Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Shade"
- [*] MalScore: 10.0
- [*] File Name: "Exes_7c416c2b.jpg"
- [*] File Size: 1217800
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "ecbe8ab4a1d08eac6a0cab99ace3e0eb6a37a9834e2996c208cdf91b351ff022"
- [*] MD5: "cad93bdcbcf806d7409e6899d1d40d5d"
- [*] SHA1: "e543186e78d2d36a00dbc187e34e2379a7f993d7"
- [*] SHA512: "d95b2b443ffd6b4dd3a97a721ae826a0ea9ff0876f3a5cc312d40d73be5f8f940ffa1892a09e4ce6d6ed4300b00016a87ee0f0de44b5f3fb8d2f86797a94e457"
- [*] CRC32: "7C416C2B"
- [*] SSDEEP: "24576:V/KnFivASBMXgRNhrW+PZrtNeGmUVIjtLpw5tLpwX:1gFivAuMX6NQ+PZrtwGmcutLUtLk"
- [*] Process Execution: [
- "Exes_7c416c2b.jpg"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Attempts to connect to a dead IP:Port (6 unique times)",
- "Details": [
- {
- "IP": "142.93.232.80:443"
- },
- {
- "IP": "131.188.40.189:443"
- },
- {
- "IP": "51.15.56.123:9001"
- },
- {
- "IP": "136.243.82.132:9001"
- },
- {
- "IP": "171.25.193.9:80"
- },
- {
- "IP": "163.172.142.92:443"
- }
- ]
- },
- {
- "Description": "Starts servers listening on 127.0.0.1:41822",
- "Details": []
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: Exes_7c416c2b.jpg, pid: 960, offset: 0x00000000, length: 0x00129508"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .data, entropy: 7.30, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000fe800, virtual_size: 0x000fec20"
- },
- {
- "section": "name: .rsrc, entropy: 7.24, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00024c00, virtual_size: 0x00101a78"
- }
- ]
- },
- {
- "Description": "Installs Tor on the infected machine",
- "Details": []
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem"
- },
- {
- "data": "\"C:\\ProgramData\\Windows\\csrss.exe\""
- }
- ]
- },
- {
- "Description": "Collects information about installed applications",
- "Details": [
- {
- "Program": "Google Update Helper"
- },
- {
- "Program": "Python 3.7.2"
- },
- {
- "Program": "Microsoft Excel MUI 2013"
- },
- {
- "Program": "Microsoft Outlook MUI 2013"
- },
- {
- "Program": "Python 2.7.15"
- },
- {
- "Program": "Google Chrome"
- },
- {
- "Program": "Adobe Flash Player 29 NPAPI"
- },
- {
- "Program": "Adobe Flash Player 29 ActiveX"
- },
- {
- "Program": "Microsoft DCF MUI 2013"
- },
- {
- "Program": "Microsoft Access MUI 2013"
- },
- {
- "Program": "Microsoft Office Proofing Tools 2013 - English"
- },
- {
- "Program": "Adobe Acrobat Reader DC"
- },
- {
- "Program": "Microsoft Publisher MUI 2013"
- },
- {
- "Program": "Microsoft Office Shared MUI 2013"
- },
- {
- "Program": "Microsoft Office OSM MUI 2013"
- },
- {
- "Program": "Microsoft InfoPath MUI 2013"
- },
- {
- "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
- },
- {
- "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
- },
- {
- "Program": "Microsoft Word MUI 2013"
- },
- {
- "Program": "Microsoft OneDrive"
- },
- {
- "Program": "Microsoft Groove MUI 2013"
- },
- {
- "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
- },
- {
- "Program": "Python 2.7 PIL-1.1.7"
- },
- {
- "Program": "Microsoft Access Setup Metadata MUI 2013"
- },
- {
- "Program": "Microsoft Office OSM UX MUI 2013"
- },
- {
- "Program": "Java Auto Updater"
- },
- {
- "Program": "Microsoft PowerPoint MUI 2013"
- },
- {
- "Program": "Microsoft Office Professional Plus 2013"
- },
- {
- "Program": "Adobe Refresh Manager"
- },
- {
- "Program": "Microsoft Office Proofing 2013"
- },
- {
- "Program": "Microsoft Lync MUI 2013"
- },
- {
- "Program": "Python Launcher"
- },
- {
- "Program": "Microsoft OneNote MUI 2013"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\ProgramData\\Windows\\"
- }
- ]
- },
- {
- "Description": "File has been identified by 53 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.31615007"
- },
- {
- "CAT-QuickHeal": "Trojan.Azden"
- },
- {
- "McAfee": "Trojan-FQSD!CAD93BDCBCF8"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "VIPRE": "Trojan.Win32.Generic!BT"
- },
- {
- "AegisLab": "Trojan.Win32.Shade.4!c"
- },
- {
- "BitDefender": "Trojan.GenericKD.31615007"
- },
- {
- "K7GW": "Trojan ( 00546c801 )"
- },
- {
- "K7AntiVirus": "Trojan ( 00546c801 )"
- },
- {
- "Arcabit": "Trojan.Generic.D1E2681F"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Kryptik.fmnowj"
- },
- {
- "ESET-NOD32": "Win32/Filecoder.Shade.A"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Kaspersky": "HEUR:Trojan-Ransom.Win32.Shade.gen"
- },
- {
- "Alibaba": "Ransom:Win32/Shade.50731913"
- },
- {
- "Tencent": "Win32.Trojan.Filecoder.Tccf"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Emsisoft": "Trojan-Ransom.Shade (A)"
- },
- {
- "Comodo": "Malware@#1itqh2rz0y47o"
- },
- {
- "F-Secure": "Trojan.TR/AD.Troldesh.jqrop"
- },
- {
- "DrWeb": "Trojan.Encoder.858"
- },
- {
- "Zillya": "Trojan.Shade.Win32.985"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "Trojan-FQSD!CAD93BDCBCF8"
- },
- {
- "Trapmine": "suspicious.low.ml.score"
- },
- {
- "FireEye": "Generic.mg.cad93bdcbcf806d7"
- },
- {
- "Ikarus": "Trojan-Ransom.Crypted007"
- },
- {
- "Cyren": "W32/Trojan.HXGR-2675"
- },
- {
- "Jiangmin": "Trojan.Shade.qz"
- },
- {
- "Webroot": "W32.Malware.Gen"
- },
- {
- "Avira": "TR/AD.Troldesh.jqrop"
- },
- {
- "Antiy-AVL": "Trojan[Ransom]/Win32.Shade"
- },
- {
- "Microsoft": "Trojan:Win32/Emotet.PB"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-Ransom.Win32.Shade.gen"
- },
- {
- "GData": "Trojan.GenericKD.31615007"
- },
- {
- "Sophos": "Mal/Cerber-AL"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Hermesran.R254356"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "VBA32": "TrojanRansom.Shade"
- },
- {
- "ALYac": "Trojan.Ransom.Shade"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.31615007"
- },
- {
- "Malwarebytes": "Trojan.MalPack"
- },
- {
- "TrendMicro-HouseCall": "TrojanSpy.Win32.EMOTET.SMA"
- },
- {
- "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Fortinet": "W32/Kryptik.GQEV!tr"
- },
- {
- "MaxSecure": "Trojan.Malware.74102313.susgen"
- },
- {
- "AVG": "Win32:Trojan-gen"
- },
- {
- "Cybereason": "malicious.cbcf80"
- },
- {
- "Avast": "Win32:Trojan-gen"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "HEUR/QVM20.1.E8FF.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\ProgramData\\Windows\\csrss.exe"
- }
- ]
- },
- {
- "Description": "Harvests information related to installed mail clients",
- "Details": [
- {
- "file": "C:\\Users\\user\\Documents\\Outlook Files\\Outlook.pst"
- }
- ]
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Actual checksum does not match that reported in PE header"
- }
- ]
- },
- {
- "Description": "Created network traffic indicative of malicious activity",
- "Details": [
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 177"
- },
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 147"
- },
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 187"
- },
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 507"
- },
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 131"
- },
- {
- "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 125"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: [
- "\\??\\PIPE\\wkssvc",
- "C:\\ProgramData\\Windows\\csrss.exe",
- "\\??\\PIPE\\srvsvc",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\lock",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
- "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp"
- ]
- [*] Modified Registry Keys: [
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\System32\\Configuration\\",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xVersion"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6242\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6243-15029\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=15030-25284\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=25285-35138\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=35139-55711\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=55712-97828\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=97829-188725\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=188726-336648\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=336649-676744\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=676745-756012\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=756013-1544838\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1544839-4481094\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4481095-10202722\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480688&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10202723-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetStartupInfoW",
- "address": "0x405030"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x405034"
- },
- {
- "name": "GetTickCount",
- "address": "0x405038"
- },
- {
- "name": "InterlockedCompareExchange",
- "address": "0x40503c"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x405040"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x405044"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x405048"
- },
- {
- "name": "LocalAlloc",
- "address": "0x40504c"
- },
- {
- "name": "LocalFree",
- "address": "0x405050"
- },
- {
- "name": "OpenEventW",
- "address": "0x405054"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x405058"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x40505c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x405060"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x405064"
- },
- {
- "name": "SetErrorMode",
- "address": "0x405068"
- },
- {
- "name": "SetEvent",
- "address": "0x40506c"
- },
- {
- "name": "SetPriorityClass",
- "address": "0x405070"
- },
- {
- "name": "SetThreadPriority",
- "address": "0x405074"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x405078"
- },
- {
- "name": "Sleep",
- "address": "0x40507c"
- },
- {
- "name": "TerminateProcess",
- "address": "0x405080"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x405084"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x405088"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40508c"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x405090"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x405094"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x405098"
- },
- {
- "name": "GetLastError",
- "address": "0x40509c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4050a0"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4050a4"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4050a8"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x4050ac"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4050b0"
- },
- {
- "name": "CreateEventW",
- "address": "0x4050b4"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4050b8"
- },
- {
- "name": "CloseHandle",
- "address": "0x4050bc"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4050c0"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "EndMenu",
- "address": "0x4050c8"
- },
- {
- "name": "GetClipboardSequenceNumber",
- "address": "0x4050cc"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4050d0"
- },
- {
- "name": "EnumClipboardFormats",
- "address": "0x4050d4"
- },
- {
- "name": "GetInputState",
- "address": "0x4050d8"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4050dc"
- },
- {
- "name": "GetCursor",
- "address": "0x4050e0"
- },
- {
- "name": "IsMenu",
- "address": "0x4050e4"
- },
- {
- "name": "GetProcessWindowStation",
- "address": "0x4050e8"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x4050ec"
- },
- {
- "name": "GetListBoxInfo",
- "address": "0x4050f0"
- },
- {
- "name": "IsCharUpperA",
- "address": "0x4050f4"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x4050f8"
- },
- {
- "name": "DestroyWindow",
- "address": "0x4050fc"
- },
- {
- "name": "DestroyCursor",
- "address": "0x405100"
- },
- {
- "name": "CharToOemBuffA",
- "address": "0x405104"
- },
- {
- "name": "GetWindowContextHelpId",
- "address": "0x405108"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "GetPixelFormat",
- "address": "0x405008"
- },
- {
- "name": "GetColorSpace",
- "address": "0x40500c"
- },
- {
- "name": "GetTextColor",
- "address": "0x405010"
- },
- {
- "name": "GetPolyFillMode",
- "address": "0x405014"
- },
- {
- "name": "CreateMetaFileA",
- "address": "0x405018"
- },
- {
- "name": "GetMapMode",
- "address": "0x40501c"
- },
- {
- "name": "GetDCBrushColor",
- "address": "0x405020"
- },
- {
- "name": "CancelDC",
- "address": "0x405024"
- },
- {
- "name": "GetEnhMetaFileA",
- "address": "0x405028"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "RegOpenKeyExW",
- "address": "0x405000"
- }
- ],
- "dll": "ADVAPI32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0012d035",
- "overlay": {
- "size": "0x00000d08",
- "offset": "0x00128800"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00133019",
- "icon_hash": null,
- "entrypoint": "0x004039a0",
- "timestamp": "2019-01-31 04:02:08",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00003e00",
- "entropy": "5.34",
- "raw_address": "0x00000400",
- "virtual_size": "0x00003d5a",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00001000",
- "entropy": "5.24",
- "raw_address": "0x00004200",
- "virtual_size": "0x00000f64",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00006000",
- "size_of_data": "0x000fe800",
- "entropy": "7.30",
- "raw_address": "0x00005200",
- "virtual_size": "0x000fec20",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".CRT",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00105000",
- "size_of_data": "0x00000200",
- "entropy": "0.06",
- "raw_address": "0x00103a00",
- "virtual_size": "0x00000004",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00106000",
- "size_of_data": "0x00024c00",
- "entropy": "7.24",
- "raw_address": "0x00103c00",
- "virtual_size": "0x00101a78",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005924",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x00106000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00024a78"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00128800",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000d08"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000110"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "3c775e96b806128b1dc225d68ec6d59a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.RegQueryValueExA",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.LoadLibraryExA",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.SetFilePointer",
- "kernel32.dll.lstrlenA",
- "kernel32.dll.lstrcatA",
- "kernel32.dll.VirtualProtect",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.WriteFile",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.GetTempPathA",
- "kernel32.dll.CreateFileA",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.ExitProcess",
- "advapi32.dll.RegCloseKey",
- "oleaut32.dll.#6",
- "shell32.dll.SHGetMalloc",
- "user32.dll.CharUpperA",
- "ws2_32.dll.#1",
- "kernel32.dll.Sleep",
- "kernel32.dll.GetSystemTimeAsFileTime",
- "kernel32.dll.HeapFree",
- "kernel32.dll.HeapAlloc",
- "kernel32.dll.GetProcessHeap",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.CreatePipe",
- "kernel32.dll.CreateProcessA",
- "kernel32.dll.GetExitCodeProcess",
- "kernel32.dll.SetHandleInformation",
- "kernel32.dll.PeekNamedPipe",
- "kernel32.dll.LocalFree",
- "kernel32.dll.GlobalMemoryStatusEx",
- "kernel32.dll.CreateFileMappingA",
- "kernel32.dll.InitializeCriticalSection",
- "kernel32.dll.InterlockedDecrement",
- "kernel32.dll.ReadFile",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.UnhandledExceptionFilter",
- "kernel32.dll.SetUnhandledExceptionFilter",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.GetCommandLineA",
- "kernel32.dll.GetStartupInfoA",
- "kernel32.dll.RaiseException",
- "kernel32.dll.RtlUnwind",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.TlsGetValue",
- "kernel32.dll.TlsAlloc",
- "kernel32.dll.TlsSetValue",
- "kernel32.dll.TlsFree",
- "kernel32.dll.InterlockedIncrement",
- "kernel32.dll.SetLastError",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.HeapSize",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.GetModuleFileNameA",
- "kernel32.dll.FreeEnvironmentStringsA",
- "kernel32.dll.GetEnvironmentStrings",
- "kernel32.dll.FreeEnvironmentStringsW",
- "kernel32.dll.WideCharToMultiByte",
- "kernel32.dll.GetEnvironmentStringsW",
- "kernel32.dll.SetHandleCount",
- "kernel32.dll.GetFileType",
- "kernel32.dll.DeleteCriticalSection",
- "kernel32.dll.HeapCreate",
- "kernel32.dll.QueryPerformanceCounter",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.SetEvent",
- "kernel32.dll.GetACP",
- "kernel32.dll.DeleteFileA",
- "kernel32.dll.IsValidCodePage",
- "kernel32.dll.EnterCriticalSection",
- "kernel32.dll.LeaveCriticalSection",
- "kernel32.dll.GetConsoleCP",
- "kernel32.dll.GetConsoleMode",
- "kernel32.dll.FlushFileBuffers",
- "kernel32.dll.MultiByteToWideChar",
- "kernel32.dll.LCMapStringA",
- "kernel32.dll.LCMapStringW",
- "kernel32.dll.HeapReAlloc",
- "kernel32.dll.SetConsoleCtrlHandler",
- "kernel32.dll.FreeLibrary",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.GetLocaleInfoA",
- "kernel32.dll.GetStringTypeA",
- "kernel32.dll.GetStringTypeW",
- "kernel32.dll.GetTimeFormatA",
- "kernel32.dll.GetDateFormatA",
- "kernel32.dll.SetStdHandle",
- "kernel32.dll.WriteConsoleA",
- "kernel32.dll.GetConsoleOutputCP",
- "kernel32.dll.WriteConsoleW",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.SetEndOfFile",
- "kernel32.dll.CompareStringA",
- "kernel32.dll.CompareStringW",
- "kernel32.dll.SetEnvironmentVariableA",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.OpenEventA",
- "kernel32.dll.ResetEvent",
- "kernel32.dll.ResumeThread",
- "kernel32.dll.SystemTimeToFileTime",
- "kernel32.dll.WaitForMultipleObjects",
- "kernel32.dll.SetWaitableTimer",
- "kernel32.dll.CreateWaitableTimerA",
- "kernel32.dll.GetVersion",
- "kernel32.dll.GlobalMemoryStatus",
- "kernel32.dll.GetVersionExA",
- "kernel32.dll.FlushConsoleInputBuffer",
- "kernel32.dll.VerSetConditionMask",
- "kernel32.dll.SleepEx",
- "kernel32.dll.VerifyVersionInfoA",
- "kernel32.dll.ExpandEnvironmentStringsA",
- "kernel32.dll.FormatMessageA",
- "kernel32.dll.MapViewOfFile",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.CreateIoCompletionPort",
- "kernel32.dll.PostQueuedCompletionStatus",
- "kernel32.dll.ReleaseSemaphore",
- "kernel32.dll.CreateSemaphoreA",
- "kernel32.dll.GetQueuedCompletionStatus",
- "kernel32.dll.GetFileInformationByHandle",
- "kernel32.dll.MoveFileA",
- "kernel32.dll.LockFile",
- "kernel32.dll.UnlockFile",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.LoadLibraryW",
- "kernel32.dll.CreateDirectoryA",
- "kernel32.dll.GetOEMCP",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.GetCPInfo",
- "kernel32.dll.CreateEventA",
- "kernel32.dll.GetSystemDirectoryA",
- "kernel32.dll.GetCurrentDirectoryA",
- "kernel32.dll.GetFullPathNameA",
- "kernel32.dll.FindFirstFileA",
- "kernel32.dll.GetDriveTypeA",
- "kernel32.dll.FileTimeToLocalFileTime",
- "kernel32.dll.FileTimeToSystemTime",
- "kernel32.dll.FindClose",
- "kernel32.dll.SetConsoleMode",
- "kernel32.dll.ReadConsoleInputA",
- "kernel32.dll.CreateThread",
- "kernel32.dll.ExitThread",
- "kernel32.dll.VirtualQuery",
- "advapi32.dll.DeregisterEventSource",
- "advapi32.dll.RegisterEventSourceA",
- "advapi32.dll.ReportEventA",
- "advapi32.dll.RegOpenKeyExA",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptGenRandom",
- "oleaut32.dll.#9",
- "oleaut32.dll.#2",
- "shell32.dll.SHGetSpecialFolderLocation",
- "shell32.dll.SHGetSpecialFolderPathA",
- "shell32.dll.SHGetPathFromIDListA",
- "user32.dll.MessageBoxA",
- "user32.dll.CharLowerW",
- "user32.dll.GetUserObjectInformationW",
- "user32.dll.GetDesktopWindow",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.CharUpperW",
- "ws2_32.dll.freeaddrinfo",
- "ws2_32.dll.getaddrinfo",
- "ws2_32.dll.#17",
- "ws2_32.dll.#55",
- "ws2_32.dll.#54",
- "ws2_32.dll.#13",
- "ws2_32.dll.#8",
- "ws2_32.dll.#14",
- "ws2_32.dll.#57",
- "ws2_32.dll.#52",
- "ws2_32.dll.#10",
- "ws2_32.dll.#19",
- "ws2_32.dll.#18",
- "ws2_32.dll.#151",
- "ws2_32.dll.#5",
- "ws2_32.dll.WSAIoctl",
- "ws2_32.dll.#4",
- "ws2_32.dll.#111",
- "ws2_32.dll.#9",
- "ws2_32.dll.#15",
- "ws2_32.dll.#20",
- "ws2_32.dll.#22",
- "ws2_32.dll.#6",
- "ws2_32.dll.#21",
- "ws2_32.dll.#16",
- "ws2_32.dll.#2",
- "ws2_32.dll.#23",
- "ws2_32.dll.#112",
- "ws2_32.dll.#3",
- "ws2_32.dll.#7",
- "ws2_32.dll.#115",
- "ws2_32.dll.#116",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.IsProcessorFeaturePresent",
- "kernel32.dll.GetComputerNameW",
- "kernel32.dll.GetLogicalDriveStringsW",
- "kernel32.dll.GetVolumeInformationW",
- "kernel32.dll.GetDriveTypeW",
- "kernel32.dll.GetSystemDirectoryW",
- "kernel32.dll.GetWindowsDirectoryA",
- "kernel32.dll.GetWindowsDirectoryW",
- "kernel32.dll.GetTempPathW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.GetFileAttributesW",
- "kernel32.dll.MoveFileW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.DeviceIoControl",
- "kernel32.dll.GetShortPathNameW",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.CreateProcessW",
- "kernel32.dll.Wow64DisableWow64FsRedirection",
- "kernel32.dll.Wow64RevertWow64FsRedirection",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryValueExW",
- "advapi32.dll.RegSetValueExW",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.RegDeleteValueW",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.GetUserNameW",
- "shell32.dll.SHGetFolderPathW",
- "shell32.dll.ShellExecuteW",
- "shell32.dll.SHGetKnownFolderPath",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoInitializeSecurity",
- "ole32.dll.CoSetProxyBlanket",
- "ole32.dll.CoTaskMemFree",
- "oleaut32.dll.VariantClear",
- "user32.dll.GetWindowRect",
- "user32.dll.GetDC",
- "user32.dll.DrawTextW",
- "user32.dll.SystemParametersInfoW",
- "user32.dll.GetForegroundWindow",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.CreateCompatibleBitmap",
- "gdi32.dll.SelectObject",
- "gdi32.dll.DeleteObject",
- "gdi32.dll.DeleteDC",
- "gdi32.dll.CreateBrushIndirect",
- "gdi32.dll.SetTextColor",
- "gdi32.dll.SetBkColor",
- "gdi32.dll.GetCurrentObject",
- "gdi32.dll.GetObjectA",
- "gdi32.dll.CreateFontIndirectA",
- "gdi32.dll.CreateDIBSection",
- "gdi32.dll.BitBlt",
- "gdi32.dll.ExtFloodFill",
- "netapi32.dll.NetServerGetInfo",
- "netapi32.dll.NetApiBufferFree",
- "netapi32.dll.NetWkstaGetInfo",
- "kernel32.dll.SetProcessDEPPolicy",
- "netapi32.dll.NetStatisticsGet",
- "advapi32.dll.CryptAcquireContextW",
- "advapi32.dll.CryptReleaseContext",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "cryptsp.dll.CryptReleaseContext",
- "user32.dll.GetCursorInfo",
- "user32.dll.GetQueueStatus",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Heap32First",
- "kernel32.dll.Heap32Next",
- "kernel32.dll.Heap32ListFirst",
- "kernel32.dll.Heap32ListNext",
- "kernel32.dll.Process32First",
- "kernel32.dll.Process32Next",
- "kernel32.dll.Thread32First",
- "kernel32.dll.Thread32Next",
- "kernel32.dll.Module32First",
- "kernel32.dll.Module32Next",
- "cryptsp.dll.CryptAcquireContextA",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CreateBindCtx",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoGetApartmentType",
- "ole32.dll.CoRegisterInitializeSpy",
- "comctl32.dll.#236",
- "ole32.dll.CoGetMalloc",
- "comctl32.dll.#320",
- "comctl32.dll.#324",
- "comctl32.dll.#323",
- "comctl32.dll.#328",
- "comctl32.dll.#334",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.SetEntriesInAclW",
- "ntmarta.dll.GetMartaExtensionInterface",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.IsTextUnicode",
- "comctl32.dll.#332",
- "comctl32.dll.#338",
- "comctl32.dll.#339",
- "comctl32.dll.#386",
- "shell32.dll.#102",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "oleaut32.dll.#500",
- "iphlpapi.dll.GetAdaptersAddresses"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetStartupInfoW",
- "address": "0x405030"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x405034"
- },
- {
- "name": "GetTickCount",
- "address": "0x405038"
- },
- {
- "name": "InterlockedCompareExchange",
- "address": "0x40503c"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x405040"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x405044"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x405048"
- },
- {
- "name": "LocalAlloc",
- "address": "0x40504c"
- },
- {
- "name": "LocalFree",
- "address": "0x405050"
- },
- {
- "name": "OpenEventW",
- "address": "0x405054"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x405058"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x40505c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x405060"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x405064"
- },
- {
- "name": "SetErrorMode",
- "address": "0x405068"
- },
- {
- "name": "SetEvent",
- "address": "0x40506c"
- },
- {
- "name": "SetPriorityClass",
- "address": "0x405070"
- },
- {
- "name": "SetThreadPriority",
- "address": "0x405074"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x405078"
- },
- {
- "name": "Sleep",
- "address": "0x40507c"
- },
- {
- "name": "TerminateProcess",
- "address": "0x405080"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x405084"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x405088"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40508c"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x405090"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x405094"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x405098"
- },
- {
- "name": "GetLastError",
- "address": "0x40509c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4050a0"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4050a4"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4050a8"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x4050ac"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4050b0"
- },
- {
- "name": "CreateEventW",
- "address": "0x4050b4"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4050b8"
- },
- {
- "name": "CloseHandle",
- "address": "0x4050bc"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4050c0"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "EndMenu",
- "address": "0x4050c8"
- },
- {
- "name": "GetClipboardSequenceNumber",
- "address": "0x4050cc"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4050d0"
- },
- {
- "name": "EnumClipboardFormats",
- "address": "0x4050d4"
- },
- {
- "name": "GetInputState",
- "address": "0x4050d8"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4050dc"
- },
- {
- "name": "GetCursor",
- "address": "0x4050e0"
- },
- {
- "name": "IsMenu",
- "address": "0x4050e4"
- },
- {
- "name": "GetProcessWindowStation",
- "address": "0x4050e8"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x4050ec"
- },
- {
- "name": "GetListBoxInfo",
- "address": "0x4050f0"
- },
- {
- "name": "IsCharUpperA",
- "address": "0x4050f4"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x4050f8"
- },
- {
- "name": "DestroyWindow",
- "address": "0x4050fc"
- },
- {
- "name": "DestroyCursor",
- "address": "0x405100"
- },
- {
- "name": "CharToOemBuffA",
- "address": "0x405104"
- },
- {
- "name": "GetWindowContextHelpId",
- "address": "0x405108"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "GetPixelFormat",
- "address": "0x405008"
- },
- {
- "name": "GetColorSpace",
- "address": "0x40500c"
- },
- {
- "name": "GetTextColor",
- "address": "0x405010"
- },
- {
- "name": "GetPolyFillMode",
- "address": "0x405014"
- },
- {
- "name": "CreateMetaFileA",
- "address": "0x405018"
- },
- {
- "name": "GetMapMode",
- "address": "0x40501c"
- },
- {
- "name": "GetDCBrushColor",
- "address": "0x405020"
- },
- {
- "name": "CancelDC",
- "address": "0x405024"
- },
- {
- "name": "GetEnhMetaFileA",
- "address": "0x405028"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "RegOpenKeyExW",
- "address": "0x405000"
- }
- ],
- "dll": "ADVAPI32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0012d035",
- "overlay": {
- "size": "0x00000d08",
- "offset": "0x00128800"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00133019",
- "icon_hash": null,
- "entrypoint": "0x004039a0",
- "timestamp": "2019-01-31 04:02:08",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00003e00",
- "entropy": "5.34",
- "raw_address": "0x00000400",
- "virtual_size": "0x00003d5a",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00001000",
- "entropy": "5.24",
- "raw_address": "0x00004200",
- "virtual_size": "0x00000f64",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00006000",
- "size_of_data": "0x000fe800",
- "entropy": "7.30",
- "raw_address": "0x00005200",
- "virtual_size": "0x000fec20",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".CRT",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00105000",
- "size_of_data": "0x00000200",
- "entropy": "0.06",
- "raw_address": "0x00103a00",
- "virtual_size": "0x00000004",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00106000",
- "size_of_data": "0x00024c00",
- "entropy": "7.24",
- "raw_address": "0x00103c00",
- "virtual_size": "0x00101a78",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005924",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x00106000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00024a78"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00128800",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000d08"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000110"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "3c775e96b806128b1dc225d68ec6d59a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement