Exes_3135b850_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_3135b850.exe"
7. [*] File Size: 401848
8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
9. [*] SHA256: "6b7a3c5b6d6eff12beb2debb9e93e56a41a8f7f8a1259a912cc6f17dec5d05f4"
10. [*] MD5: "37425ed18d0ea8e2691109e93e121752"
11. [*] SHA1: "399ea0d71c51d2236c552a573d41ca71a89c5b48"
12. [*] SHA512: "645f519967f5654c9ebb66f6000d180079bd01409d86b12fdc16f9cd4e88fd5add195d1a75fb9c7cae9ad070d03c53134a337e152c8df52c6e45305828e08955"
13. [*] CRC32: "3135B850"
14. [*] SSDEEP: "12288:eDukMGV5DJTuM4ifMrz9L1HeGqxGq+9wmZF:epLsNVqxc9t"
15.  
16. [*] Process Execution: [
17. "Exes_3135b850.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Performs some HTTP requests",
23. "Details": [
24. {
25. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
26. },
27. {
28. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
29. },
30. {
31. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
32. },
33. {
34. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
35. },
36. {
37. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
38. },
39. {
40. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
41. },
42. {
43. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
44. },
45. {
46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
47. },
48. {
49. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
50. },
51. {
52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
53. },
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
59. },
60. {
61. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
62. },
63. {
64. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
68. },
69. {
70. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
71. },
72. {
73. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
74. },
75. {
76. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
77. },
78. {
79. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
80. },
81. {
82. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
83. },
84. {
85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
86. },
87. {
88. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
89. },
90. {
91. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
92. },
93. {
94. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
95. },
96. {
97. "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes"
98. }
99. ]
100. },
101. {
102. "Description": "The binary likely contains encrypted or compressed data.",
103. "Details": [
104. {
105. "section": "name: .text, entropy: 7.58, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0005ea00, virtual_size: 0x0005e994"
106. }
107. ]
108. },
109. {
110. "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
111. "Details": [
112. {
113. "FireEye": "Generic.mg.37425ed18d0ea8e2"
114. },
115. {
116. "McAfee": "RDN/Generic.dx"
117. },
118. {
119. "Symantec": "ML.Attribute.HighConfidence"
120. },
121. {
122. "APEX": "Malicious"
123. },
124. {
125. "Kaspersky": "HEUR:Trojan.MSIL.Injects.gen"
126. },
127. {
128. "Invincea": "heuristic"
129. },
130. {
131. "McAfee-GW-Edition": "Artemis!Trojan"
132. },
133. {
134. "Fortinet": "MSIL/Injects.RZC!tr"
135. },
136. {
137. "Ikarus": "Trojan.MSIL.Inject"
138. },
139. {
140. "Endgame": "malicious (high confidence)"
141. },
142. {
143. "Webroot": "W32.Trojan.Gen"
144. },
145. {
146. "ZoneAlarm": "HEUR:Trojan.MSIL.Injects.gen"
147. },
148. {
149. "Microsoft": "Trojan:Win32/Fuerboos.A!cl"
150. },
151. {
152. "ESET-NOD32": "a variant of MSIL/Kryptik.RZC"
153. },
154. {
155. "Acronis": "suspicious"
156. },
157. {
158. "VBA32": "CIL.StupidCryptor.Heur"
159. },
160. {
161. "Cylance": "Unsafe"
162. },
163. {
164. "Panda": "Trj/Genetic.gen"
165. },
166. {
167. "SentinelOne": "DFI - Malicious PE"
168. },
169. {
170. "eGambit": "PE.Heur.InvalidSig"
171. },
172. {
173. "GData": "Win32.Backdoor.NetWireRC.PWCY9Q"
174. },
175. {
176. "AVG": "FileRepMalware"
177. },
178. {
179. "Cybereason": "malicious.71c51d"
180. },
181. {
182. "CrowdStrike": "win/malicious_confidence_90% (D)"
183. }
184. ]
185. },
186. {
187. "Description": "Anomalous binary characteristics",
188. "Details": [
189. {
190. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
191. }
192. ]
193. }
194. ]
195.  
196. [*] Started Service: []
197.  
198. [*] Executed Commands: []
199.  
200. [*] Mutexes: []
201.  
202. [*] Modified Files: []
203.  
204. [*] Deleted Files: []
205.  
206. [*] Modified Registry Keys: []
207.  
208. [*] Deleted Registry Keys: []
209.  
210. [*] DNS Communications: []
211.  
212. [*] Domains: []
213.  
214. [*] Network Communication - ICMP: []
215.  
216. [*] Network Communication - HTTP: [
217. {
218. "count": 1,
219. "body": "",
220. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
221. "user-agent": "Microsoft-CryptoAPI/6.1",
222. "method": "GET",
223. "host": "ocsp.digicert.com",
224. "version": "1.1",
225. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
226. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
227. "port": 80
228. },
229. {
230. "count": 1,
231. "body": "",
232. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
233. "user-agent": "Microsoft-CryptoAPI/6.1",
234. "method": "GET",
235. "host": "ocsp.digicert.com",
236. "version": "1.1",
237. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
238. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
239. "port": 80
240. },
241. {
242. "count": 1,
243. "body": "",
244. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
245. "user-agent": "Microsoft-CryptoAPI/6.1",
246. "method": "GET",
247. "host": "ocsp.digicert.com",
248. "version": "1.1",
249. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
250. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
251. "port": 80
252. },
253. {
254. "count": 1,
255. "body": "",
256. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
257. "user-agent": "Microsoft-CryptoAPI/6.1",
258. "method": "GET",
259. "host": "ocsp.pki.goog",
260. "version": "1.1",
261. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
262. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
263. "port": 80
264. },
265. {
266. "count": 1,
267. "body": "",
268. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
269. "user-agent": "Microsoft-CryptoAPI/6.1",
270. "method": "GET",
271. "host": "ocsp.digicert.com",
272. "version": "1.1",
273. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
274. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
275. "port": 80
276. },
277. {
278. "count": 1,
279. "body": "",
280. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
281. "user-agent": "Microsoft-CryptoAPI/6.1",
282. "method": "GET",
283. "host": "crl.microsoft.com",
284. "version": "1.1",
285. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
286. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
287. "port": 80
288. },
289. {
290. "count": 1,
291. "body": "",
292. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
293. "user-agent": "Microsoft-CryptoAPI/6.1",
294. "method": "GET",
295. "host": "ocsp.comodoca.com",
296. "version": "1.1",
297. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
298. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
299. "port": 80
300. },
301. {
302. "count": 1,
303. "body": "",
304. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
305. "user-agent": "Microsoft-CryptoAPI/6.1",
306. "method": "GET",
307. "host": "ocsp.pki.goog",
308. "version": "1.1",
309. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
310. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
311. "port": 80
312. },
313. {
314. "count": 1,
315. "body": "",
316. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
317. "user-agent": "Microsoft-CryptoAPI/6.1",
318. "method": "GET",
319. "host": "ocsp.digicert.com",
320. "version": "1.1",
321. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
322. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
323. "port": 80
324. },
325. {
326. "count": 1,
327. "body": "",
328. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
329. "user-agent": "Microsoft-CryptoAPI/6.1",
330. "method": "GET",
331. "host": "www.download.windowsupdate.com",
332. "version": "1.1",
333. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
334. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
335. "port": 80
336. },
337. {
338. "count": 1,
339. "body": "",
340. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
341. "user-agent": "Microsoft-CryptoAPI/6.1",
342. "method": "GET",
343. "host": "crl.microsoft.com",
344. "version": "1.1",
345. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
346. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
347. "port": 80
348. },
349. {
350. "count": 1,
351. "body": "",
352. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
353. "user-agent": "Microsoft-CryptoAPI/6.1",
354. "method": "GET",
355. "host": "ocsp.digicert.com",
356. "version": "1.1",
357. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
358. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
359. "port": 80
360. },
361. {
362. "count": 1,
363. "body": "",
364. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
365. "user-agent": "Microsoft-CryptoAPI/6.1",
366. "method": "GET",
367. "host": "ocsp.digicert.com",
368. "version": "1.1",
369. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
370. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
371. "port": 80
372. },
373. {
374. "count": 1,
375. "body": "",
376. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
377. "user-agent": "Microsoft-CryptoAPI/6.1",
378. "method": "GET",
379. "host": "ocsp.digicert.com",
380. "version": "1.1",
381. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
382. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
383. "port": 80
384. },
385. {
386. "count": 1,
387. "body": "",
388. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
389. "user-agent": "Microsoft-CryptoAPI/6.1",
390. "method": "GET",
391. "host": "ocsp.pki.goog",
392. "version": "1.1",
393. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
394. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
395. "port": 80
396. },
397. {
398. "count": 1,
399. "body": "",
400. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
401. "user-agent": "Microsoft-CryptoAPI/6.1",
402. "method": "GET",
403. "host": "ocsp.pki.goog",
404. "version": "1.1",
405. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
406. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
407. "port": 80
408. },
409. {
410. "count": 1,
411. "body": "",
412. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
413. "user-agent": "Microsoft-CryptoAPI/6.1",
414. "method": "GET",
415. "host": "ocsp.digicert.com",
416. "version": "1.1",
417. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
418. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
419. "port": 80
420. },
421. {
422. "count": 1,
423. "body": "",
424. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
425. "user-agent": "Microsoft-CryptoAPI/6.1",
426. "method": "GET",
427. "host": "ocsp.pki.goog",
428. "version": "1.1",
429. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
430. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
431. "port": 80
432. },
433. {
434. "count": 1,
435. "body": "",
436. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
437. "user-agent": "Microsoft-CryptoAPI/6.1",
438. "method": "GET",
439. "host": "ocsp.msocsp.com",
440. "version": "1.1",
441. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
442. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
443. "port": 80
444. },
445. {
446. "count": 1,
447. "body": "",
448. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
449. "user-agent": "Microsoft-CryptoAPI/6.1",
450. "method": "GET",
451. "host": "ocsp.thawte.com",
452. "version": "1.1",
453. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
454. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
455. "port": 80
456. },
457. {
458. "count": 1,
459. "body": "",
460. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
461. "user-agent": "Microsoft-CryptoAPI/6.1",
462. "method": "GET",
463. "host": "ocsp.usertrust.com",
464. "version": "1.1",
465. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
466. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
467. "port": 80
468. },
469. {
470. "count": 1,
471. "body": "",
472. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
473. "user-agent": "Microsoft-CryptoAPI/6.1",
474. "method": "GET",
475. "host": "th.symcd.com",
476. "version": "1.1",
477. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
478. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
479. "port": 80
480. },
481. {
482. "count": 1,
483. "body": "",
484. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
485. "user-agent": "Microsoft-CryptoAPI/6.1",
486. "method": "GET",
487. "host": "ocsp.digicert.com",
488. "version": "1.1",
489. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
490. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
491. "port": 80
492. },
493. {
494. "count": 1,
495. "body": "",
496. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
497. "user-agent": "Microsoft-CryptoAPI/6.1",
498. "method": "GET",
499. "host": "ocsp.digicert.com",
500. "version": "1.1",
501. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
502. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
503. "port": 80
504. },
505. {
506. "count": 1,
507. "body": "",
508. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
509. "user-agent": "Microsoft-CryptoAPI/6.1",
510. "method": "GET",
511. "host": "ocsp.pki.goog",
512. "version": "1.1",
513. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
514. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
515. "port": 80
516. },
517. {
518. "count": 1,
519. "body": "",
520. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
521. "user-agent": "Microsoft-CryptoAPI/6.1",
522. "method": "GET",
523. "host": "crl.microsoft.com",
524. "version": "1.1",
525. "path": "/pki/crl/products/microsoftrootcert.crl",
526. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
527. "port": 80
528. },
529. {
530. "count": 1,
531. "body": "",
532. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
533. "user-agent": "Microsoft BITS/7.5",
534. "method": "HEAD",
535. "host": "redirector.gvt1.com",
536. "version": "1.1",
537. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
538. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
539. "port": 80
540. },
541. {
542. "count": 1,
543. "body": "",
544. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
545. "user-agent": "Microsoft BITS/7.5",
546. "method": "HEAD",
547. "host": "r13---sn-bvvbax-2ime.gvt1.com",
548. "version": "1.1",
549. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
550. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
551. "port": 80
552. },
553. {
554. "count": 1,
555. "body": "",
556. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
557. "user-agent": "Microsoft BITS/7.5",
558. "method": "GET",
559. "host": "r13---sn-bvvbax-2ime.gvt1.com",
560. "version": "1.1",
561. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
562. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6708\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
563. "port": 80
564. },
565. {
566. "count": 1,
567. "body": "",
568. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
569. "user-agent": "Microsoft BITS/7.5",
570. "method": "GET",
571. "host": "r13---sn-bvvbax-2ime.gvt1.com",
572. "version": "1.1",
573. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
574. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6709-17743\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
575. "port": 80
576. },
577. {
578. "count": 1,
579. "body": "",
580. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
581. "user-agent": "Microsoft BITS/7.5",
582. "method": "GET",
583. "host": "r13---sn-bvvbax-2ime.gvt1.com",
584. "version": "1.1",
585. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
586. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17744-28020\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
587. "port": 80
588. },
589. {
590. "count": 1,
591. "body": "",
592. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
593. "user-agent": "Microsoft BITS/7.5",
594. "method": "GET",
595. "host": "r13---sn-bvvbax-2ime.gvt1.com",
596. "version": "1.1",
597. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
598. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=28021-37573\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
599. "port": 80
600. },
601. {
602. "count": 1,
603. "body": "",
604. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
605. "user-agent": "Microsoft BITS/7.5",
606. "method": "GET",
607. "host": "r13---sn-bvvbax-2ime.gvt1.com",
608. "version": "1.1",
609. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
610. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=37574-58305\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
611. "port": 80
612. },
613. {
614. "count": 1,
615. "body": "",
616. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
617. "user-agent": "Microsoft BITS/7.5",
618. "method": "GET",
619. "host": "r13---sn-bvvbax-2ime.gvt1.com",
620. "version": "1.1",
621. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
622. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=58306-100934\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
623. "port": 80
624. },
625. {
626. "count": 1,
627. "body": "",
628. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
629. "user-agent": "Microsoft BITS/7.5",
630. "method": "GET",
631. "host": "r13---sn-bvvbax-2ime.gvt1.com",
632. "version": "1.1",
633. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
634. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=100935-188064\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
635. "port": 80
636. },
637. {
638. "count": 1,
639. "body": "",
640. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
641. "user-agent": "Microsoft BITS/7.5",
642. "method": "GET",
643. "host": "r13---sn-bvvbax-2ime.gvt1.com",
644. "version": "1.1",
645. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
646. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=188065-364418\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
647. "port": 80
648. },
649. {
650. "count": 1,
651. "body": "",
652. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
653. "user-agent": "Microsoft BITS/7.5",
654. "method": "GET",
655. "host": "r13---sn-bvvbax-2ime.gvt1.com",
656. "version": "1.1",
657. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
658. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=364419-720669\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
659. "port": 80
660. },
661. {
662. "count": 1,
663. "body": "",
664. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
665. "user-agent": "Microsoft BITS/7.5",
666. "method": "GET",
667. "host": "r13---sn-bvvbax-2ime.gvt1.com",
668. "version": "1.1",
669. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
670. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=720670-1435339\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
671. "port": 80
672. },
673. {
674. "count": 1,
675. "body": "",
676. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
677. "user-agent": "Microsoft BITS/7.5",
678. "method": "GET",
679. "host": "r13---sn-bvvbax-2ime.gvt1.com",
680. "version": "1.1",
681. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
682. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1435340-2375703\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
683. "port": 80
684. },
685. {
686. "count": 1,
687. "body": "",
688. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
689. "user-agent": "Microsoft BITS/7.5",
690. "method": "GET",
691. "host": "r13---sn-bvvbax-2ime.gvt1.com",
692. "version": "1.1",
693. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
694. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2375704-5288118\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
695. "port": 80
696. },
697. {
698. "count": 1,
699. "body": "",
700. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
701. "user-agent": "Microsoft BITS/7.5",
702. "method": "GET",
703. "host": "r13---sn-bvvbax-2ime.gvt1.com",
704. "version": "1.1",
705. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
706. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5288119-10949181\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
707. "port": 80
708. },
709. {
710. "count": 1,
711. "body": "",
712. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
713. "user-agent": "Microsoft BITS/7.5",
714. "method": "GET",
715. "host": "r13---sn-bvvbax-2ime.gvt1.com",
716. "version": "1.1",
717. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes",
718. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560479790&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10949182-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
719. "port": 80
720. }
721. ]
722.  
723. [*] Network Communication - SMTP: []
724.  
725. [*] Network Communication - Hosts: []
726.  
727. [*] Network Communication - IRC: []
728.  
729. [*] Static Analysis: {
730. "dotnet": {
731. "customattrs": [
732. {
733. "type": "Assembly",
734. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
735. "value": "8.13.17."
736. },
737. {
738. "type": "Assembly",
739. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
740. "value": "f247ca47-36b5-4e4a-af83-778564da0f"
741. },
742. {
743. "type": "Assembly",
744. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
745. "value": "ahiwin"
746. },
747. {
748. "type": "Assembly",
749. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
750. "value": "ahiwin"
751. },
752. {
753. "type": "Assembly",
754. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
755. "value": "Copyright \\xc2\\xa9 19"
756. },
757. {
758. "type": "Assembly",
759. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
760. "value": "abaliquyuv"
761. },
762. {
763. "type": "Assembly",
764. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
765. "value": "amabonuzir"
766. },
767. {
768. "type": "Property",
769. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
770. "value": ""
771. },
772. {
773. "type": "Property",
774. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
775. "value": "10"
776. }
777. ],
778. "assemblyinfo": {
779. "version": "1.0.0.0",
780. "name": "BfkKgNJM8HQz250KNfHtDwFhH9KnqwiTRk+f1oS2vvcVFwiln5yzwodnmnSzlh5JGAL4mZ9axIjxc3m0K4ABC18vfw=="
781. },
782. "assemblyrefs": [
783. {
784. "version": "4.0.0.0",
785. "name": "mscorlib"
786. },
787. {
788. "version": "4.0.0.0",
789. "name": "System"
790. },
791. {
792. "version": "1.0.0.1",
793. "name": "gdi32"
794. }
795. ],
796. "typerefs": [
797. {
798. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
799. "assembly": "System"
800. },
801. {
802. "typename": "System.Collections.Specialized.StringDictionary",
803. "assembly": "System"
804. },
805. {
806. "typename": "System.ComponentModel.EditorBrowsableAttribute",
807. "assembly": "System"
808. },
809. {
810. "typename": "System.ComponentModel.EditorBrowsableState",
811. "assembly": "System"
812. },
813. {
814. "typename": "System.Configuration.ApplicationSettingsBase",
815. "assembly": "System"
816. },
817. {
818. "typename": "System.Configuration.DefaultSettingValueAttribute",
819. "assembly": "System"
820. },
821. {
822. "typename": "System.Configuration.SettingsBase",
823. "assembly": "System"
824. },
825. {
826. "typename": "System.Configuration.UserScopedSettingAttribute",
827. "assembly": "System"
828. },
829. {
830. "typename": "gdi32.Program",
831. "assembly": "gdi32"
832. },
833. {
834. "typename": "System.AppDomain",
835. "assembly": "mscorlib"
836. },
837. {
838. "typename": "System.Array",
839. "assembly": "mscorlib"
840. },
841. {
842. "typename": "System.AsyncCallback",
843. "assembly": "mscorlib"
844. },
845. {
846. "typename": "System.Boolean",
847. "assembly": "mscorlib"
848. },
849. {
850. "typename": "System.Buffer",
851. "assembly": "mscorlib"
852. },
853. {
854. "typename": "System.Byte",
855. "assembly": "mscorlib"
856. },
857. {
858. "typename": "System.Char",
859. "assembly": "mscorlib"
860. },
861. {
862. "typename": "System.Collections.ICollection",
863. "assembly": "mscorlib"
864. },
865. {
866. "typename": "System.Collections.IEnumerable",
867. "assembly": "mscorlib"
868. },
869. {
870. "typename": "System.Console",
871. "assembly": "mscorlib"
872. },
873. {
874. "typename": "System.DBNull",
875. "assembly": "mscorlib"
876. },
877. {
878. "typename": "System.DateTime",
879. "assembly": "mscorlib"
880. },
881. {
882. "typename": "System.Delegate",
883. "assembly": "mscorlib"
884. },
885. {
886. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
887. "assembly": "mscorlib"
888. },
889. {
890. "typename": "System.Enum",
891. "assembly": "mscorlib"
892. },
893. {
894. "typename": "System.Exception",
895. "assembly": "mscorlib"
896. },
897. {
898. "typename": "System.Globalization.CompareOptions",
899. "assembly": "mscorlib"
900. },
901. {
902. "typename": "System.Globalization.CultureInfo",
903. "assembly": "mscorlib"
904. },
905. {
906. "typename": "System.Globalization.NumberStyles",
907. "assembly": "mscorlib"
908. },
909. {
910. "typename": "System.Globalization.UnicodeCategory",
911. "assembly": "mscorlib"
912. },
913. {
914. "typename": "System.IAsyncResult",
915. "assembly": "mscorlib"
916. },
917. {
918. "typename": "System.IComparable`1",
919. "assembly": "mscorlib"
920. },
921. {
922. "typename": "System.IConvertible",
923. "assembly": "mscorlib"
924. },
925. {
926. "typename": "System.IEquatable`1",
927. "assembly": "mscorlib"
928. },
929. {
930. "typename": "System.IFormatProvider",
931. "assembly": "mscorlib"
932. },
933. {
934. "typename": "System.Int16",
935. "assembly": "mscorlib"
936. },
937. {
938. "typename": "System.Int32",
939. "assembly": "mscorlib"
940. },
941. {
942. "typename": "System.Int64",
943. "assembly": "mscorlib"
944. },
945. {
946. "typename": "System.MulticastDelegate",
947. "assembly": "mscorlib"
948. },
949. {
950. "typename": "System.NotSupportedException",
951. "assembly": "mscorlib"
952. },
953. {
954. "typename": "System.Object",
955. "assembly": "mscorlib"
956. },
957. {
958. "typename": "System.Reflection.Assembly",
959. "assembly": "mscorlib"
960. },
961. {
962. "typename": "System.Reflection.AssemblyCompanyAttribute",
963. "assembly": "mscorlib"
964. },
965. {
966. "typename": "System.Reflection.AssemblyConfigurationAttribute",
967. "assembly": "mscorlib"
968. },
969. {
970. "typename": "System.Reflection.AssemblyCopyrightAttribute",
971. "assembly": "mscorlib"
972. },
973. {
974. "typename": "System.Reflection.AssemblyDescriptionAttribute",
975. "assembly": "mscorlib"
976. },
977. {
978. "typename": "System.Reflection.AssemblyFileVersionAttribute",
979. "assembly": "mscorlib"
980. },
981. {
982. "typename": "System.Reflection.AssemblyProductAttribute",
983. "assembly": "mscorlib"
984. },
985. {
986. "typename": "System.Reflection.AssemblyTitleAttribute",
987. "assembly": "mscorlib"
988. },
989. {
990. "typename": "System.Reflection.AssemblyTrademarkAttribute",
991. "assembly": "mscorlib"
992. },
993. {
994. "typename": "System.Reflection.BindingFlags",
995. "assembly": "mscorlib"
996. },
997. {
998. "typename": "System.Reflection.CallingConventions",
999. "assembly": "mscorlib"
1000. },
1001. {
1002. "typename": "System.Reflection.IReflect",
1003. "assembly": "mscorlib"
1004. },
1005. {
1006. "typename": "System.Reflection.MemberInfo",
1007. "assembly": "mscorlib"
1008. },
1009. {
1010. "typename": "System.Reflection.MethodBase",
1011. "assembly": "mscorlib"
1012. },
1013. {
1014. "typename": "System.Reflection.MethodInfo",
1015. "assembly": "mscorlib"
1016. },
1017. {
1018. "typename": "System.Reflection.ParameterInfo",
1019. "assembly": "mscorlib"
1020. },
1021. {
1022. "typename": "System.Reflection.ParameterModifier",
1023. "assembly": "mscorlib"
1024. },
1025. {
1026. "typename": "System.Reflection.PropertyInfo",
1027. "assembly": "mscorlib"
1028. },
1029. {
1030. "typename": "System.ResolveEventArgs",
1031. "assembly": "mscorlib"
1032. },
1033. {
1034. "typename": "System.ResolveEventHandler",
1035. "assembly": "mscorlib"
1036. },
1037. {
1038. "typename": "System.Resources.ResourceManager",
1039. "assembly": "mscorlib"
1040. },
1041. {
1042. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
1043. "assembly": "mscorlib"
1044. },
1045. {
1046. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
1047. "assembly": "mscorlib"
1048. },
1049. {
1050. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
1051. "assembly": "mscorlib"
1052. },
1053. {
1054. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
1055. "assembly": "mscorlib"
1056. },
1057. {
1058. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
1059. "assembly": "mscorlib"
1060. },
1061. {
1062. "typename": "System.Runtime.InteropServices.GuidAttribute",
1063. "assembly": "mscorlib"
1064. },
1065. {
1066. "typename": "System.Runtime.InteropServices._Type",
1067. "assembly": "mscorlib"
1068. },
1069. {
1070. "typename": "System.Runtime.Remoting.ObjectHandle",
1071. "assembly": "mscorlib"
1072. },
1073. {
1074. "typename": "System.Runtime.Serialization.ISerializable",
1075. "assembly": "mscorlib"
1076. },
1077. {
1078. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
1079. "assembly": "mscorlib"
1080. },
1081. {
1082. "typename": "System.RuntimeFieldHandle",
1083. "assembly": "mscorlib"
1084. },
1085. {
1086. "typename": "System.RuntimeTypeHandle",
1087. "assembly": "mscorlib"
1088. },
1089. {
1090. "typename": "System.SByte",
1091. "assembly": "mscorlib"
1092. },
1093. {
1094. "typename": "System.STAThreadAttribute",
1095. "assembly": "mscorlib"
1096. },
1097. {
1098. "typename": "System.String",
1099. "assembly": "mscorlib"
1100. },
1101. {
1102. "typename": "System.StringComparison",
1103. "assembly": "mscorlib"
1104. },
1105. {
1106. "typename": "System.StringSplitOptions",
1107. "assembly": "mscorlib"
1108. },
1109. {
1110. "typename": "System.Text.StringBuilder",
1111. "assembly": "mscorlib"
1112. },
1113. {
1114. "typename": "System.Threading.Thread",
1115. "assembly": "mscorlib"
1116. },
1117. {
1118. "typename": "System.TimeSpan",
1119. "assembly": "mscorlib"
1120. },
1121. {
1122. "typename": "System.Type",
1123. "assembly": "mscorlib"
1124. },
1125. {
1126. "typename": "System.TypeCode",
1127. "assembly": "mscorlib"
1128. },
1129. {
1130. "typename": "System.UInt16",
1131. "assembly": "mscorlib"
1132. },
1133. {
1134. "typename": "System.UInt32",
1135. "assembly": "mscorlib"
1136. },
1137. {
1138. "typename": "System.UInt64",
1139. "assembly": "mscorlib"
1140. },
1141. {
1142. "typename": "System.ValueType",
1143. "assembly": "mscorlib"
1144. },
1145. {
1146. "typename": "System.Void",
1147. "assembly": "mscorlib"
1148. }
1149. ]
1150. },
1151. "pe": {
1152. "peid_signatures": null,
1153. "imports": [
1154. {
1155. "imports": [
1156. {
1157. "name": "_CorExeMain",
1158. "address": "0x402000"
1159. }
1160. ],
1161. "dll": "mscoree.dll"
1162. }
1163. ],
1164. "digital_signers": null,
1165. "exported_dll_name": null,
1166. "actual_checksum": "0x00064d95",
1167. "overlay": {
1168. "size": "0x00002db8",
1169. "offset": "0x0005f400"
1170. },
1171. "imagebase": "0x00400000",
1172. "reported_checksum": "0x00000000",
1173. "icon_hash": null,
1174. "entrypoint": "0x0046098e",
1175. "timestamp": "1985-11-08 18:16:15",
1176. "osversion": "4.0",
1177. "sections": [
1178. {
1179. "name": ".text",
1180. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1181. "virtual_address": "0x00002000",
1182. "size_of_data": "0x0005ea00",
1183. "entropy": "7.58",
1184. "raw_address": "0x00000200",
1185. "virtual_size": "0x0005e994",
1186. "characteristics_raw": "0x60000020"
1187. },
1188. {
1189. "name": ".rsrc",
1190. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1191. "virtual_address": "0x00062000",
1192. "size_of_data": "0x00000600",
1193. "entropy": "4.48",
1194. "raw_address": "0x0005ec00",
1195. "virtual_size": "0x00000600",
1196. "characteristics_raw": "0x40000040"
1197. },
1198. {
1199. "name": ".reloc",
1200. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1201. "virtual_address": "0x00064000",
1202. "size_of_data": "0x00000200",
1203. "entropy": "0.08",
1204. "raw_address": "0x0005f200",
1205. "virtual_size": "0x0000000c",
1206. "characteristics_raw": "0x42000040"
1207. }
1208. ],
1209. "resources": [],
1210. "dirents": [
1211. {
1212. "virtual_address": "0x00000000",
1213. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1214. "size": "0x00000000"
1215. },
1216. {
1217. "virtual_address": "0x0006093c",
1218. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1219. "size": "0x0000004f"
1220. },
1221. {
1222. "virtual_address": "0x00062000",
1223. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1224. "size": "0x00000600"
1225. },
1226. {
1227. "virtual_address": "0x00000000",
1228. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1229. "size": "0x00000000"
1230. },
1231. {
1232. "virtual_address": "0x0005f400",
1233. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1234. "size": "0x00002db8"
1235. },
1236. {
1237. "virtual_address": "0x00064000",
1238. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1239. "size": "0x0000000c"
1240. },
1241. {
1242. "virtual_address": "0x00000000",
1243. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1244. "size": "0x00000000"
1245. },
1246. {
1247. "virtual_address": "0x00000000",
1248. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1249. "size": "0x00000000"
1250. },
1251. {
1252. "virtual_address": "0x00000000",
1253. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1254. "size": "0x00000000"
1255. },
1256. {
1257. "virtual_address": "0x00000000",
1258. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1259. "size": "0x00000000"
1260. },
1261. {
1262. "virtual_address": "0x00000000",
1263. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1264. "size": "0x00000000"
1265. },
1266. {
1267. "virtual_address": "0x00000000",
1268. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1269. "size": "0x00000000"
1270. },
1271. {
1272. "virtual_address": "0x00002000",
1273. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1274. "size": "0x00000008"
1275. },
1276. {
1277. "virtual_address": "0x00000000",
1278. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1279. "size": "0x00000000"
1280. },
1281. {
1282. "virtual_address": "0x00002008",
1283. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1284. "size": "0x00000048"
1285. },
1286. {
1287. "virtual_address": "0x00000000",
1288. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1289. "size": "0x00000000"
1290. }
1291. ],
1292. "exports": [],
1293. "guest_signers": {},
1294. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
1295. "icon_fuzzy": null,
1296. "icon": null,
1297. "pdbpath": null,
1298. "imported_dll_count": 1,
1299. "versioninfo": []
1300. }
1301. }
1302.  
1303. [*] Resolved APIs: [
1304. "advapi32.dll.RegOpenKeyExW",
1305. "advapi32.dll.RegQueryInfoKeyW",
1306. "advapi32.dll.RegEnumKeyExW",
1307. "advapi32.dll.RegEnumValueW",
1308. "advapi32.dll.RegCloseKey",
1309. "advapi32.dll.RegQueryValueExW",
1310. "kernel32.dll.QueryActCtxW",
1311. "shlwapi.dll.UrlIsW"
1312. ]
1313.  
1314. [*] Static Analysis: {
1315. "dotnet": {
1316. "customattrs": [
1317. {
1318. "type": "Assembly",
1319. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
1320. "value": "8.13.17."
1321. },
1322. {
1323. "type": "Assembly",
1324. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
1325. "value": "f247ca47-36b5-4e4a-af83-778564da0f"
1326. },
1327. {
1328. "type": "Assembly",
1329. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
1330. "value": "ahiwin"
1331. },
1332. {
1333. "type": "Assembly",
1334. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
1335. "value": "ahiwin"
1336. },
1337. {
1338. "type": "Assembly",
1339. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
1340. "value": "Copyright \\xc2\\xa9 19"
1341. },
1342. {
1343. "type": "Assembly",
1344. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
1345. "value": "abaliquyuv"
1346. },
1347. {
1348. "type": "Assembly",
1349. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
1350. "value": "amabonuzir"
1351. },
1352. {
1353. "type": "Property",
1354. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
1355. "value": ""
1356. },
1357. {
1358. "type": "Property",
1359. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
1360. "value": "10"
1361. }
1362. ],
1363. "assemblyinfo": {
1364. "version": "1.0.0.0",
1365. "name": "BfkKgNJM8HQz250KNfHtDwFhH9KnqwiTRk+f1oS2vvcVFwiln5yzwodnmnSzlh5JGAL4mZ9axIjxc3m0K4ABC18vfw=="
1366. },
1367. "assemblyrefs": [
1368. {
1369. "version": "4.0.0.0",
1370. "name": "mscorlib"
1371. },
1372. {
1373. "version": "4.0.0.0",
1374. "name": "System"
1375. },
1376. {
1377. "version": "1.0.0.1",
1378. "name": "gdi32"
1379. }
1380. ],
1381. "typerefs": [
1382. {
1383. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
1384. "assembly": "System"
1385. },
1386. {
1387. "typename": "System.Collections.Specialized.StringDictionary",
1388. "assembly": "System"
1389. },
1390. {
1391. "typename": "System.ComponentModel.EditorBrowsableAttribute",
1392. "assembly": "System"
1393. },
1394. {
1395. "typename": "System.ComponentModel.EditorBrowsableState",
1396. "assembly": "System"
1397. },
1398. {
1399. "typename": "System.Configuration.ApplicationSettingsBase",
1400. "assembly": "System"
1401. },
1402. {
1403. "typename": "System.Configuration.DefaultSettingValueAttribute",
1404. "assembly": "System"
1405. },
1406. {
1407. "typename": "System.Configuration.SettingsBase",
1408. "assembly": "System"
1409. },
1410. {
1411. "typename": "System.Configuration.UserScopedSettingAttribute",
1412. "assembly": "System"
1413. },
1414. {
1415. "typename": "gdi32.Program",
1416. "assembly": "gdi32"
1417. },
1418. {
1419. "typename": "System.AppDomain",
1420. "assembly": "mscorlib"
1421. },
1422. {
1423. "typename": "System.Array",
1424. "assembly": "mscorlib"
1425. },
1426. {
1427. "typename": "System.AsyncCallback",
1428. "assembly": "mscorlib"
1429. },
1430. {
1431. "typename": "System.Boolean",
1432. "assembly": "mscorlib"
1433. },
1434. {
1435. "typename": "System.Buffer",
1436. "assembly": "mscorlib"
1437. },
1438. {
1439. "typename": "System.Byte",
1440. "assembly": "mscorlib"
1441. },
1442. {
1443. "typename": "System.Char",
1444. "assembly": "mscorlib"
1445. },
1446. {
1447. "typename": "System.Collections.ICollection",
1448. "assembly": "mscorlib"
1449. },
1450. {
1451. "typename": "System.Collections.IEnumerable",
1452. "assembly": "mscorlib"
1453. },
1454. {
1455. "typename": "System.Console",
1456. "assembly": "mscorlib"
1457. },
1458. {
1459. "typename": "System.DBNull",
1460. "assembly": "mscorlib"
1461. },
1462. {
1463. "typename": "System.DateTime",
1464. "assembly": "mscorlib"
1465. },
1466. {
1467. "typename": "System.Delegate",
1468. "assembly": "mscorlib"
1469. },
1470. {
1471. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
1472. "assembly": "mscorlib"
1473. },
1474. {
1475. "typename": "System.Enum",
1476. "assembly": "mscorlib"
1477. },
1478. {
1479. "typename": "System.Exception",
1480. "assembly": "mscorlib"
1481. },
1482. {
1483. "typename": "System.Globalization.CompareOptions",
1484. "assembly": "mscorlib"
1485. },
1486. {
1487. "typename": "System.Globalization.CultureInfo",
1488. "assembly": "mscorlib"
1489. },
1490. {
1491. "typename": "System.Globalization.NumberStyles",
1492. "assembly": "mscorlib"
1493. },
1494. {
1495. "typename": "System.Globalization.UnicodeCategory",
1496. "assembly": "mscorlib"
1497. },
1498. {
1499. "typename": "System.IAsyncResult",
1500. "assembly": "mscorlib"
1501. },
1502. {
1503. "typename": "System.IComparable`1",
1504. "assembly": "mscorlib"
1505. },
1506. {
1507. "typename": "System.IConvertible",
1508. "assembly": "mscorlib"
1509. },
1510. {
1511. "typename": "System.IEquatable`1",
1512. "assembly": "mscorlib"
1513. },
1514. {
1515. "typename": "System.IFormatProvider",
1516. "assembly": "mscorlib"
1517. },
1518. {
1519. "typename": "System.Int16",
1520. "assembly": "mscorlib"
1521. },
1522. {
1523. "typename": "System.Int32",
1524. "assembly": "mscorlib"
1525. },
1526. {
1527. "typename": "System.Int64",
1528. "assembly": "mscorlib"
1529. },
1530. {
1531. "typename": "System.MulticastDelegate",
1532. "assembly": "mscorlib"
1533. },
1534. {
1535. "typename": "System.NotSupportedException",
1536. "assembly": "mscorlib"
1537. },
1538. {
1539. "typename": "System.Object",
1540. "assembly": "mscorlib"
1541. },
1542. {
1543. "typename": "System.Reflection.Assembly",
1544. "assembly": "mscorlib"
1545. },
1546. {
1547. "typename": "System.Reflection.AssemblyCompanyAttribute",
1548. "assembly": "mscorlib"
1549. },
1550. {
1551. "typename": "System.Reflection.AssemblyConfigurationAttribute",
1552. "assembly": "mscorlib"
1553. },
1554. {
1555. "typename": "System.Reflection.AssemblyCopyrightAttribute",
1556. "assembly": "mscorlib"
1557. },
1558. {
1559. "typename": "System.Reflection.AssemblyDescriptionAttribute",
1560. "assembly": "mscorlib"
1561. },
1562. {
1563. "typename": "System.Reflection.AssemblyFileVersionAttribute",
1564. "assembly": "mscorlib"
1565. },
1566. {
1567. "typename": "System.Reflection.AssemblyProductAttribute",
1568. "assembly": "mscorlib"
1569. },
1570. {
1571. "typename": "System.Reflection.AssemblyTitleAttribute",
1572. "assembly": "mscorlib"
1573. },
1574. {
1575. "typename": "System.Reflection.AssemblyTrademarkAttribute",
1576. "assembly": "mscorlib"
1577. },
1578. {
1579. "typename": "System.Reflection.BindingFlags",
1580. "assembly": "mscorlib"
1581. },
1582. {
1583. "typename": "System.Reflection.CallingConventions",
1584. "assembly": "mscorlib"
1585. },
1586. {
1587. "typename": "System.Reflection.IReflect",
1588. "assembly": "mscorlib"
1589. },
1590. {
1591. "typename": "System.Reflection.MemberInfo",
1592. "assembly": "mscorlib"
1593. },
1594. {
1595. "typename": "System.Reflection.MethodBase",
1596. "assembly": "mscorlib"
1597. },
1598. {
1599. "typename": "System.Reflection.MethodInfo",
1600. "assembly": "mscorlib"
1601. },
1602. {
1603. "typename": "System.Reflection.ParameterInfo",
1604. "assembly": "mscorlib"
1605. },
1606. {
1607. "typename": "System.Reflection.ParameterModifier",
1608. "assembly": "mscorlib"
1609. },
1610. {
1611. "typename": "System.Reflection.PropertyInfo",
1612. "assembly": "mscorlib"
1613. },
1614. {
1615. "typename": "System.ResolveEventArgs",
1616. "assembly": "mscorlib"
1617. },
1618. {
1619. "typename": "System.ResolveEventHandler",
1620. "assembly": "mscorlib"
1621. },
1622. {
1623. "typename": "System.Resources.ResourceManager",
1624. "assembly": "mscorlib"
1625. },
1626. {
1627. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
1628. "assembly": "mscorlib"
1629. },
1630. {
1631. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
1632. "assembly": "mscorlib"
1633. },
1634. {
1635. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
1636. "assembly": "mscorlib"
1637. },
1638. {
1639. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
1640. "assembly": "mscorlib"
1641. },
1642. {
1643. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
1644. "assembly": "mscorlib"
1645. },
1646. {
1647. "typename": "System.Runtime.InteropServices.GuidAttribute",
1648. "assembly": "mscorlib"
1649. },
1650. {
1651. "typename": "System.Runtime.InteropServices._Type",
1652. "assembly": "mscorlib"
1653. },
1654. {
1655. "typename": "System.Runtime.Remoting.ObjectHandle",
1656. "assembly": "mscorlib"
1657. },
1658. {
1659. "typename": "System.Runtime.Serialization.ISerializable",
1660. "assembly": "mscorlib"
1661. },
1662. {
1663. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
1664. "assembly": "mscorlib"
1665. },
1666. {
1667. "typename": "System.RuntimeFieldHandle",
1668. "assembly": "mscorlib"
1669. },
1670. {
1671. "typename": "System.RuntimeTypeHandle",
1672. "assembly": "mscorlib"
1673. },
1674. {
1675. "typename": "System.SByte",
1676. "assembly": "mscorlib"
1677. },
1678. {
1679. "typename": "System.STAThreadAttribute",
1680. "assembly": "mscorlib"
1681. },
1682. {
1683. "typename": "System.String",
1684. "assembly": "mscorlib"
1685. },
1686. {
1687. "typename": "System.StringComparison",
1688. "assembly": "mscorlib"
1689. },
1690. {
1691. "typename": "System.StringSplitOptions",
1692. "assembly": "mscorlib"
1693. },
1694. {
1695. "typename": "System.Text.StringBuilder",
1696. "assembly": "mscorlib"
1697. },
1698. {
1699. "typename": "System.Threading.Thread",
1700. "assembly": "mscorlib"
1701. },
1702. {
1703. "typename": "System.TimeSpan",
1704. "assembly": "mscorlib"
1705. },
1706. {
1707. "typename": "System.Type",
1708. "assembly": "mscorlib"
1709. },
1710. {
1711. "typename": "System.TypeCode",
1712. "assembly": "mscorlib"
1713. },
1714. {
1715. "typename": "System.UInt16",
1716. "assembly": "mscorlib"
1717. },
1718. {
1719. "typename": "System.UInt32",
1720. "assembly": "mscorlib"
1721. },
1722. {
1723. "typename": "System.UInt64",
1724. "assembly": "mscorlib"
1725. },
1726. {
1727. "typename": "System.ValueType",
1728. "assembly": "mscorlib"
1729. },
1730. {
1731. "typename": "System.Void",
1732. "assembly": "mscorlib"
1733. }
1734. ]
1735. },
1736. "pe": {
1737. "peid_signatures": null,
1738. "imports": [
1739. {
1740. "imports": [
1741. {
1742. "name": "_CorExeMain",
1743. "address": "0x402000"
1744. }
1745. ],
1746. "dll": "mscoree.dll"
1747. }
1748. ],
1749. "digital_signers": null,
1750. "exported_dll_name": null,
1751. "actual_checksum": "0x00064d95",
1752. "overlay": {
1753. "size": "0x00002db8",
1754. "offset": "0x0005f400"
1755. },
1756. "imagebase": "0x00400000",
1757. "reported_checksum": "0x00000000",
1758. "icon_hash": null,
1759. "entrypoint": "0x0046098e",
1760. "timestamp": "1985-11-08 18:16:15",
1761. "osversion": "4.0",
1762. "sections": [
1763. {
1764. "name": ".text",
1765. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1766. "virtual_address": "0x00002000",
1767. "size_of_data": "0x0005ea00",
1768. "entropy": "7.58",
1769. "raw_address": "0x00000200",
1770. "virtual_size": "0x0005e994",
1771. "characteristics_raw": "0x60000020"
1772. },
1773. {
1774. "name": ".rsrc",
1775. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1776. "virtual_address": "0x00062000",
1777. "size_of_data": "0x00000600",
1778. "entropy": "4.48",
1779. "raw_address": "0x0005ec00",
1780. "virtual_size": "0x00000600",
1781. "characteristics_raw": "0x40000040"
1782. },
1783. {
1784. "name": ".reloc",
1785. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1786. "virtual_address": "0x00064000",
1787. "size_of_data": "0x00000200",
1788. "entropy": "0.08",
1789. "raw_address": "0x0005f200",
1790. "virtual_size": "0x0000000c",
1791. "characteristics_raw": "0x42000040"
1792. }
1793. ],
1794. "resources": [],
1795. "dirents": [
1796. {
1797. "virtual_address": "0x00000000",
1798. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1799. "size": "0x00000000"
1800. },
1801. {
1802. "virtual_address": "0x0006093c",
1803. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1804. "size": "0x0000004f"
1805. },
1806. {
1807. "virtual_address": "0x00062000",
1808. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1809. "size": "0x00000600"
1810. },
1811. {
1812. "virtual_address": "0x00000000",
1813. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1814. "size": "0x00000000"
1815. },
1816. {
1817. "virtual_address": "0x0005f400",
1818. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1819. "size": "0x00002db8"
1820. },
1821. {
1822. "virtual_address": "0x00064000",
1823. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1824. "size": "0x0000000c"
1825. },
1826. {
1827. "virtual_address": "0x00000000",
1828. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1829. "size": "0x00000000"
1830. },
1831. {
1832. "virtual_address": "0x00000000",
1833. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1834. "size": "0x00000000"
1835. },
1836. {
1837. "virtual_address": "0x00000000",
1838. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1839. "size": "0x00000000"
1840. },
1841. {
1842. "virtual_address": "0x00000000",
1843. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1844. "size": "0x00000000"
1845. },
1846. {
1847. "virtual_address": "0x00000000",
1848. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1849. "size": "0x00000000"
1850. },
1851. {
1852. "virtual_address": "0x00000000",
1853. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1854. "size": "0x00000000"
1855. },
1856. {
1857. "virtual_address": "0x00002000",
1858. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1859. "size": "0x00000008"
1860. },
1861. {
1862. "virtual_address": "0x00000000",
1863. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1864. "size": "0x00000000"
1865. },
1866. {
1867. "virtual_address": "0x00002008",
1868. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1869. "size": "0x00000048"
1870. },
1871. {
1872. "virtual_address": "0x00000000",
1873. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1874. "size": "0x00000000"
1875. }
1876. ],
1877. "exports": [],
1878. "guest_signers": {},
1879. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
1880. "icon_fuzzy": null,
1881. "icon": null,
1882. "pdbpath": null,
1883. "imported_dll_count": 1,
1884. "versioninfo": []
1885. }
1886. }