API tools faq
paste
Advertisement
paladin316

Must_exe.json

paladin316
Jun 19th, 2019
1,820
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 81.00 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Must.exe"
  7. [*] File Size: 260096
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "973fc026fc00e319c3acf3126302e014be02a8a10bafb768cd8b5f7a8ffc8adf"
  10. [*] MD5: "efff982417521ab0c682da6b59e03247"
  11. [*] SHA1: "a42058ceb3c5ad329ba5a8ac0ce2ab56f179adef"
  12. [*] SHA512: "46f72033d14c282be7fd7bdac5fc24eb29cb32c188024ee97f69e5ffc2ef66f5b2688dcb2de9ef8e8066fe8ef2ec658f08a4cf5de814a927b0fa4e850db3d03d"
  13. [*] CRC32: "2512722A"
  14. [*] SSDEEP: "6144:FLTMynTV+Arjmkm1+zFU27PnN9+fPnn33:FtT3Xzq27P/+ff3"
  15.  
  16. [*] Process Execution: [
  17. "Must.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Performs some HTTP requests",
  23. "Details": [
  24. {
  25. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  26. },
  27. {
  28. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  29. },
  30. {
  31. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  32. },
  33. {
  34. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  35. },
  36. {
  37. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  38. },
  39. {
  40. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  41. },
  42. {
  43. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  44. },
  45. {
  46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  47. },
  48. {
  49. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  50. },
  51. {
  52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  53. },
  54. {
  55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  56. },
  57. {
  58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  59. },
  60. {
  61. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  62. },
  63. {
  64. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  65. },
  66. {
  67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  68. },
  69. {
  70. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  71. },
  72. {
  73. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  74. },
  75. {
  76. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  77. },
  78. {
  79. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  80. },
  81. {
  82. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  83. },
  84. {
  85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  86. },
  87. {
  88. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  89. },
  90. {
  91. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  92. },
  93. {
  94. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  95. },
  96. {
  97. "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes"
  98. }
  99. ]
  100. },
  101. {
  102. "Description": "The binary likely contains encrypted or compressed data.",
  103. "Details": [
  104. {
  105. "section": "name: .text, entropy: 7.24, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00036600, virtual_size: 0x00036564"
  106. },
  107. {
  108. "section": "name: .rsrc, entropy: 7.94, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00008e00, virtual_size: 0x00008d58"
  109. }
  110. ]
  111. },
  112. {
  113. "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
  114. "Details": [
  115. {
  116. "CAT-QuickHeal": "Backdoor.Androm.nhcd.FC.3342"
  117. },
  118. {
  119. "McAfee": "Packed-KX!EFFF98241752"
  120. },
  121. {
  122. "Cylance": "Unsafe"
  123. },
  124. {
  125. "SUPERAntiSpyware": "Trojan.Agent/Gen-Injector"
  126. },
  127. {
  128. "K7GW": "Trojan ( 005208091 )"
  129. },
  130. {
  131. "K7AntiVirus": "Trojan ( 005208091 )"
  132. },
  133. {
  134. "Arcabit": "Trojan.Razy.D29732"
  135. },
  136. {
  137. "Invincea": "heuristic"
  138. },
  139. {
  140. "Baidu": "Win32.Trojan.WisdomEyes.16070401.9500.9999"
  141. },
  142. {
  143. "Kaspersky": "HEUR:Backdoor.Win32.Generic"
  144. },
  145. {
  146. "BitDefender": "Gen:Variant.Razy.169778"
  147. },
  148. {
  149. "Endgame": "malicious (high confidence)"
  150. },
  151. {
  152. "Sophos": "Troj/Kryptik-HI"
  153. },
  154. {
  155. "F-Secure": "Gen:Variant.Razy.169778"
  156. },
  157. {
  158. "DrWeb": "Trojan.Hosts.42258"
  159. },
  160. {
  161. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.dc"
  162. },
  163. {
  164. "Emsisoft": "Gen:Variant.Razy.169778 (B)"
  165. },
  166. {
  167. "SentinelOne": "static engine - malicious"
  168. },
  169. {
  170. "Webroot": "W32.Trojan.Gen"
  171. },
  172. {
  173. "Avira": "HEUR/AGEN.1013220"
  174. },
  175. {
  176. "Fortinet": "MSIL/GenKryptik.ACTY!tr"
  177. },
  178. {
  179. "ZoneAlarm": "HEUR:Backdoor.Win32.Generic"
  180. },
  181. {
  182. "AhnLab-V3": "Win-Trojan/MSILKrypt02.Exp"
  183. },
  184. {
  185. "ALYac": "Gen:Variant.Razy.169778"
  186. },
  187. {
  188. "MAX": "malware (ai score=88)"
  189. },
  190. {
  191. "ESET-NOD32": "a variant of MSIL/Injector.SCB"
  192. },
  193. {
  194. "GData": "Gen:Variant.Razy.169778"
  195. },
  196. {
  197. "Ad-Aware": "Gen:Variant.Razy.169778"
  198. },
  199. {
  200. "Cybereason": "malicious.417521"
  201. },
  202. {
  203. "CrowdStrike": "malicious_confidence_100% (D)"
  204. },
  205. {
  206. "Qihoo-360": "Win32/Trojan.bc4"
  207. }
  208. ]
  209. }
  210. ]
  211.  
  212. [*] Started Service: []
  213.  
  214. [*] Executed Commands: []
  215.  
  216. [*] Mutexes: []
  217.  
  218. [*] Modified Files: []
  219.  
  220. [*] Deleted Files: []
  221.  
  222. [*] Modified Registry Keys: []
  223.  
  224. [*] Deleted Registry Keys: []
  225.  
  226. [*] DNS Communications: []
  227.  
  228. [*] Domains: []
  229.  
  230. [*] Network Communication - ICMP: []
  231.  
  232. [*] Network Communication - HTTP: [
  233. {
  234. "count": 1,
  235. "body": "",
  236. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  237. "user-agent": "Microsoft-CryptoAPI/6.1",
  238. "method": "GET",
  239. "host": "ocsp.digicert.com",
  240. "version": "1.1",
  241. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  242. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  243. "port": 80
  244. },
  245. {
  246. "count": 1,
  247. "body": "",
  248. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  249. "user-agent": "Microsoft-CryptoAPI/6.1",
  250. "method": "GET",
  251. "host": "ocsp.digicert.com",
  252. "version": "1.1",
  253. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  254. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  255. "port": 80
  256. },
  257. {
  258. "count": 1,
  259. "body": "",
  260. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  261. "user-agent": "Microsoft-CryptoAPI/6.1",
  262. "method": "GET",
  263. "host": "ocsp.digicert.com",
  264. "version": "1.1",
  265. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  266. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  267. "port": 80
  268. },
  269. {
  270. "count": 1,
  271. "body": "",
  272. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  273. "user-agent": "Microsoft-CryptoAPI/6.1",
  274. "method": "GET",
  275. "host": "ocsp.pki.goog",
  276. "version": "1.1",
  277. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  278. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  279. "port": 80
  280. },
  281. {
  282. "count": 1,
  283. "body": "",
  284. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  285. "user-agent": "Microsoft-CryptoAPI/6.1",
  286. "method": "GET",
  287. "host": "ocsp.digicert.com",
  288. "version": "1.1",
  289. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  290. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  291. "port": 80
  292. },
  293. {
  294. "count": 1,
  295. "body": "",
  296. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  297. "user-agent": "Microsoft-CryptoAPI/6.1",
  298. "method": "GET",
  299. "host": "crl.microsoft.com",
  300. "version": "1.1",
  301. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  302. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  303. "port": 80
  304. },
  305. {
  306. "count": 1,
  307. "body": "",
  308. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  309. "user-agent": "Microsoft-CryptoAPI/6.1",
  310. "method": "GET",
  311. "host": "ocsp.comodoca.com",
  312. "version": "1.1",
  313. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  314. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  315. "port": 80
  316. },
  317. {
  318. "count": 1,
  319. "body": "",
  320. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  321. "user-agent": "Microsoft-CryptoAPI/6.1",
  322. "method": "GET",
  323. "host": "ocsp.pki.goog",
  324. "version": "1.1",
  325. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  326. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  327. "port": 80
  328. },
  329. {
  330. "count": 1,
  331. "body": "",
  332. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  333. "user-agent": "Microsoft-CryptoAPI/6.1",
  334. "method": "GET",
  335. "host": "ocsp.digicert.com",
  336. "version": "1.1",
  337. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  338. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  339. "port": 80
  340. },
  341. {
  342. "count": 1,
  343. "body": "",
  344. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  345. "user-agent": "Microsoft-CryptoAPI/6.1",
  346. "method": "GET",
  347. "host": "www.download.windowsupdate.com",
  348. "version": "1.1",
  349. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  350. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  351. "port": 80
  352. },
  353. {
  354. "count": 1,
  355. "body": "",
  356. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  357. "user-agent": "Microsoft-CryptoAPI/6.1",
  358. "method": "GET",
  359. "host": "crl.microsoft.com",
  360. "version": "1.1",
  361. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  362. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  363. "port": 80
  364. },
  365. {
  366. "count": 1,
  367. "body": "",
  368. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  369. "user-agent": "Microsoft-CryptoAPI/6.1",
  370. "method": "GET",
  371. "host": "ocsp.digicert.com",
  372. "version": "1.1",
  373. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  374. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  375. "port": 80
  376. },
  377. {
  378. "count": 1,
  379. "body": "",
  380. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  381. "user-agent": "Microsoft-CryptoAPI/6.1",
  382. "method": "GET",
  383. "host": "ocsp.digicert.com",
  384. "version": "1.1",
  385. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  386. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  387. "port": 80
  388. },
  389. {
  390. "count": 1,
  391. "body": "",
  392. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  393. "user-agent": "Microsoft-CryptoAPI/6.1",
  394. "method": "GET",
  395. "host": "ocsp.digicert.com",
  396. "version": "1.1",
  397. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  398. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  399. "port": 80
  400. },
  401. {
  402. "count": 1,
  403. "body": "",
  404. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  405. "user-agent": "Microsoft-CryptoAPI/6.1",
  406. "method": "GET",
  407. "host": "ocsp.pki.goog",
  408. "version": "1.1",
  409. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  410. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  411. "port": 80
  412. },
  413. {
  414. "count": 1,
  415. "body": "",
  416. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  417. "user-agent": "Microsoft-CryptoAPI/6.1",
  418. "method": "GET",
  419. "host": "ocsp.pki.goog",
  420. "version": "1.1",
  421. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  422. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  423. "port": 80
  424. },
  425. {
  426. "count": 1,
  427. "body": "",
  428. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  429. "user-agent": "Microsoft-CryptoAPI/6.1",
  430. "method": "GET",
  431. "host": "ocsp.digicert.com",
  432. "version": "1.1",
  433. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  434. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  435. "port": 80
  436. },
  437. {
  438. "count": 1,
  439. "body": "",
  440. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  441. "user-agent": "Microsoft-CryptoAPI/6.1",
  442. "method": "GET",
  443. "host": "ocsp.pki.goog",
  444. "version": "1.1",
  445. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  446. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  447. "port": 80
  448. },
  449. {
  450. "count": 1,
  451. "body": "",
  452. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  453. "user-agent": "Microsoft-CryptoAPI/6.1",
  454. "method": "GET",
  455. "host": "ocsp.msocsp.com",
  456. "version": "1.1",
  457. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  458. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  459. "port": 80
  460. },
  461. {
  462. "count": 1,
  463. "body": "",
  464. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  465. "user-agent": "Microsoft-CryptoAPI/6.1",
  466. "method": "GET",
  467. "host": "ocsp.thawte.com",
  468. "version": "1.1",
  469. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  470. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  471. "port": 80
  472. },
  473. {
  474. "count": 1,
  475. "body": "",
  476. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  477. "user-agent": "Microsoft-CryptoAPI/6.1",
  478. "method": "GET",
  479. "host": "ocsp.usertrust.com",
  480. "version": "1.1",
  481. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  482. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  483. "port": 80
  484. },
  485. {
  486. "count": 1,
  487. "body": "",
  488. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  489. "user-agent": "Microsoft-CryptoAPI/6.1",
  490. "method": "GET",
  491. "host": "th.symcd.com",
  492. "version": "1.1",
  493. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  494. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  495. "port": 80
  496. },
  497. {
  498. "count": 1,
  499. "body": "",
  500. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  501. "user-agent": "Microsoft-CryptoAPI/6.1",
  502. "method": "GET",
  503. "host": "ocsp.digicert.com",
  504. "version": "1.1",
  505. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  506. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  507. "port": 80
  508. },
  509. {
  510. "count": 1,
  511. "body": "",
  512. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  513. "user-agent": "Microsoft-CryptoAPI/6.1",
  514. "method": "GET",
  515. "host": "ocsp.digicert.com",
  516. "version": "1.1",
  517. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  518. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  519. "port": 80
  520. },
  521. {
  522. "count": 1,
  523. "body": "",
  524. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  525. "user-agent": "Microsoft-CryptoAPI/6.1",
  526. "method": "GET",
  527. "host": "ocsp.pki.goog",
  528. "version": "1.1",
  529. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  530. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  531. "port": 80
  532. },
  533. {
  534. "count": 1,
  535. "body": "",
  536. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  537. "user-agent": "Microsoft-CryptoAPI/6.1",
  538. "method": "GET",
  539. "host": "crl.microsoft.com",
  540. "version": "1.1",
  541. "path": "/pki/crl/products/microsoftrootcert.crl",
  542. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  543. "port": 80
  544. },
  545. {
  546. "count": 1,
  547. "body": "",
  548. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  549. "user-agent": "Microsoft BITS/7.5",
  550. "method": "HEAD",
  551. "host": "redirector.gvt1.com",
  552. "version": "1.1",
  553. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  554. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  555. "port": 80
  556. },
  557. {
  558. "count": 1,
  559. "body": "",
  560. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  561. "user-agent": "Microsoft BITS/7.5",
  562. "method": "HEAD",
  563. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  564. "version": "1.1",
  565. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  566. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  567. "port": 80
  568. },
  569. {
  570. "count": 1,
  571. "body": "",
  572. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  573. "user-agent": "Microsoft BITS/7.5",
  574. "method": "GET",
  575. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  576. "version": "1.1",
  577. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  578. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6674\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  579. "port": 80
  580. },
  581. {
  582. "count": 1,
  583. "body": "",
  584. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  585. "user-agent": "Microsoft BITS/7.5",
  586. "method": "GET",
  587. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  588. "version": "1.1",
  589. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  590. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6675-17123\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  591. "port": 80
  592. },
  593. {
  594. "count": 1,
  595. "body": "",
  596. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  597. "user-agent": "Microsoft BITS/7.5",
  598. "method": "GET",
  599. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  600. "version": "1.1",
  601. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  602. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17124-26887\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  603. "port": 80
  604. },
  605. {
  606. "count": 1,
  607. "body": "",
  608. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  609. "user-agent": "Microsoft BITS/7.5",
  610. "method": "GET",
  611. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  612. "version": "1.1",
  613. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  614. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=26888-36368\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  615. "port": 80
  616. },
  617. {
  618. "count": 1,
  619. "body": "",
  620. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  621. "user-agent": "Microsoft BITS/7.5",
  622. "method": "GET",
  623. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  624. "version": "1.1",
  625. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  626. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=36369-65748\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  627. "port": 80
  628. },
  629. {
  630. "count": 1,
  631. "body": "",
  632. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  633. "user-agent": "Microsoft BITS/7.5",
  634. "method": "GET",
  635. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  636. "version": "1.1",
  637. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  638. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=65749-107803\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  639. "port": 80
  640. },
  641. {
  642. "count": 1,
  643. "body": "",
  644. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  645. "user-agent": "Microsoft BITS/7.5",
  646. "method": "GET",
  647. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  648. "version": "1.1",
  649. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  650. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=107804-194694\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  651. "port": 80
  652. },
  653. {
  654. "count": 1,
  655. "body": "",
  656. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  657. "user-agent": "Microsoft BITS/7.5",
  658. "method": "GET",
  659. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  660. "version": "1.1",
  661. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  662. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=194695-309794\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  663. "port": 80
  664. },
  665. {
  666. "count": 1,
  667. "body": "",
  668. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  669. "user-agent": "Microsoft BITS/7.5",
  670. "method": "GET",
  671. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  672. "version": "1.1",
  673. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  674. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=309795-671540\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  675. "port": 80
  676. },
  677. {
  678. "count": 1,
  679. "body": "",
  680. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  681. "user-agent": "Microsoft BITS/7.5",
  682. "method": "GET",
  683. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  684. "version": "1.1",
  685. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  686. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=671541-1389270\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  687. "port": 80
  688. },
  689. {
  690. "count": 1,
  691. "body": "",
  692. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  693. "user-agent": "Microsoft BITS/7.5",
  694. "method": "GET",
  695. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  696. "version": "1.1",
  697. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  698. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1389271-2827623\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  699. "port": 80
  700. },
  701. {
  702. "count": 1,
  703. "body": "",
  704. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  705. "user-agent": "Microsoft BITS/7.5",
  706. "method": "GET",
  707. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  708. "version": "1.1",
  709. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  710. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2827624-5704003\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  711. "port": 80
  712. },
  713. {
  714. "count": 1,
  715. "body": "",
  716. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  717. "user-agent": "Microsoft BITS/7.5",
  718. "method": "GET",
  719. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  720. "version": "1.1",
  721. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  722. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5704004-11462468\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  723. "port": 80
  724. },
  725. {
  726. "count": 1,
  727. "body": "",
  728. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  729. "user-agent": "Microsoft BITS/7.5",
  730. "method": "GET",
  731. "host": "r13---sn-bvvbax-2ime.gvt1.com",
  732. "version": "1.1",
  733. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes",
  734. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560392492&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11462469-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
  735. "port": 80
  736. }
  737. ]
  738.  
  739. [*] Network Communication - SMTP: []
  740.  
  741. [*] Network Communication - Hosts: []
  742.  
  743. [*] Network Communication - IRC: []
  744.  
  745. [*] Static Analysis: {
  746. "dotnet": {
  747. "customattrs": [
  748. {
  749. "type": "Property",
  750. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  751. "value": "My.Comput"
  752. },
  753. {
  754. "type": "Assembly",
  755. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  756. "value": "YoaMa cor"
  757. },
  758. {
  759. "type": "Assembly",
  760. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  761. "value": "YoaMa 20"
  762. },
  763. {
  764. "type": "Assembly",
  765. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  766. "value": "YoaMa Record"
  767. },
  768. {
  769. "type": "Assembly",
  770. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  771. "value": "1.9.8"
  772. },
  773. {
  774. "type": "Assembly",
  775. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  776. "value": "YoaMa is a powerful recode"
  777. },
  778. {
  779. "type": "Assembly",
  780. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  781. "value": "Yoa"
  782. },
  783. {
  784. "type": "Property",
  785. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  786. "value": "My.Applicati"
  787. },
  788. {
  789. "type": "Property",
  790. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  791. "value": "My.Us"
  792. }
  793. ],
  794. "assemblyinfo": {
  795. "version": "1.9.8.0",
  796. "name": "Must"
  797. },
  798. "assemblyrefs": [
  799. {
  800. "version": "4.0.0.0",
  801. "name": "mscorlib"
  802. },
  803. {
  804. "version": "10.0.0.0",
  805. "name": "Microsoft.VisualBasic"
  806. },
  807. {
  808. "version": "4.0.0.0",
  809. "name": "System.Drawing"
  810. },
  811. {
  812. "version": "4.0.0.0",
  813. "name": "System"
  814. }
  815. ],
  816. "typerefs": [
  817. {
  818. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
  819. "assembly": "Microsoft.VisualBasic"
  820. },
  821. {
  822. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
  823. "assembly": "Microsoft.VisualBasic"
  824. },
  825. {
  826. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
  827. "assembly": "Microsoft.VisualBasic"
  828. },
  829. {
  830. "typename": "Microsoft.VisualBasic.CompilerServices.LateBinding",
  831. "assembly": "Microsoft.VisualBasic"
  832. },
  833. {
  834. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
  835. "assembly": "Microsoft.VisualBasic"
  836. },
  837. {
  838. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
  839. "assembly": "Microsoft.VisualBasic"
  840. },
  841. {
  842. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
  843. "assembly": "Microsoft.VisualBasic"
  844. },
  845. {
  846. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
  847. "assembly": "Microsoft.VisualBasic"
  848. },
  849. {
  850. "typename": "Microsoft.VisualBasic.Devices.Computer",
  851. "assembly": "Microsoft.VisualBasic"
  852. },
  853. {
  854. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
  855. "assembly": "Microsoft.VisualBasic"
  856. },
  857. {
  858. "typename": "Microsoft.VisualBasic.Interaction",
  859. "assembly": "Microsoft.VisualBasic"
  860. },
  861. {
  862. "typename": "Microsoft.VisualBasic.MsgBoxResult",
  863. "assembly": "Microsoft.VisualBasic"
  864. },
  865. {
  866. "typename": "Microsoft.VisualBasic.MsgBoxStyle",
  867. "assembly": "Microsoft.VisualBasic"
  868. },
  869. {
  870. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
  871. "assembly": "Microsoft.VisualBasic"
  872. },
  873. {
  874. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  875. "assembly": "System"
  876. },
  877. {
  878. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
  879. "assembly": "System"
  880. },
  881. {
  882. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  883. "assembly": "System"
  884. },
  885. {
  886. "typename": "System.ComponentModel.EditorBrowsableState",
  887. "assembly": "System"
  888. },
  889. {
  890. "typename": "System.Drawing.Bitmap",
  891. "assembly": "System.Drawing"
  892. },
  893. {
  894. "typename": "System.Drawing.Color",
  895. "assembly": "System.Drawing"
  896. },
  897. {
  898. "typename": "System.Drawing.Image",
  899. "assembly": "System.Drawing"
  900. },
  901. {
  902. "typename": "System.Activator",
  903. "assembly": "mscorlib"
  904. },
  905. {
  906. "typename": "System.AppDomain",
  907. "assembly": "mscorlib"
  908. },
  909. {
  910. "typename": "System.Array",
  911. "assembly": "mscorlib"
  912. },
  913. {
  914. "typename": "System.Buffer",
  915. "assembly": "mscorlib"
  916. },
  917. {
  918. "typename": "System.Byte",
  919. "assembly": "mscorlib"
  920. },
  921. {
  922. "typename": "System.Collections.Generic.Dictionary`2",
  923. "assembly": "mscorlib"
  924. },
  925. {
  926. "typename": "System.Collections.Generic.List`1",
  927. "assembly": "mscorlib"
  928. },
  929. {
  930. "typename": "System.Collections.IEnumerable",
  931. "assembly": "mscorlib"
  932. },
  933. {
  934. "typename": "System.Collections.IEnumerator",
  935. "assembly": "mscorlib"
  936. },
  937. {
  938. "typename": "System.Convert",
  939. "assembly": "mscorlib"
  940. },
  941. {
  942. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  943. "assembly": "mscorlib"
  944. },
  945. {
  946. "typename": "System.Exception",
  947. "assembly": "mscorlib"
  948. },
  949. {
  950. "typename": "System.IDisposable",
  951. "assembly": "mscorlib"
  952. },
  953. {
  954. "typename": "System.IO.Stream",
  955. "assembly": "mscorlib"
  956. },
  957. {
  958. "typename": "System.Object",
  959. "assembly": "mscorlib"
  960. },
  961. {
  962. "typename": "System.ParamArrayAttribute",
  963. "assembly": "mscorlib"
  964. },
  965. {
  966. "typename": "System.Reflection.Assembly",
  967. "assembly": "mscorlib"
  968. },
  969. {
  970. "typename": "System.Reflection.AssemblyCompanyAttribute",
  971. "assembly": "mscorlib"
  972. },
  973. {
  974. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  975. "assembly": "mscorlib"
  976. },
  977. {
  978. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  979. "assembly": "mscorlib"
  980. },
  981. {
  982. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  983. "assembly": "mscorlib"
  984. },
  985. {
  986. "typename": "System.Reflection.AssemblyProductAttribute",
  987. "assembly": "mscorlib"
  988. },
  989. {
  990. "typename": "System.Reflection.AssemblyTitleAttribute",
  991. "assembly": "mscorlib"
  992. },
  993. {
  994. "typename": "System.Reflection.BindingFlags",
  995. "assembly": "mscorlib"
  996. },
  997. {
  998. "typename": "System.Reflection.MethodAttributes",
  999. "assembly": "mscorlib"
  1000. },
  1001. {
  1002. "typename": "System.Reflection.MethodBase",
  1003. "assembly": "mscorlib"
  1004. },
  1005. {
  1006. "typename": "System.Reflection.MethodInfo",
  1007. "assembly": "mscorlib"
  1008. },
  1009. {
  1010. "typename": "System.Reflection.ParameterInfo",
  1011. "assembly": "mscorlib"
  1012. },
  1013. {
  1014. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1015. "assembly": "mscorlib"
  1016. },
  1017. {
  1018. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1019. "assembly": "mscorlib"
  1020. },
  1021. {
  1022. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1023. "assembly": "mscorlib"
  1024. },
  1025. {
  1026. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1027. "assembly": "mscorlib"
  1028. },
  1029. {
  1030. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1031. "assembly": "mscorlib"
  1032. },
  1033. {
  1034. "typename": "System.RuntimeTypeHandle",
  1035. "assembly": "mscorlib"
  1036. },
  1037. {
  1038. "typename": "System.STAThreadAttribute",
  1039. "assembly": "mscorlib"
  1040. },
  1041. {
  1042. "typename": "System.String",
  1043. "assembly": "mscorlib"
  1044. },
  1045. {
  1046. "typename": "System.Text.Encoding",
  1047. "assembly": "mscorlib"
  1048. },
  1049. {
  1050. "typename": "System.ThreadStaticAttribute",
  1051. "assembly": "mscorlib"
  1052. },
  1053. {
  1054. "typename": "System.Type",
  1055. "assembly": "mscorlib"
  1056. }
  1057. ]
  1058. },
  1059. "pe": {
  1060. "peid_signatures": null,
  1061. "imports": [
  1062. {
  1063. "imports": [
  1064. {
  1065. "name": "_CorExeMain",
  1066. "address": "0x402000"
  1067. }
  1068. ],
  1069. "dll": "mscoree.dll"
  1070. }
  1071. ],
  1072. "digital_signers": null,
  1073. "exported_dll_name": null,
  1074. "actual_checksum": "0x0004af01",
  1075. "overlay": null,
  1076. "imagebase": "0x00400000",
  1077. "reported_checksum": "0x00000000",
  1078. "icon_hash": null,
  1079. "entrypoint": "0x0043855e",
  1080. "timestamp": "2017-05-11 16:34:17",
  1081. "osversion": "4.0",
  1082. "sections": [
  1083. {
  1084. "name": ".text",
  1085. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1086. "virtual_address": "0x00002000",
  1087. "size_of_data": "0x00036600",
  1088. "entropy": "7.24",
  1089. "raw_address": "0x00000200",
  1090. "virtual_size": "0x00036564",
  1091. "characteristics_raw": "0x60000020"
  1092. },
  1093. {
  1094. "name": ".rsrc",
  1095. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1096. "virtual_address": "0x0003a000",
  1097. "size_of_data": "0x00008e00",
  1098. "entropy": "7.94",
  1099. "raw_address": "0x00036800",
  1100. "virtual_size": "0x00008d58",
  1101. "characteristics_raw": "0x40000040"
  1102. },
  1103. {
  1104. "name": ".reloc",
  1105. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1106. "virtual_address": "0x00044000",
  1107. "size_of_data": "0x00000200",
  1108. "entropy": "0.10",
  1109. "raw_address": "0x0003f600",
  1110. "virtual_size": "0x0000000c",
  1111. "characteristics_raw": "0x42000040"
  1112. }
  1113. ],
  1114. "resources": [],
  1115. "dirents": [
  1116. {
  1117. "virtual_address": "0x00000000",
  1118. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1119. "size": "0x00000000"
  1120. },
  1121. {
  1122. "virtual_address": "0x0003850c",
  1123. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1124. "size": "0x0000004f"
  1125. },
  1126. {
  1127. "virtual_address": "0x0003a000",
  1128. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1129. "size": "0x00008d58"
  1130. },
  1131. {
  1132. "virtual_address": "0x00000000",
  1133. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1134. "size": "0x00000000"
  1135. },
  1136. {
  1137. "virtual_address": "0x00000000",
  1138. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1139. "size": "0x00000000"
  1140. },
  1141. {
  1142. "virtual_address": "0x00044000",
  1143. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1144. "size": "0x0000000c"
  1145. },
  1146. {
  1147. "virtual_address": "0x00000000",
  1148. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1149. "size": "0x00000000"
  1150. },
  1151. {
  1152. "virtual_address": "0x00000000",
  1153. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1154. "size": "0x00000000"
  1155. },
  1156. {
  1157. "virtual_address": "0x00000000",
  1158. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1159. "size": "0x00000000"
  1160. },
  1161. {
  1162. "virtual_address": "0x00000000",
  1163. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1164. "size": "0x00000000"
  1165. },
  1166. {
  1167. "virtual_address": "0x00000000",
  1168. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1169. "size": "0x00000000"
  1170. },
  1171. {
  1172. "virtual_address": "0x00000000",
  1173. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1174. "size": "0x00000000"
  1175. },
  1176. {
  1177. "virtual_address": "0x00002000",
  1178. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1179. "size": "0x00000008"
  1180. },
  1181. {
  1182. "virtual_address": "0x00000000",
  1183. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1184. "size": "0x00000000"
  1185. },
  1186. {
  1187. "virtual_address": "0x00002008",
  1188. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1189. "size": "0x00000048"
  1190. },
  1191. {
  1192. "virtual_address": "0x00000000",
  1193. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1194. "size": "0x00000000"
  1195. }
  1196. ],
  1197. "exports": [],
  1198. "guest_signers": {},
  1199. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1200. "icon_fuzzy": null,
  1201. "icon": null,
  1202. "pdbpath": null,
  1203. "imported_dll_count": 1,
  1204. "versioninfo": []
  1205. }
  1206. }
  1207.  
  1208. [*] Resolved APIs: [
  1209. "advapi32.dll.RegOpenKeyExW",
  1210. "advapi32.dll.RegQueryInfoKeyW",
  1211. "advapi32.dll.RegEnumKeyExW",
  1212. "advapi32.dll.RegEnumValueW",
  1213. "advapi32.dll.RegCloseKey",
  1214. "advapi32.dll.RegQueryValueExW",
  1215. "kernel32.dll.QueryActCtxW",
  1216. "shlwapi.dll.UrlIsW"
  1217. ]
  1218.  
  1219. [*] Static Analysis: {
  1220. "dotnet": {
  1221. "customattrs": [
  1222. {
  1223. "type": "Property",
  1224. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  1225. "value": "My.Comput"
  1226. },
  1227. {
  1228. "type": "Assembly",
  1229. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  1230. "value": "YoaMa cor"
  1231. },
  1232. {
  1233. "type": "Assembly",
  1234. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  1235. "value": "YoaMa 20"
  1236. },
  1237. {
  1238. "type": "Assembly",
  1239. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  1240. "value": "YoaMa Record"
  1241. },
  1242. {
  1243. "type": "Assembly",
  1244. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  1245. "value": "1.9.8"
  1246. },
  1247. {
  1248. "type": "Assembly",
  1249. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  1250. "value": "YoaMa is a powerful recode"
  1251. },
  1252. {
  1253. "type": "Assembly",
  1254. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  1255. "value": "Yoa"
  1256. },
  1257. {
  1258. "type": "Property",
  1259. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  1260. "value": "My.Applicati"
  1261. },
  1262. {
  1263. "type": "Property",
  1264. "name": "[System]System.ComponentModel.Design.HelpKeywordAttribute",
  1265. "value": "My.Us"
  1266. }
  1267. ],
  1268. "assemblyinfo": {
  1269. "version": "1.9.8.0",
  1270. "name": "Must"
  1271. },
  1272. "assemblyrefs": [
  1273. {
  1274. "version": "4.0.0.0",
  1275. "name": "mscorlib"
  1276. },
  1277. {
  1278. "version": "10.0.0.0",
  1279. "name": "Microsoft.VisualBasic"
  1280. },
  1281. {
  1282. "version": "4.0.0.0",
  1283. "name": "System.Drawing"
  1284. },
  1285. {
  1286. "version": "4.0.0.0",
  1287. "name": "System"
  1288. }
  1289. ],
  1290. "typerefs": [
  1291. {
  1292. "typename": "Microsoft.VisualBasic.ApplicationServices.ApplicationBase",
  1293. "assembly": "Microsoft.VisualBasic"
  1294. },
  1295. {
  1296. "typename": "Microsoft.VisualBasic.ApplicationServices.User",
  1297. "assembly": "Microsoft.VisualBasic"
  1298. },
  1299. {
  1300. "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
  1301. "assembly": "Microsoft.VisualBasic"
  1302. },
  1303. {
  1304. "typename": "Microsoft.VisualBasic.CompilerServices.LateBinding",
  1305. "assembly": "Microsoft.VisualBasic"
  1306. },
  1307. {
  1308. "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
  1309. "assembly": "Microsoft.VisualBasic"
  1310. },
  1311. {
  1312. "typename": "Microsoft.VisualBasic.CompilerServices.Operators",
  1313. "assembly": "Microsoft.VisualBasic"
  1314. },
  1315. {
  1316. "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
  1317. "assembly": "Microsoft.VisualBasic"
  1318. },
  1319. {
  1320. "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
  1321. "assembly": "Microsoft.VisualBasic"
  1322. },
  1323. {
  1324. "typename": "Microsoft.VisualBasic.Devices.Computer",
  1325. "assembly": "Microsoft.VisualBasic"
  1326. },
  1327. {
  1328. "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
  1329. "assembly": "Microsoft.VisualBasic"
  1330. },
  1331. {
  1332. "typename": "Microsoft.VisualBasic.Interaction",
  1333. "assembly": "Microsoft.VisualBasic"
  1334. },
  1335. {
  1336. "typename": "Microsoft.VisualBasic.MsgBoxResult",
  1337. "assembly": "Microsoft.VisualBasic"
  1338. },
  1339. {
  1340. "typename": "Microsoft.VisualBasic.MsgBoxStyle",
  1341. "assembly": "Microsoft.VisualBasic"
  1342. },
  1343. {
  1344. "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
  1345. "assembly": "Microsoft.VisualBasic"
  1346. },
  1347. {
  1348. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  1349. "assembly": "System"
  1350. },
  1351. {
  1352. "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
  1353. "assembly": "System"
  1354. },
  1355. {
  1356. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  1357. "assembly": "System"
  1358. },
  1359. {
  1360. "typename": "System.ComponentModel.EditorBrowsableState",
  1361. "assembly": "System"
  1362. },
  1363. {
  1364. "typename": "System.Drawing.Bitmap",
  1365. "assembly": "System.Drawing"
  1366. },
  1367. {
  1368. "typename": "System.Drawing.Color",
  1369. "assembly": "System.Drawing"
  1370. },
  1371. {
  1372. "typename": "System.Drawing.Image",
  1373. "assembly": "System.Drawing"
  1374. },
  1375. {
  1376. "typename": "System.Activator",
  1377. "assembly": "mscorlib"
  1378. },
  1379. {
  1380. "typename": "System.AppDomain",
  1381. "assembly": "mscorlib"
  1382. },
  1383. {
  1384. "typename": "System.Array",
  1385. "assembly": "mscorlib"
  1386. },
  1387. {
  1388. "typename": "System.Buffer",
  1389. "assembly": "mscorlib"
  1390. },
  1391. {
  1392. "typename": "System.Byte",
  1393. "assembly": "mscorlib"
  1394. },
  1395. {
  1396. "typename": "System.Collections.Generic.Dictionary`2",
  1397. "assembly": "mscorlib"
  1398. },
  1399. {
  1400. "typename": "System.Collections.Generic.List`1",
  1401. "assembly": "mscorlib"
  1402. },
  1403. {
  1404. "typename": "System.Collections.IEnumerable",
  1405. "assembly": "mscorlib"
  1406. },
  1407. {
  1408. "typename": "System.Collections.IEnumerator",
  1409. "assembly": "mscorlib"
  1410. },
  1411. {
  1412. "typename": "System.Convert",
  1413. "assembly": "mscorlib"
  1414. },
  1415. {
  1416. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  1417. "assembly": "mscorlib"
  1418. },
  1419. {
  1420. "typename": "System.Exception",
  1421. "assembly": "mscorlib"
  1422. },
  1423. {
  1424. "typename": "System.IDisposable",
  1425. "assembly": "mscorlib"
  1426. },
  1427. {
  1428. "typename": "System.IO.Stream",
  1429. "assembly": "mscorlib"
  1430. },
  1431. {
  1432. "typename": "System.Object",
  1433. "assembly": "mscorlib"
  1434. },
  1435. {
  1436. "typename": "System.ParamArrayAttribute",
  1437. "assembly": "mscorlib"
  1438. },
  1439. {
  1440. "typename": "System.Reflection.Assembly",
  1441. "assembly": "mscorlib"
  1442. },
  1443. {
  1444. "typename": "System.Reflection.AssemblyCompanyAttribute",
  1445. "assembly": "mscorlib"
  1446. },
  1447. {
  1448. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  1449. "assembly": "mscorlib"
  1450. },
  1451. {
  1452. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  1453. "assembly": "mscorlib"
  1454. },
  1455. {
  1456. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  1457. "assembly": "mscorlib"
  1458. },
  1459. {
  1460. "typename": "System.Reflection.AssemblyProductAttribute",
  1461. "assembly": "mscorlib"
  1462. },
  1463. {
  1464. "typename": "System.Reflection.AssemblyTitleAttribute",
  1465. "assembly": "mscorlib"
  1466. },
  1467. {
  1468. "typename": "System.Reflection.BindingFlags",
  1469. "assembly": "mscorlib"
  1470. },
  1471. {
  1472. "typename": "System.Reflection.MethodAttributes",
  1473. "assembly": "mscorlib"
  1474. },
  1475. {
  1476. "typename": "System.Reflection.MethodBase",
  1477. "assembly": "mscorlib"
  1478. },
  1479. {
  1480. "typename": "System.Reflection.MethodInfo",
  1481. "assembly": "mscorlib"
  1482. },
  1483. {
  1484. "typename": "System.Reflection.ParameterInfo",
  1485. "assembly": "mscorlib"
  1486. },
  1487. {
  1488. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1489. "assembly": "mscorlib"
  1490. },
  1491. {
  1492. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1493. "assembly": "mscorlib"
  1494. },
  1495. {
  1496. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1497. "assembly": "mscorlib"
  1498. },
  1499. {
  1500. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1501. "assembly": "mscorlib"
  1502. },
  1503. {
  1504. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1505. "assembly": "mscorlib"
  1506. },
  1507. {
  1508. "typename": "System.RuntimeTypeHandle",
  1509. "assembly": "mscorlib"
  1510. },
  1511. {
  1512. "typename": "System.STAThreadAttribute",
  1513. "assembly": "mscorlib"
  1514. },
  1515. {
  1516. "typename": "System.String",
  1517. "assembly": "mscorlib"
  1518. },
  1519. {
  1520. "typename": "System.Text.Encoding",
  1521. "assembly": "mscorlib"
  1522. },
  1523. {
  1524. "typename": "System.ThreadStaticAttribute",
  1525. "assembly": "mscorlib"
  1526. },
  1527. {
  1528. "typename": "System.Type",
  1529. "assembly": "mscorlib"
  1530. }
  1531. ]
  1532. },
  1533. "pe": {
  1534. "peid_signatures": null,
  1535. "imports": [
  1536. {
  1537. "imports": [
  1538. {
  1539. "name": "_CorExeMain",
  1540. "address": "0x402000"
  1541. }
  1542. ],
  1543. "dll": "mscoree.dll"
  1544. }
  1545. ],
  1546. "digital_signers": null,
  1547. "exported_dll_name": null,
  1548. "actual_checksum": "0x0004af01",
  1549. "overlay": null,
  1550. "imagebase": "0x00400000",
  1551. "reported_checksum": "0x00000000",
  1552. "icon_hash": null,
  1553. "entrypoint": "0x0043855e",
  1554. "timestamp": "2017-05-11 16:34:17",
  1555. "osversion": "4.0",
  1556. "sections": [
  1557. {
  1558. "name": ".text",
  1559. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1560. "virtual_address": "0x00002000",
  1561. "size_of_data": "0x00036600",
  1562. "entropy": "7.24",
  1563. "raw_address": "0x00000200",
  1564. "virtual_size": "0x00036564",
  1565. "characteristics_raw": "0x60000020"
  1566. },
  1567. {
  1568. "name": ".rsrc",
  1569. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1570. "virtual_address": "0x0003a000",
  1571. "size_of_data": "0x00008e00",
  1572. "entropy": "7.94",
  1573. "raw_address": "0x00036800",
  1574. "virtual_size": "0x00008d58",
  1575. "characteristics_raw": "0x40000040"
  1576. },
  1577. {
  1578. "name": ".reloc",
  1579. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1580. "virtual_address": "0x00044000",
  1581. "size_of_data": "0x00000200",
  1582. "entropy": "0.10",
  1583. "raw_address": "0x0003f600",
  1584. "virtual_size": "0x0000000c",
  1585. "characteristics_raw": "0x42000040"
  1586. }
  1587. ],
  1588. "resources": [],
  1589. "dirents": [
  1590. {
  1591. "virtual_address": "0x00000000",
  1592. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1593. "size": "0x00000000"
  1594. },
  1595. {
  1596. "virtual_address": "0x0003850c",
  1597. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1598. "size": "0x0000004f"
  1599. },
  1600. {
  1601. "virtual_address": "0x0003a000",
  1602. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1603. "size": "0x00008d58"
  1604. },
  1605. {
  1606. "virtual_address": "0x00000000",
  1607. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1608. "size": "0x00000000"
  1609. },
  1610. {
  1611. "virtual_address": "0x00000000",
  1612. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1613. "size": "0x00000000"
  1614. },
  1615. {
  1616. "virtual_address": "0x00044000",
  1617. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1618. "size": "0x0000000c"
  1619. },
  1620. {
  1621. "virtual_address": "0x00000000",
  1622. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1623. "size": "0x00000000"
  1624. },
  1625. {
  1626. "virtual_address": "0x00000000",
  1627. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1628. "size": "0x00000000"
  1629. },
  1630. {
  1631. "virtual_address": "0x00000000",
  1632. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1633. "size": "0x00000000"
  1634. },
  1635. {
  1636. "virtual_address": "0x00000000",
  1637. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1638. "size": "0x00000000"
  1639. },
  1640. {
  1641. "virtual_address": "0x00000000",
  1642. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1643. "size": "0x00000000"
  1644. },
  1645. {
  1646. "virtual_address": "0x00000000",
  1647. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1648. "size": "0x00000000"
  1649. },
  1650. {
  1651. "virtual_address": "0x00002000",
  1652. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1653. "size": "0x00000008"
  1654. },
  1655. {
  1656. "virtual_address": "0x00000000",
  1657. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1658. "size": "0x00000000"
  1659. },
  1660. {
  1661. "virtual_address": "0x00002008",
  1662. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1663. "size": "0x00000048"
  1664. },
  1665. {
  1666. "virtual_address": "0x00000000",
  1667. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1668. "size": "0x00000000"
  1669. }
  1670. ],
  1671. "exports": [],
  1672. "guest_signers": {},
  1673. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1674. "icon_fuzzy": null,
  1675. "icon": null,
  1676. "pdbpath": null,
  1677. "imported_dll_count": 1,
  1678. "versioninfo": []
  1679. }
  1680. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!