0x40d26c"
  2187. },
  2188. {
  2189. "name": "InternetSetCookieA",
  2190. "address": "0x40d270"
  2191. },
  2192. {
  2193. "name": "GetUrlCacheHeaderData",
  2194. "address": "0x40d274"
  2195. },
  2196. {
  2197. "name": "HttpOpenRequestA",
  2198. "address": "0x40d278"
  2199. },
  2200. {
  2201. "name": "GopherGetAttributeW",
  2202. "address": "0x40d27c"
  2203. },
  2204. {
  2205. "name": "FindFirstUrlCacheContainerA",
  2206. "address": "0x40d280"
  2207. }
  2208. ],
  2209. "dll": "WININET.dll"
  2210. },
  2211. {
  2212. "imports": [
  2213. {
  2214. "name": "PathIsContentTypeW",
  2215. "address": "0x40d15c"
  2216. },
  2217. {
  2218. "name": "StrChrIA",
  2219. "address": "0x40d160"
  2220. },
  2221. {
  2222. "name": "SHDeleteKeyA",
  2223. "address": "0x40d164"
  2224. },
  2225. {
  2226. "name": "UrlGetLocationW",
  2227. "address": "0x40d168"
  2228. },
  2229. {
  2230. "name": "UrlUnescapeA",
  2231. "address": "0x40d16c"
  2232. },
  2233. {
  2234. "name": "StrCSpnA",
  2235. "address": "0x40d170"
  2236. },
  2237. {
  2238. "name": "StrFormatByteSizeA",
  2239. "address": "0x40d174"
  2240. },
  2241. {
  2242. "name": "SHRegCreateUSKeyA",
  2243. "address": "0x40d178"
  2244. },
  2245. {
  2246. "name": "UrlCanonicalizeW",
  2247. "address": "0x40d17c"
  2248. },
  2249. {
  2250. "name": "PathUnquoteSpacesA",
  2251. "address": "0x40d180"
  2252. },
  2253. {
  2254. "name": "SHRegWriteUSValueW",
  2255. "address": "0x40d184"
  2256. },
  2257. {
  2258. "name": "StrSpnW",
  2259. "address": "0x40d188"
  2260. },
  2261. {
  2262. "name": "PathRemoveBackslashW",
  2263. "address": "0x40d18c"
  2264. },
  2265. {
  2266. "name": "PathIsDirectoryW",
  2267. "address": "0x40d190"
  2268. },
  2269. {
  2270. "name": "PathParseIconLocationA",
  2271. "address": "0x40d194"
  2272. },
  2273. {
  2274. "name": "PathUnquoteSpacesW",
  2275. "address": "0x40d198"
  2276. },
  2277. {
  2278. "name": "PathCompactPathExW",
  2279. "address": "0x40d19c"
  2280. },
  2281. {
  2282. "name": "PathCombineW",
  2283. "address": "0x40d1a0"
  2284. },
  2285. {
  2286. "name": "SHEnumValueA",
  2287. "address": "0x40d1a4"
  2288. },
  2289. {
  2290. "name": "PathStripPathA",
  2291. "address": "0x40d1a8"
  2292. },
  2293. {
  2294. "name": "StrCatW",
  2295. "address": "0x40d1ac"
  2296. },
  2297. {
  2298. "name": "SHRegDeleteEmptyUSKeyA",
  2299. "address": "0x40d1b0"
  2300. },
  2301. {
  2302. "name": "StrStrIW",
  2303. "address": "0x40d1b4"
  2304. },
  2305. {
  2306. "name": "SHEnumKeyExA",
  2307. "address": "0x40d1b8"
  2308. },
  2309. {
  2310. "name": "StrCmpW",
  2311. "address": "0x40d1bc"
  2312. }
  2313. ],
  2314. "dll": "SHLWAPI.dll"
  2315. },
  2316. {
  2317. "imports": [
  2318. {
  2319. "name": "CryptHashPublicKeyInfo",
  2320. "address": "0x40d000"
  2321. },
  2322. {
  2323. "name": "CertAddSerializedElementToStore",
  2324. "address": "0x40d004"
  2325. },
  2326. {
  2327. "name": "CertDuplicateCRLContext",
  2328. "address": "0x40d008"
  2329. },
  2330. {
  2331. "name": "CertEnumCertificatesInStore",
  2332. "address": "0x40d00c"
  2333. },
  2334. {
  2335. "name": "CertAddEncodedCRLToStore",
  2336. "address": "0x40d010"
  2337. },
  2338. {
  2339. "name": "CertGetIntendedKeyUsage",
  2340. "address": "0x40d014"
  2341. },
  2342. {
  2343. "name": "CertSerializeCertificateStoreElement",
  2344. "address": "0x40d018"
  2345. },
  2346. {
  2347. "name": "CertIsRDNAttrsInCertificateName",
  2348. "address": "0x40d01c"
  2349. },
  2350. {
  2351. "name": "CryptImportPublicKeyInfo",
  2352. "address": "0x40d020"
  2353. },
  2354. {
  2355. "name": "CryptVerifyCertificateSignature",
  2356. "address": "0x40d024"
  2357. },
  2358. {
  2359. "name": "CertDeleteCTLFromStore",
  2360. "address": "0x40d028"
  2361. },
  2362. {
  2363. "name": "CryptFormatObject",
  2364. "address": "0x40d02c"
  2365. },
  2366. {
  2367. "name": "CryptExportPublicKeyInfo",
  2368. "address": "0x40d030"
  2369. },
  2370. {
  2371. "name": "CertSetEnhancedKeyUsage",
  2372. "address": "0x40d034"
  2373. },
  2374. {
  2375. "name": "CertAddCRLContextToStore",
  2376. "address": "0x40d038"
  2377. },
  2378. {
  2379. "name": "CertCompareCertificate",
  2380. "address": "0x40d03c"
  2381. },
  2382. {
  2383. "name": "CertCreateCTLContext",
  2384. "address": "0x40d040"
  2385. },
  2386. {
  2387. "name": "CryptSignAndEncryptMessage",
  2388. "address": "0x40d044"
  2389. }
  2390. ],
  2391. "dll": "CRYPT32.dll"
  2392. }
  2393. ],
  2394. "digital_signers": null,
  2395. "exported_dll_name": null,
  2396. "actual_checksum": "0x00064204",
  2397. "overlay": null,
  2398. "imagebase": "0x00400000",
  2399. "reported_checksum": "0x00000000",
  2400. "icon_hash": null,
  2401. "entrypoint": "0x00402055",
  2402. "timestamp": "2019-06-08 12:45:24",
  2403. "osversion": "5.1",
  2404. "sections": [
  2405. {
  2406. "name": ".text",
  2407. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  2408. "virtual_address": "0x00001000",
  2409. "size_of_data": "0x0000be00",
  2410. "entropy": "6.65",
  2411. "raw_address": "0x00000400",
  2412. "virtual_size": "0x0000bd87",
  2413. "characteristics_raw": "0x60000020"
  2414. },
  2415. {
  2416. "name": ".rdata",
  2417. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2418. "virtual_address": "0x0000d000",
  2419. "size_of_data": "0x00006600",
  2420. "entropy": "5.09",
  2421. "raw_address": "0x0000c200",
  2422. "virtual_size": "0x000065b2",
  2423. "characteristics_raw": "0x40000040"
  2424. },
  2425. {
  2426. "name": ".data",
  2427. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  2428. "virtual_address": "0x00014000",
  2429. "size_of_data": "0x00007800",
  2430. "entropy": "6.76",
  2431. "raw_address": "0x00012800",
  2432. "virtual_size": "0x00008120",
  2433. "characteristics_raw": "0xc0000040"
  2434. },
  2435. {
  2436. "name": ".gfids",
  2437. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2438. "virtual_address": "0x0001d000",
  2439. "size_of_data": "0x00000200",
  2440. "entropy": "1.41",
  2441. "raw_address": "0x0001a000",
  2442. "virtual_size": "0x000000ac",
  2443. "characteristics_raw": "0x40000040"
  2444. },
  2445. {
  2446. "name": ".rsrc",
  2447. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2448. "virtual_address": "0x0001e000",
  2449. "size_of_data": "0x00045a00",
  2450. "entropy": "6.22",
  2451. "raw_address": "0x0001a200",
  2452. "virtual_size": "0x000458f9",
  2453. "characteristics_raw": "0x40000040"
  2454. },
  2455. {
  2456. "name": ".reloc",
  2457. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  2458. "virtual_address": "0x00064000",
  2459. "size_of_data": "0x00001800",
  2460. "entropy": "6.30",
  2461. "raw_address": "0x0005fc00",
  2462. "virtual_size": "0x00001628",
  2463. "characteristics_raw": "0x42000040"
  2464. }
  2465. ],
  2466. "resources": [],
  2467. "dirents": [
  2468. {
  2469. "virtual_address": "0x00000000",
  2470. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  2471. "size": "0x00000000"
  2472. },
  2473. {
  2474. "virtual_address": "0x00012384",
  2475. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  2476. "size": "0x0000008c"
  2477. },
  2478. {
  2479. "virtual_address": "0x0001e000",
  2480. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  2481. "size": "0x000458f9"
  2482. },
  2483. {
  2484. "virtual_address": "0x00000000",
  2485. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  2486. "size": "0x00000000"
  2487. },
  2488. {
  2489. "virtual_address": "0x00000000",
  2490. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  2491. "size": "0x00000000"
  2492. },
  2493. {
  2494. "virtual_address": "0x00064000",
  2495. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  2496. "size": "0x00001628"
  2497. },
  2498. {
  2499. "virtual_address": "0x00011cc0",
  2500. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  2501. "size": "0x0000001c"
  2502. },
  2503. {
  2504. "virtual_address": "0x00000000",
  2505. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  2506. "size": "0x00000000"
  2507. },
  2508. {
  2509. "virtual_address": "0x00000000",
  2510. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  2511. "size": "0x00000000"
  2512. },
  2513. {
  2514. "virtual_address": "0x00000000",
  2515. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  2516. "size": "0x00000000"
  2517. },
  2518. {
  2519. "virtual_address": "0x00011ce0",
  2520. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  2521. "size": "0x00000040"
  2522. },
  2523. {
  2524. "virtual_address": "0x00000000",
  2525. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  2526. "size": "0x00000000"
  2527. },
  2528. {
  2529. "virtual_address": "0x0000d000",
  2530. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  2531. "size": "0x000002f0"
  2532. },
  2533. {
  2534. "virtual_address": "0x00000000",
  2535. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  2536. "size": "0x00000000"
  2537. },
  2538. {
  2539. "virtual_address": "0x00000000",
  2540. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  2541. "size": "0x00000000"
  2542. },
  2543. {
  2544. "virtual_address": "0x00000000",
  2545. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  2546. "size": "0x00000000"
  2547. }
  2548. ],
  2549. "exports": [],
  2550. "guest_signers": {},
  2551. "imphash": "1263d471a0f2e9a98846386838077c21",
  2552. "icon_fuzzy": null,
  2553. "icon": null,
  2554. "pdbpath": null,
  2555. "imported_dll_count": 6,
  2556. "versioninfo": []
  2557. }
  2558. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!