Loki_c1323c4a_exe Malware JSON Report

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Loki_c1323c4a.exe"
7. [*] File Size: 913408
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "0d1388024842e756793f17bfbe10465ad3d207b9daa7bad51b8ccc085c53a81f"
10. [*] MD5: "006883ef3867cce6c82497d667031ebe"
11. [*] SHA1: "a58ee067357c30bffface59a393d61f3503ca160"
12. [*] SHA512: "c1bc75cc0ac455b572d9cf305ce27bf5bbd7cfcc42758a119040ffdcfc02677a3ce7853730fce6c1968c3da588601f1f5bab1251fc9450c6e1fa1b854cb7f3d0"
13. [*] CRC32: "C1323C4A"
14. [*] SSDEEP: "3072:HFsp+k7MfmIEr8EAzTUYFuKon4Hcor9o9whSoYvfqOp/I3d:HC7ll85TPuPjor9o9wovX/+d"
15.  
16. [*] Process Execution: [
17. "Loki_c1323c4a.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Performs some HTTP requests",
27. "Details": [
28. {
29. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
30. },
31. {
32. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
33. },
34. {
35. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
36. },
37. {
38. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
39. },
40. {
41. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
42. },
43. {
44. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
45. },
46. {
47. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
48. },
49. {
50. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
51. },
52. {
53. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
54. },
55. {
56. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
57. },
58. {
59. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
60. },
61. {
62. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
63. },
64. {
65. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
66. },
67. {
68. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
69. },
70. {
71. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
72. },
73. {
74. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
75. },
76. {
77. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
78. },
79. {
80. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
81. },
82. {
83. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
84. },
85. {
86. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
87. },
88. {
89. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
90. },
91. {
92. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
93. },
94. {
95. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
96. },
97. {
98. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
99. },
100. {
101. "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes"
102. }
103. ]
104. },
105. {
106. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
107. "Details": [
108. {
109. "Spam": "Loki_c1323c4a.exe (1692) called API CreateProcessInternalW 47192 times"
110. }
111. ]
112. },
113. {
114. "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
115. "Details": [
116. {
117. "Cylance": "Unsafe"
118. },
119. {
120. "CrowdStrike": "win/malicious_confidence_90% (W)"
121. },
122. {
123. "APEX": "Malicious"
124. },
125. {
126. "Paloalto": "generic.ml"
127. },
128. {
129. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
130. },
131. {
132. "Rising": "Trojan.Injector!1.B459 (CLASSIC)"
133. },
134. {
135. "Invincea": "heuristic"
136. },
137. {
138. "McAfee-GW-Edition": "BehavesLike.Win32.BadFile.cz"
139. },
140. {
141. "FireEye": "Generic.mg.006883ef3867cce6"
142. },
143. {
144. "ESET-NOD32": "a variant of Win32/Injector.EFZV"
145. },
146. {
147. "Microsoft": "Trojan:Win32/Fuery.B!cl"
148. },
149. {
150. "Endgame": "malicious (high confidence)"
151. },
152. {
153. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
154. },
155. {
156. "McAfee": "Artemis!006883EF3867"
157. },
158. {
159. "SentinelOne": "DFI - Suspicious PE"
160. },
161. {
162. "AVG": "FileRepMetagen [Malware]"
163. }
164. ]
165. }
166. ]
167.  
168. [*] Started Service: []
169.  
170. [*] Executed Commands: [
171. "\\x01C:\\Users\\user\\AppData\\Local\\Temp\\Loki_c1323c4a.exe\""
172. ]
173.  
174. [*] Mutexes: []
175.  
176. [*] Modified Files: [
177. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFA8D412AD44A0C9CF.TMP"
178. ]
179.  
180. [*] Deleted Files: []
181.  
182. [*] Modified Registry Keys: [
183. "HKEY_CURRENT_USER\\Software\\VB and VBA Program Settings\\WxdqY1281169973\\QMyu3326775104",
184. "HKEY_CURRENT_USER\\Software\\VB and VBA Program Settings\\WxdqY1281169973\\QMyu3326775104\\IwtGj1200953614"
185. ]
186.  
187. [*] Deleted Registry Keys: []
188.  
189. [*] DNS Communications: []
190.  
191. [*] Domains: []
192.  
193. [*] Network Communication - ICMP: []
194.  
195. [*] Network Communication - HTTP: [
196. {
197. "count": 1,
198. "body": "",
199. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
200. "user-agent": "Microsoft-CryptoAPI/6.1",
201. "method": "GET",
202. "host": "ocsp.digicert.com",
203. "version": "1.1",
204. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
205. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
206. "port": 80
207. },
208. {
209. "count": 1,
210. "body": "",
211. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
212. "user-agent": "Microsoft-CryptoAPI/6.1",
213. "method": "GET",
214. "host": "ocsp.digicert.com",
215. "version": "1.1",
216. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
217. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
218. "port": 80
219. },
220. {
221. "count": 1,
222. "body": "",
223. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
224. "user-agent": "Microsoft-CryptoAPI/6.1",
225. "method": "GET",
226. "host": "ocsp.digicert.com",
227. "version": "1.1",
228. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
229. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
230. "port": 80
231. },
232. {
233. "count": 1,
234. "body": "",
235. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
236. "user-agent": "Microsoft-CryptoAPI/6.1",
237. "method": "GET",
238. "host": "ocsp.pki.goog",
239. "version": "1.1",
240. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
241. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
242. "port": 80
243. },
244. {
245. "count": 1,
246. "body": "",
247. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
248. "user-agent": "Microsoft-CryptoAPI/6.1",
249. "method": "GET",
250. "host": "ocsp.digicert.com",
251. "version": "1.1",
252. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
253. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
254. "port": 80
255. },
256. {
257. "count": 1,
258. "body": "",
259. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
260. "user-agent": "Microsoft-CryptoAPI/6.1",
261. "method": "GET",
262. "host": "crl.microsoft.com",
263. "version": "1.1",
264. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
265. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
266. "port": 80
267. },
268. {
269. "count": 1,
270. "body": "",
271. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
272. "user-agent": "Microsoft-CryptoAPI/6.1",
273. "method": "GET",
274. "host": "ocsp.comodoca.com",
275. "version": "1.1",
276. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
277. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
278. "port": 80
279. },
280. {
281. "count": 1,
282. "body": "",
283. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
284. "user-agent": "Microsoft-CryptoAPI/6.1",
285. "method": "GET",
286. "host": "ocsp.pki.goog",
287. "version": "1.1",
288. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
289. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
290. "port": 80
291. },
292. {
293. "count": 1,
294. "body": "",
295. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
296. "user-agent": "Microsoft-CryptoAPI/6.1",
297. "method": "GET",
298. "host": "ocsp.digicert.com",
299. "version": "1.1",
300. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
301. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
302. "port": 80
303. },
304. {
305. "count": 1,
306. "body": "",
307. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
308. "user-agent": "Microsoft-CryptoAPI/6.1",
309. "method": "GET",
310. "host": "www.download.windowsupdate.com",
311. "version": "1.1",
312. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
313. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
314. "port": 80
315. },
316. {
317. "count": 1,
318. "body": "",
319. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
320. "user-agent": "Microsoft-CryptoAPI/6.1",
321. "method": "GET",
322. "host": "crl.microsoft.com",
323. "version": "1.1",
324. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
325. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
326. "port": 80
327. },
328. {
329. "count": 1,
330. "body": "",
331. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
332. "user-agent": "Microsoft-CryptoAPI/6.1",
333. "method": "GET",
334. "host": "ocsp.digicert.com",
335. "version": "1.1",
336. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
337. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
338. "port": 80
339. },
340. {
341. "count": 1,
342. "body": "",
343. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
344. "user-agent": "Microsoft-CryptoAPI/6.1",
345. "method": "GET",
346. "host": "ocsp.digicert.com",
347. "version": "1.1",
348. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
349. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
350. "port": 80
351. },
352. {
353. "count": 1,
354. "body": "",
355. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
356. "user-agent": "Microsoft-CryptoAPI/6.1",
357. "method": "GET",
358. "host": "ocsp.digicert.com",
359. "version": "1.1",
360. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
361. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
362. "port": 80
363. },
364. {
365. "count": 1,
366. "body": "",
367. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
368. "user-agent": "Microsoft-CryptoAPI/6.1",
369. "method": "GET",
370. "host": "ocsp.pki.goog",
371. "version": "1.1",
372. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
373. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
374. "port": 80
375. },
376. {
377. "count": 1,
378. "body": "",
379. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
380. "user-agent": "Microsoft-CryptoAPI/6.1",
381. "method": "GET",
382. "host": "ocsp.pki.goog",
383. "version": "1.1",
384. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
385. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
386. "port": 80
387. },
388. {
389. "count": 1,
390. "body": "",
391. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
392. "user-agent": "Microsoft-CryptoAPI/6.1",
393. "method": "GET",
394. "host": "ocsp.digicert.com",
395. "version": "1.1",
396. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
397. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
398. "port": 80
399. },
400. {
401. "count": 1,
402. "body": "",
403. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
404. "user-agent": "Microsoft-CryptoAPI/6.1",
405. "method": "GET",
406. "host": "ocsp.pki.goog",
407. "version": "1.1",
408. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
409. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
410. "port": 80
411. },
412. {
413. "count": 1,
414. "body": "",
415. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
416. "user-agent": "Microsoft-CryptoAPI/6.1",
417. "method": "GET",
418. "host": "ocsp.msocsp.com",
419. "version": "1.1",
420. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
421. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
422. "port": 80
423. },
424. {
425. "count": 1,
426. "body": "",
427. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
428. "user-agent": "Microsoft-CryptoAPI/6.1",
429. "method": "GET",
430. "host": "ocsp.thawte.com",
431. "version": "1.1",
432. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
433. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
434. "port": 80
435. },
436. {
437. "count": 1,
438. "body": "",
439. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
440. "user-agent": "Microsoft-CryptoAPI/6.1",
441. "method": "GET",
442. "host": "ocsp.usertrust.com",
443. "version": "1.1",
444. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
445. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
446. "port": 80
447. },
448. {
449. "count": 1,
450. "body": "",
451. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
452. "user-agent": "Microsoft-CryptoAPI/6.1",
453. "method": "GET",
454. "host": "th.symcd.com",
455. "version": "1.1",
456. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
457. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
458. "port": 80
459. },
460. {
461. "count": 1,
462. "body": "",
463. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
464. "user-agent": "Microsoft-CryptoAPI/6.1",
465. "method": "GET",
466. "host": "ocsp.digicert.com",
467. "version": "1.1",
468. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
469. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
470. "port": 80
471. },
472. {
473. "count": 1,
474. "body": "",
475. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
476. "user-agent": "Microsoft-CryptoAPI/6.1",
477. "method": "GET",
478. "host": "ocsp.digicert.com",
479. "version": "1.1",
480. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
481. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
482. "port": 80
483. },
484. {
485. "count": 1,
486. "body": "",
487. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
488. "user-agent": "Microsoft-CryptoAPI/6.1",
489. "method": "GET",
490. "host": "ocsp.pki.goog",
491. "version": "1.1",
492. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
493. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
494. "port": 80
495. },
496. {
497. "count": 1,
498. "body": "",
499. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
500. "user-agent": "Microsoft-CryptoAPI/6.1",
501. "method": "GET",
502. "host": "crl.microsoft.com",
503. "version": "1.1",
504. "path": "/pki/crl/products/microsoftrootcert.crl",
505. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
506. "port": 80
507. },
508. {
509. "count": 1,
510. "body": "",
511. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
512. "user-agent": "Microsoft BITS/7.5",
513. "method": "HEAD",
514. "host": "redirector.gvt1.com",
515. "version": "1.1",
516. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
517. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
518. "port": 80
519. },
520. {
521. "count": 1,
522. "body": "",
523. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
524. "user-agent": "Microsoft BITS/7.5",
525. "method": "HEAD",
526. "host": "r13---sn-bvvbax-2ime.gvt1.com",
527. "version": "1.1",
528. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
529. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
530. "port": 80
531. },
532. {
533. "count": 1,
534. "body": "",
535. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
536. "user-agent": "Microsoft BITS/7.5",
537. "method": "GET",
538. "host": "r13---sn-bvvbax-2ime.gvt1.com",
539. "version": "1.1",
540. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
541. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6789\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
542. "port": 80
543. },
544. {
545. "count": 1,
546. "body": "",
547. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
548. "user-agent": "Microsoft BITS/7.5",
549. "method": "GET",
550. "host": "r13---sn-bvvbax-2ime.gvt1.com",
551. "version": "1.1",
552. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
553. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6790-16461\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
554. "port": 80
555. },
556. {
557. "count": 1,
558. "body": "",
559. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
560. "user-agent": "Microsoft BITS/7.5",
561. "method": "GET",
562. "host": "r13---sn-bvvbax-2ime.gvt1.com",
563. "version": "1.1",
564. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
565. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=16462-25923\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
566. "port": 80
567. },
568. {
569. "count": 1,
570. "body": "",
571. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
572. "user-agent": "Microsoft BITS/7.5",
573. "method": "GET",
574. "host": "r13---sn-bvvbax-2ime.gvt1.com",
575. "version": "1.1",
576. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
577. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=25924-35249\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
578. "port": 80
579. },
580. {
581. "count": 1,
582. "body": "",
583. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
584. "user-agent": "Microsoft BITS/7.5",
585. "method": "GET",
586. "host": "r13---sn-bvvbax-2ime.gvt1.com",
587. "version": "1.1",
588. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
589. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=35250-55510\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
590. "port": 80
591. },
592. {
593. "count": 1,
594. "body": "",
595. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
596. "user-agent": "Microsoft BITS/7.5",
597. "method": "GET",
598. "host": "r13---sn-bvvbax-2ime.gvt1.com",
599. "version": "1.1",
600. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
601. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=55511-97750\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
602. "port": 80
603. },
604. {
605. "count": 1,
606. "body": "",
607. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
608. "user-agent": "Microsoft BITS/7.5",
609. "method": "GET",
610. "host": "r13---sn-bvvbax-2ime.gvt1.com",
611. "version": "1.1",
612. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
613. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=97751-184830\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
614. "port": 80
615. },
616. {
617. "count": 1,
618. "body": "",
619. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
620. "user-agent": "Microsoft BITS/7.5",
621. "method": "GET",
622. "host": "r13---sn-bvvbax-2ime.gvt1.com",
623. "version": "1.1",
624. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
625. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=184831-215242\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
626. "port": 80
627. },
628. {
629. "count": 1,
630. "body": "",
631. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
632. "user-agent": "Microsoft BITS/7.5",
633. "method": "GET",
634. "host": "r13---sn-bvvbax-2ime.gvt1.com",
635. "version": "1.1",
636. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
637. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=215243-372405\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
638. "port": 80
639. },
640. {
641. "count": 1,
642. "body": "",
643. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
644. "user-agent": "Microsoft BITS/7.5",
645. "method": "GET",
646. "host": "r13---sn-bvvbax-2ime.gvt1.com",
647. "version": "1.1",
648. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
649. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=372406-857903\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
650. "port": 80
651. },
652. {
653. "count": 1,
654. "body": "",
655. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
656. "user-agent": "Microsoft BITS/7.5",
657. "method": "GET",
658. "host": "r13---sn-bvvbax-2ime.gvt1.com",
659. "version": "1.1",
660. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
661. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=857904-1822031\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
662. "port": 80
663. },
664. {
665. "count": 1,
666. "body": "",
667. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
668. "user-agent": "Microsoft BITS/7.5",
669. "method": "GET",
670. "host": "r13---sn-bvvbax-2ime.gvt1.com",
671. "version": "1.1",
672. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
673. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1822032-4738795\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
674. "port": 80
675. },
676. {
677. "count": 1,
678. "body": "",
679. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
680. "user-agent": "Microsoft BITS/7.5",
681. "method": "GET",
682. "host": "r13---sn-bvvbax-2ime.gvt1.com",
683. "version": "1.1",
684. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
685. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4738796-10499035\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
686. "port": 80
687. },
688. {
689. "count": 1,
690. "body": "",
691. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
692. "user-agent": "Microsoft BITS/7.5",
693. "method": "GET",
694. "host": "r13---sn-bvvbax-2ime.gvt1.com",
695. "version": "1.1",
696. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes",
697. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560476905&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10499036-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
698. "port": 80
699. }
700. ]
701.  
702. [*] Network Communication - SMTP: []
703.  
704. [*] Network Communication - Hosts: []
705.  
706. [*] Network Communication - IRC: []
707.  
708. [*] Static Analysis: {
709. "pe": {
710. "peid_signatures": null,
711. "imports": [
712. {
713. "imports": [
714. {
715. "name": "__vbaVarTstGt",
716. "address": "0x401000"
717. },
718. {
719. "name": "__vbaVarSub",
720. "address": "0x401004"
721. },
722. {
723. "name": null,
724. "address": "0x401008"
725. },
726. {
727. "name": "_CIcos",
728. "address": "0x40100c"
729. },
730. {
731. "name": "_adj_fptan",
732. "address": "0x401010"
733. },
734. {
735. "name": "__vbaVarMove",
736. "address": "0x401014"
737. },
738. {
739. "name": null,
740. "address": "0x401018"
741. },
742. {
743. "name": null,
744. "address": "0x40101c"
745. },
746. {
747. "name": "__vbaFreeVar",
748. "address": "0x401020"
749. },
750. {
751. "name": null,
752. "address": "0x401024"
753. },
754. {
755. "name": "__vbaStrVarMove",
756. "address": "0x401028"
757. },
758. {
759. "name": "__vbaFreeVarList",
760. "address": "0x40102c"
761. },
762. {
763. "name": "__vbaEnd",
764. "address": "0x401030"
765. },
766. {
767. "name": "_adj_fdiv_m64",
768. "address": "0x401034"
769. },
770. {
771. "name": "__vbaFpCDblR8",
772. "address": "0x401038"
773. },
774. {
775. "name": null,
776. "address": "0x40103c"
777. },
778. {
779. "name": "__vbaFreeObjList",
780. "address": "0x401040"
781. },
782. {
783. "name": null,
784. "address": "0x401044"
785. },
786. {
787. "name": "__vbaStrErrVarCopy",
788. "address": "0x401048"
789. },
790. {
791. "name": "_adj_fprem1",
792. "address": "0x40104c"
793. },
794. {
795. "name": null,
796. "address": "0x401050"
797. },
798. {
799. "name": null,
800. "address": "0x401054"
801. },
802. {
803. "name": "__vbaStrCat",
804. "address": "0x401058"
805. },
806. {
807. "name": null,
808. "address": "0x40105c"
809. },
810. {
811. "name": null,
812. "address": "0x401060"
813. },
814. {
815. "name": "__vbaSetSystemError",
816. "address": "0x401064"
817. },
818. {
819. "name": "__vbaHresultCheckObj",
820. "address": "0x401068"
821. },
822. {
823. "name": "_adj_fdiv_m32",
824. "address": "0x40106c"
825. },
826. {
827. "name": null,
828. "address": "0x401070"
829. },
830. {
831. "name": "__vbaAryVar",
832. "address": "0x401074"
833. },
834. {
835. "name": null,
836. "address": "0x401078"
837. },
838. {
839. "name": null,
840. "address": "0x40107c"
841. },
842. {
843. "name": "__vbaAryDestruct",
844. "address": "0x401080"
845. },
846. {
847. "name": null,
848. "address": "0x401084"
849. },
850. {
851. "name": null,
852. "address": "0x401088"
853. },
854. {
855. "name": null,
856. "address": "0x40108c"
857. },
858. {
859. "name": "__vbaFileCloseAll",
860. "address": "0x401090"
861. },
862. {
863. "name": "__vbaObjSet",
864. "address": "0x401094"
865. },
866. {
867. "name": "_adj_fdiv_m16i",
868. "address": "0x401098"
869. },
870. {
871. "name": "__vbaObjSetAddref",
872. "address": "0x40109c"
873. },
874. {
875. "name": "_adj_fdivr_m16i",
876. "address": "0x4010a0"
877. },
878. {
879. "name": null,
880. "address": "0x4010a4"
881. },
882. {
883. "name": null,
884. "address": "0x4010a8"
885. },
886. {
887. "name": null,
888. "address": "0x4010ac"
889. },
890. {
891. "name": "__vbaFpR8",
892. "address": "0x4010b0"
893. },
894. {
895. "name": null,
896. "address": "0x4010b4"
897. },
898. {
899. "name": "_CIsin",
900. "address": "0x4010b8"
901. },
902. {
903. "name": null,
904. "address": "0x4010bc"
905. },
906. {
907. "name": null,
908. "address": "0x4010c0"
909. },
910. {
911. "name": "__vbaErase",
912. "address": "0x4010c4"
913. },
914. {
915. "name": "__vbaChkstk",
916. "address": "0x4010c8"
917. },
918. {
919. "name": "__vbaFileClose",
920. "address": "0x4010cc"
921. },
922. {
923. "name": null,
924. "address": "0x4010d0"
925. },
926. {
927. "name": null,
928. "address": "0x4010d4"
929. },
930. {
931. "name": "EVENT_SINK_AddRef",
932. "address": "0x4010d8"
933. },
934. {
935. "name": "__vbaGenerateBoundsError",
936. "address": "0x4010dc"
937. },
938. {
939. "name": "__vbaStrCmp",
940. "address": "0x4010e0"
941. },
942. {
943. "name": "__vbaAryConstruct2",
944. "address": "0x4010e4"
945. },
946. {
947. "name": "__vbaVarTstEq",
948. "address": "0x4010e8"
949. },
950. {
951. "name": null,
952. "address": "0x4010ec"
953. },
954. {
955. "name": "__vbaI2I4",
956. "address": "0x4010f0"
957. },
958. {
959. "name": "__vbaObjVar",
960. "address": "0x4010f4"
961. },
962. {
963. "name": "DllFunctionCall",
964. "address": "0x4010f8"
965. },
966. {
967. "name": null,
968. "address": "0x4010fc"
969. },
970. {
971. "name": "_adj_fpatan",
972. "address": "0x401100"
973. },
974. {
975. "name": null,
976. "address": "0x401104"
977. },
978. {
979. "name": null,
980. "address": "0x401108"
981. },
982. {
983. "name": null,
984. "address": "0x40110c"
985. },
986. {
987. "name": "__vbaLateIdCallLd",
988. "address": "0x401110"
989. },
990. {
991. "name": "__vbaRedim",
992. "address": "0x401114"
993. },
994. {
995. "name": null,
996. "address": "0x401118"
997. },
998. {
999. "name": "EVENT_SINK_Release",
1000. "address": "0x40111c"
1001. },
1002. {
1003. "name": null,
1004. "address": "0x401120"
1005. },
1006. {
1007. "name": "_CIsqrt",
1008. "address": "0x401124"
1009. },
1010. {
1011. "name": "EVENT_SINK_QueryInterface",
1012. "address": "0x401128"
1013. },
1014. {
1015. "name": "__vbaExceptHandler",
1016. "address": "0x40112c"
1017. },
1018. {
1019. "name": "__vbaStrToUnicode",
1020. "address": "0x401130"
1021. },
1022. {
1023. "name": null,
1024. "address": "0x401134"
1025. },
1026. {
1027. "name": null,
1028. "address": "0x401138"
1029. },
1030. {
1031. "name": "_adj_fprem",
1032. "address": "0x40113c"
1033. },
1034. {
1035. "name": "_adj_fdivr_m64",
1036. "address": "0x401140"
1037. },
1038. {
1039. "name": null,
1040. "address": "0x401144"
1041. },
1042. {
1043. "name": null,
1044. "address": "0x401148"
1045. },
1046. {
1047. "name": null,
1048. "address": "0x40114c"
1049. },
1050. {
1051. "name": null,
1052. "address": "0x401150"
1053. },
1054. {
1055. "name": null,
1056. "address": "0x401154"
1057. },
1058. {
1059. "name": "__vbaFPException",
1060. "address": "0x401158"
1061. },
1062. {
1063. "name": "__vbaInStrVar",
1064. "address": "0x40115c"
1065. },
1066. {
1067. "name": null,
1068. "address": "0x401160"
1069. },
1070. {
1071. "name": "__vbaVarCat",
1072. "address": "0x401164"
1073. },
1074. {
1075. "name": null,
1076. "address": "0x401168"
1077. },
1078. {
1079. "name": null,
1080. "address": "0x40116c"
1081. },
1082. {
1083. "name": "_CIlog",
1084. "address": "0x401170"
1085. },
1086. {
1087. "name": "__vbaErrorOverflow",
1088. "address": "0x401174"
1089. },
1090. {
1091. "name": "__vbaFileOpen",
1092. "address": "0x401178"
1093. },
1094. {
1095. "name": null,
1096. "address": "0x40117c"
1097. },
1098. {
1099. "name": "__vbaNew2",
1100. "address": "0x401180"
1101. },
1102. {
1103. "name": "__vbaInStr",
1104. "address": "0x401184"
1105. },
1106. {
1107. "name": null,
1108. "address": "0x401188"
1109. },
1110. {
1111. "name": "_adj_fdiv_m32i",
1112. "address": "0x40118c"
1113. },
1114. {
1115. "name": "_adj_fdivr_m32i",
1116. "address": "0x401190"
1117. },
1118. {
1119. "name": "__vbaStrCopy",
1120. "address": "0x401194"
1121. },
1122. {
1123. "name": "__vbaI4Str",
1124. "address": "0x401198"
1125. },
1126. {
1127. "name": null,
1128. "address": "0x40119c"
1129. },
1130. {
1131. "name": "__vbaFreeStrList",
1132. "address": "0x4011a0"
1133. },
1134. {
1135. "name": "__vbaDerefAry1",
1136. "address": "0x4011a4"
1137. },
1138. {
1139. "name": null,
1140. "address": "0x4011a8"
1141. },
1142. {
1143. "name": "_adj_fdivr_m32",
1144. "address": "0x4011ac"
1145. },
1146. {
1147. "name": null,
1148. "address": "0x4011b0"
1149. },
1150. {
1151. "name": "_adj_fdiv_r",
1152. "address": "0x4011b4"
1153. },
1154. {
1155. "name": null,
1156. "address": "0x4011b8"
1157. },
1158. {
1159. "name": null,
1160. "address": "0x4011bc"
1161. },
1162. {
1163. "name": "__vbaVarTstNe",
1164. "address": "0x4011c0"
1165. },
1166. {
1167. "name": "__vbaI4Var",
1168. "address": "0x4011c4"
1169. },
1170. {
1171. "name": "__vbaLateMemCall",
1172. "address": "0x4011c8"
1173. },
1174. {
1175. "name": "__vbaVarDup",
1176. "address": "0x4011cc"
1177. },
1178. {
1179. "name": "__vbaStrToAnsi",
1180. "address": "0x4011d0"
1181. },
1182. {
1183. "name": "__vbaStrComp",
1184. "address": "0x4011d4"
1185. },
1186. {
1187. "name": null,
1188. "address": "0x4011d8"
1189. },
1190. {
1191. "name": "__vbaR4Sgn",
1192. "address": "0x4011dc"
1193. },
1194. {
1195. "name": null,
1196. "address": "0x4011e0"
1197. },
1198. {
1199. "name": null,
1200. "address": "0x4011e4"
1201. },
1202. {
1203. "name": "__vbaVarLateMemCallLd",
1204. "address": "0x4011e8"
1205. },
1206. {
1207. "name": "__vbaVarCopy",
1208. "address": "0x4011ec"
1209. },
1210. {
1211. "name": "__vbaFpI4",
1212. "address": "0x4011f0"
1213. },
1214. {
1215. "name": null,
1216. "address": "0x4011f4"
1217. },
1218. {
1219. "name": "__vbaR8IntI2",
1220. "address": "0x4011f8"
1221. },
1222. {
1223. "name": "_CIatan",
1224. "address": "0x4011fc"
1225. },
1226. {
1227. "name": "__vbaStrMove",
1228. "address": "0x401200"
1229. },
1230. {
1231. "name": null,
1232. "address": "0x401204"
1233. },
1234. {
1235. "name": "__vbaAryCopy",
1236. "address": "0x401208"
1237. },
1238. {
1239. "name": "__vbaCastObj",
1240. "address": "0x40120c"
1241. },
1242. {
1243. "name": null,
1244. "address": "0x401210"
1245. },
1246. {
1247. "name": null,
1248. "address": "0x401214"
1249. },
1250. {
1251. "name": "_allmul",
1252. "address": "0x401218"
1253. },
1254. {
1255. "name": null,
1256. "address": "0x40121c"
1257. },
1258. {
1259. "name": "_CItan",
1260. "address": "0x401220"
1261. },
1262. {
1263. "name": null,
1264. "address": "0x401224"
1265. },
1266. {
1267. "name": null,
1268. "address": "0x401228"
1269. },
1270. {
1271. "name": "_CIexp",
1272. "address": "0x40122c"
1273. },
1274. {
1275. "name": "__vbaFreeStr",
1276. "address": "0x401230"
1277. },
1278. {
1279. "name": "__vbaFreeObj",
1280. "address": "0x401234"
1281. },
1282. {
1283. "name": null,
1284. "address": "0x401238"
1285. }
1286. ],
1287. "dll": "MSVBVM60.DLL"
1288. }
1289. ],
1290. "digital_signers": null,
1291. "exported_dll_name": null,
1292. "actual_checksum": "0x000e38b6",
1293. "overlay": null,
1294. "imagebase": "0x00400000",
1295. "reported_checksum": "0x000e38b6",
1296. "icon_hash": null,
1297. "entrypoint": "0x0040166c",
1298. "timestamp": "2011-03-06 00:03:11",
1299. "osversion": "4.0",
1300. "sections": [
1301. {
1302. "name": ".text",
1303. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1304. "virtual_address": "0x00001000",
1305. "size_of_data": "0x000d8000",
1306. "entropy": "2.84",
1307. "raw_address": "0x00001000",
1308. "virtual_size": "0x000d782c",
1309. "characteristics_raw": "0x60000020"
1310. },
1311. {
1312. "name": ".data",
1313. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1314. "virtual_address": "0x000d9000",
1315. "size_of_data": "0x00001000",
1316. "entropy": "0.00",
1317. "raw_address": "0x000d9000",
1318. "virtual_size": "0x00000af4",
1319. "characteristics_raw": "0xc0000040"
1320. },
1321. {
1322. "name": ".rsrc",
1323. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1324. "virtual_address": "0x000da000",
1325. "size_of_data": "0x00005000",
1326. "entropy": "5.58",
1327. "raw_address": "0x000da000",
1328. "virtual_size": "0x00004e7a",
1329. "characteristics_raw": "0x40000040"
1330. }
1331. ],
1332. "resources": [],
1333. "dirents": [
1334. {
1335. "virtual_address": "0x00000000",
1336. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1337. "size": "0x00000000"
1338. },
1339. {
1340. "virtual_address": "0x000d8054",
1341. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1342. "size": "0x00000028"
1343. },
1344. {
1345. "virtual_address": "0x000da000",
1346. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1347. "size": "0x00004e7a"
1348. },
1349. {
1350. "virtual_address": "0x00000000",
1351. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1352. "size": "0x00000000"
1353. },
1354. {
1355. "virtual_address": "0x00000000",
1356. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1357. "size": "0x00000000"
1358. },
1359. {
1360. "virtual_address": "0x00000000",
1361. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1362. "size": "0x00000000"
1363. },
1364. {
1365. "virtual_address": "0x00000000",
1366. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1367. "size": "0x00000000"
1368. },
1369. {
1370. "virtual_address": "0x00000000",
1371. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1372. "size": "0x00000000"
1373. },
1374. {
1375. "virtual_address": "0x00000000",
1376. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1377. "size": "0x00000000"
1378. },
1379. {
1380. "virtual_address": "0x00000000",
1381. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1382. "size": "0x00000000"
1383. },
1384. {
1385. "virtual_address": "0x00000000",
1386. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1387. "size": "0x00000000"
1388. },
1389. {
1390. "virtual_address": "0x00000228",
1391. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1392. "size": "0x00000020"
1393. },
1394. {
1395. "virtual_address": "0x00001000",
1396. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1397. "size": "0x00000240"
1398. },
1399. {
1400. "virtual_address": "0x00000000",
1401. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1402. "size": "0x00000000"
1403. },
1404. {
1405. "virtual_address": "0x00000000",
1406. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1407. "size": "0x00000000"
1408. },
1409. {
1410. "virtual_address": "0x00000000",
1411. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1412. "size": "0x00000000"
1413. }
1414. ],
1415. "exports": [],
1416. "guest_signers": {},
1417. "imphash": "5227df37d4d7bed86143f73d8433e50a",
1418. "icon_fuzzy": null,
1419. "icon": null,
1420. "pdbpath": null,
1421. "imported_dll_count": 1,
1422. "versioninfo": []
1423. }
1424. }
1425.  
1426. [*] Resolved APIs: [
1427. "cryptbase.dll.SystemFunction036",
1428. "uxtheme.dll.ThemeInitApiHook",
1429. "user32.dll.IsProcessDPIAware",
1430. "oleaut32.dll.OleLoadPictureEx",
1431. "oleaut32.dll.DispCallFunc",
1432. "oleaut32.dll.LoadTypeLibEx",
1433. "oleaut32.dll.UnRegisterTypeLib",
1434. "oleaut32.dll.CreateTypeLib2",
1435. "oleaut32.dll.VarDateFromUdate",
1436. "oleaut32.dll.VarUdateFromDate",
1437. "oleaut32.dll.GetAltMonthNames",
1438. "oleaut32.dll.VarNumFromParseNum",
1439. "oleaut32.dll.VarParseNumFromStr",
1440. "oleaut32.dll.VarDecFromR4",
1441. "oleaut32.dll.VarDecFromR8",
1442. "oleaut32.dll.VarDecFromDate",
1443. "oleaut32.dll.VarDecFromI4",
1444. "oleaut32.dll.VarDecFromCy",
1445. "oleaut32.dll.VarR4FromDec",
1446. "oleaut32.dll.GetRecordInfoFromTypeInfo",
1447. "oleaut32.dll.GetRecordInfoFromGuids",
1448. "oleaut32.dll.SafeArrayGetRecordInfo",
1449. "oleaut32.dll.SafeArraySetRecordInfo",
1450. "oleaut32.dll.SafeArrayGetIID",
1451. "oleaut32.dll.SafeArraySetIID",
1452. "oleaut32.dll.SafeArrayCopyData",
1453. "oleaut32.dll.SafeArrayAllocDescriptorEx",
1454. "oleaut32.dll.SafeArrayCreateEx",
1455. "oleaut32.dll.VarFormat",
1456. "oleaut32.dll.VarFormatDateTime",
1457. "oleaut32.dll.VarFormatNumber",
1458. "oleaut32.dll.VarFormatPercent",
1459. "oleaut32.dll.VarFormatCurrency",
1460. "oleaut32.dll.VarWeekdayName",
1461. "oleaut32.dll.VarMonthName",
1462. "oleaut32.dll.VarAdd",
1463. "oleaut32.dll.VarAnd",
1464. "oleaut32.dll.VarCat",
1465. "oleaut32.dll.VarDiv",
1466. "oleaut32.dll.VarEqv",
1467. "oleaut32.dll.VarIdiv",
1468. "oleaut32.dll.VarImp",
1469. "oleaut32.dll.VarMod",
1470. "oleaut32.dll.VarMul",
1471. "oleaut32.dll.VarOr",
1472. "oleaut32.dll.VarPow",
1473. "oleaut32.dll.VarSub",
1474. "oleaut32.dll.VarXor",
1475. "oleaut32.dll.VarAbs",
1476. "oleaut32.dll.VarFix",
1477. "oleaut32.dll.VarInt",
1478. "oleaut32.dll.VarNeg",
1479. "oleaut32.dll.VarNot",
1480. "oleaut32.dll.VarRound",
1481. "oleaut32.dll.VarCmp",
1482. "oleaut32.dll.VarDecAdd",
1483. "oleaut32.dll.VarDecCmp",
1484. "oleaut32.dll.VarBstrCat",
1485. "oleaut32.dll.VarCyMulI4",
1486. "oleaut32.dll.VarBstrCmp",
1487. "ole32.dll.CoCreateInstanceEx",
1488. "ole32.dll.CLSIDFromProgIDEx",
1489. "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary",
1490. "user32.dll.GetSystemMetrics",
1491. "user32.dll.MonitorFromWindow",
1492. "user32.dll.MonitorFromRect",
1493. "user32.dll.MonitorFromPoint",
1494. "user32.dll.EnumDisplayMonitors",
1495. "user32.dll.GetMonitorInfoA",
1496. "kernel32.dll.NlsGetCacheUpdateCount",
1497. "kernel32.dll.GetCalendarInfoW",
1498. "cryptsp.dll.CryptAcquireContextW",
1499. "cryptsp.dll.CryptGenRandom",
1500. "dwmapi.dll.DwmIsCompositionEnabled",
1501. "gdi32.dll.GetLayout",
1502. "gdi32.dll.GdiRealizationInfo",
1503. "gdi32.dll.FontIsLinked",
1504. "advapi32.dll.RegOpenKeyExW",
1505. "advapi32.dll.RegQueryInfoKeyW",
1506. "gdi32.dll.GetTextFaceAliasW",
1507. "advapi32.dll.RegEnumValueW",
1508. "advapi32.dll.RegCloseKey",
1509. "advapi32.dll.RegQueryValueExW",
1510. "gdi32.dll.GetFontAssocStatus",
1511. "advapi32.dll.RegQueryValueExA",
1512. "advapi32.dll.RegEnumKeyExW",
1513. "gdi32.dll.GdiIsMetaPrintDC",
1514. "kernel32.dll.RtlMoveMemory",
1515. "user32.dll.EnumChildWindows",
1516. "kernel32.dll.GetTickCount",
1517. "kernel32.dll.Sleep",
1518. "user32.dll.GetCursorPos",
1519. "user32.dll.EnumWindows",
1520. "kernel32.dll.SetErrorMode",
1521. "kernel32.dll.SetLastError",
1522. "kernel32.dll.VirtualAllocEx",
1523. "kernel32.dll.CloseHandle",
1524. "shell32.dll.ShellExecuteW",
1525. "kernel32.dll.WriteFile",
1526. "kernel32.dll.UnmapViewOfFile",
1527. "kernel32.dll.CreateFileW",
1528. "kernel32.dll.TerminateProcess",
1529. "kernel32.dll.VirtualProtectEx",
1530. "kernel32.dll.CreateProcessInternalW",
1531. "kernel32.dll.GetTempPathW",
1532. "kernel32.dll.GetLongPathNameW",
1533. "kernel32.dll.GetFileSize",
1534. "kernel32.dll.ReadFile",
1535. "ntdll.dll.NtProtectVirtualMemory",
1536. "kernel32.dll.GetCommandLineW"
1537. ]
1538.  
1539. [*] Static Analysis: {
1540. "pe": {
1541. "peid_signatures": null,
1542. "imports": [
1543. {
1544. "imports": [
1545. {
1546. "name": "__vbaVarTstGt",
1547. "address": "0x401000"
1548. },
1549. {
1550. "name": "__vbaVarSub",
1551. "address": "0x401004"
1552. },
1553. {
1554. "name": null,
1555. "address": "0x401008"
1556. },
1557. {
1558. "name": "_CIcos",
1559. "address": "0x40100c"
1560. },
1561. {
1562. "name": "_adj_fptan",
1563. "address": "0x401010"
1564. },
1565. {
1566. "name": "__vbaVarMove",
1567. "address": "0x401014"
1568. },
1569. {
1570. "name": null,
1571. "address": "0x401018"
1572. },
1573. {
1574. "name": null,
1575. "address": "0x40101c"
1576. },
1577. {
1578. "name": "__vbaFreeVar",
1579. "address": "0x401020"
1580. },
1581. {
1582. "name": null,
1583. "address": "0x401024"
1584. },
1585. {
1586. "name": "__vbaStrVarMove",
1587. "address": "0x401028"
1588. },
1589. {
1590. "name": "__vbaFreeVarList",
1591. "address": "0x40102c"
1592. },
1593. {
1594. "name": "__vbaEnd",
1595. "address": "0x401030"
1596. },
1597. {
1598. "name": "_adj_fdiv_m64",
1599. "address": "0x401034"
1600. },
1601. {
1602. "name": "__vbaFpCDblR8",
1603. "address": "0x401038"
1604. },
1605. {
1606. "name": null,
1607. "address": "0x40103c"
1608. },
1609. {
1610. "name": "__vbaFreeObjList",
1611. "address": "0x401040"
1612. },
1613. {
1614. "name": null,
1615. "address": "0x401044"
1616. },
1617. {
1618. "name": "__vbaStrErrVarCopy",
1619. "address": "0x401048"
1620. },
1621. {
1622. "name": "_adj_fprem1",
1623. "address": "0x40104c"
1624. },
1625. {
1626. "name": null,
1627. "address": "0x401050"
1628. },
1629. {
1630. "name": null,
1631. "address": "0x401054"
1632. },
1633. {
1634. "name": "__vbaStrCat",
1635. "address": "0x401058"
1636. },
1637. {
1638. "name": null,
1639. "address": "0x40105c"
1640. },
1641. {
1642. "name": null,
1643. "address": "0x401060"
1644. },
1645. {
1646. "name": "__vbaSetSystemError",
1647. "address": "0x401064"
1648. },
1649. {
1650. "name": "__vbaHresultCheckObj",
1651. "address": "0x401068"
1652. },
1653. {
1654. "name": "_adj_fdiv_m32",
1655. "address": "0x40106c"
1656. },
1657. {
1658. "name": null,
1659. "address": "0x401070"
1660. },
1661. {
1662. "name": "__vbaAryVar",
1663. "address": "0x401074"
1664. },
1665. {
1666. "name": null,
1667. "address": "0x401078"
1668. },
1669. {
1670. "name": null,
1671. "address": "0x40107c"
1672. },
1673. {
1674. "name": "__vbaAryDestruct",
1675. "address": "0x401080"
1676. },
1677. {
1678. "name": null,
1679. "address": "0x401084"
1680. },
1681. {
1682. "name": null,
1683. "address": "0x401088"
1684. },
1685. {
1686. "name": null,
1687. "address": "0x40108c"
1688. },
1689. {
1690. "name": "__vbaFileCloseAll",
1691. "address": "0x401090"
1692. },
1693. {
1694. "name": "__vbaObjSet",
1695. "address": "0x401094"
1696. },
1697. {
1698. "name": "_adj_fdiv_m16i",
1699. "address": "0x401098"
1700. },
1701. {
1702. "name": "__vbaObjSetAddref",
1703. "address": "0x40109c"
1704. },
1705. {
1706. "name": "_adj_fdivr_m16i",
1707. "address": "0x4010a0"
1708. },
1709. {
1710. "name": null,
1711. "address": "0x4010a4"
1712. },
1713. {
1714. "name": null,
1715. "address": "0x4010a8"
1716. },
1717. {
1718. "name": null,
1719. "address": "0x4010ac"
1720. },
1721. {
1722. "name": "__vbaFpR8",
1723. "address": "0x4010b0"
1724. },
1725. {
1726. "name": null,
1727. "address": "0x4010b4"
1728. },
1729. {
1730. "name": "_CIsin",
1731. "address": "0x4010b8"
1732. },
1733. {
1734. "name": null,
1735. "address": "0x4010bc"
1736. },
1737. {
1738. "name": null,
1739. "address": "0x4010c0"
1740. },
1741. {
1742. "name": "__vbaErase",
1743. "address": "0x4010c4"
1744. },
1745. {
1746. "name": "__vbaChkstk",
1747. "address": "0x4010c8"
1748. },
1749. {
1750. "name": "__vbaFileClose",
1751. "address": "0x4010cc"
1752. },
1753. {
1754. "name": null,
1755. "address": "0x4010d0"
1756. },
1757. {
1758. "name": null,
1759. "address": "0x4010d4"
1760. },
1761. {
1762. "name": "EVENT_SINK_AddRef",
1763. "address": "0x4010d8"
1764. },
1765. {
1766. "name": "__vbaGenerateBoundsError",
1767. "address": "0x4010dc"
1768. },
1769. {
1770. "name": "__vbaStrCmp",
1771. "address": "0x4010e0"
1772. },
1773. {
1774. "name": "__vbaAryConstruct2",
1775. "address": "0x4010e4"
1776. },
1777. {
1778. "name": "__vbaVarTstEq",
1779. "address": "0x4010e8"
1780. },
1781. {
1782. "name": null,
1783. "address": "0x4010ec"
1784. },
1785. {
1786. "name": "__vbaI2I4",
1787. "address": "0x4010f0"
1788. },
1789. {
1790. "name": "__vbaObjVar",
1791. "address": "0x4010f4"
1792. },
1793. {
1794. "name": "DllFunctionCall",
1795. "address": "0x4010f8"
1796. },
1797. {
1798. "name": null,
1799. "address": "0x4010fc"
1800. },
1801. {
1802. "name": "_adj_fpatan",
1803. "address": "0x401100"
1804. },
1805. {
1806. "name": null,
1807. "address": "0x401104"
1808. },
1809. {
1810. "name": null,
1811. "address": "0x401108"
1812. },
1813. {
1814. "name": null,
1815. "address": "0x40110c"
1816. },
1817. {
1818. "name": "__vbaLateIdCallLd",
1819. "address": "0x401110"
1820. },
1821. {
1822. "name": "__vbaRedim",
1823. "address": "0x401114"
1824. },
1825. {
1826. "name": null,
1827. "address": "0x401118"
1828. },
1829. {
1830. "name": "EVENT_SINK_Release",
1831. "address": "0x40111c"
1832. },
1833. {
1834. "name": null,
1835. "address": "0x401120"
1836. },
1837. {
1838. "name": "_CIsqrt",
1839. "address": "0x401124"
1840. },
1841. {
1842. "name": "EVENT_SINK_QueryInterface",
1843. "address": "0x401128"
1844. },
1845. {
1846. "name": "__vbaExceptHandler",
1847. "address": "0x40112c"
1848. },
1849. {
1850. "name": "__vbaStrToUnicode",
1851. "address": "0x401130"
1852. },
1853. {
1854. "name": null,
1855. "address": "0x401134"
1856. },
1857. {
1858. "name": null,
1859. "address": "0x401138"
1860. },
1861. {
1862. "name": "_adj_fprem",
1863. "address": "0x40113c"
1864. },
1865. {
1866. "name": "_adj_fdivr_m64",
1867. "address": "0x401140"
1868. },
1869. {
1870. "name": null,
1871. "address": "0x401144"
1872. },
1873. {
1874. "name": null,
1875. "address": "0x401148"
1876. },
1877. {
1878. "name": null,
1879. "address": "0x40114c"
1880. },
1881. {
1882. "name": null,
1883. "address": "0x401150"
1884. },
1885. {
1886. "name": null,
1887. "address": "0x401154"
1888. },
1889. {
1890. "name": "__vbaFPException",
1891. "address": "0x401158"
1892. },
1893. {
1894. "name": "__vbaInStrVar",
1895. "address": "0x40115c"
1896. },
1897. {
1898. "name": null,
1899. "address": "0x401160"
1900. },
1901. {
1902. "name": "__vbaVarCat",
1903. "address": "0x401164"
1904. },
1905. {
1906. "name": null,
1907. "address": "0x401168"
1908. },
1909. {
1910. "name": null,
1911. "address": "0x40116c"
1912. },
1913. {
1914. "name": "_CIlog",
1915. "address": "0x401170"
1916. },
1917. {
1918. "name": "__vbaErrorOverflow",
1919. "address": "0x401174"
1920. },
1921. {
1922. "name": "__vbaFileOpen",
1923. "address": "0x401178"
1924. },
1925. {
1926. "name": null,
1927. "address": "0x40117c"
1928. },
1929. {
1930. "name": "__vbaNew2",
1931. "address": "0x401180"
1932. },
1933. {
1934. "name": "__vbaInStr",
1935. "address": "0x401184"
1936. },
1937. {
1938. "name": null,
1939. "address": "0x401188"
1940. },
1941. {
1942. "name": "_adj_fdiv_m32i",
1943. "address": "0x40118c"
1944. },
1945. {
1946. "name": "_adj_fdivr_m32i",
1947. "address": "0x401190"
1948. },
1949. {
1950. "name": "__vbaStrCopy",
1951. "address": "0x401194"
1952. },
1953. {
1954. "name": "__vbaI4Str",
1955. "address": "0x401198"
1956. },
1957. {
1958. "name": null,
1959. "address": "0x40119c"
1960. },
1961. {
1962. "name": "__vbaFreeStrList",
1963. "address": "0x4011a0"
1964. },
1965. {
1966. "name": "__vbaDerefAry1",
1967. "address": "0x4011a4"
1968. },
1969. {
1970. "name": null,
1971. "address": "0x4011a8"
1972. },
1973. {
1974. "name": "_adj_fdivr_m32",
1975. "address": "0x4011ac"
1976. },
1977. {
1978. "name": null,
1979. "address": "0x4011b0"
1980. },
1981. {
1982. "name": "_adj_fdiv_r",
1983. "address": "0x4011b4"
1984. },
1985. {
1986. "name": null,
1987. "address": "0x4011b8"
1988. },
1989. {
1990. "name": null,
1991. "address": "0x4011bc"
1992. },
1993. {
1994. "name": "__vbaVarTstNe",
1995. "address": "0x4011c0"
1996. },
1997. {
1998. "name": "__vbaI4Var",
1999. "address": "0x4011c4"
2000. },
2001. {
2002. "name": "__vbaLateMemCall",
2003. "address": "0x4011c8"
2004. },
2005. {
2006. "name": "__vbaVarDup",
2007. "address": "0x4011cc"
2008. },
2009. {
2010. "name": "__vbaStrToAnsi",
2011. "address": "0x4011d0"
2012. },
2013. {
2014. "name": "__vbaStrComp",
2015. "address": "0x4011d4"
2016. },
2017. {
2018. "name": null,
2019. "address": "0x4011d8"
2020. },
2021. {
2022. "name": "__vbaR4Sgn",
2023. "address": "0x4011dc"
2024. },
2025. {
2026. "name": null,
2027. "address": "0x4011e0"
2028. },
2029. {
2030. "name": null,
2031. "address": "0x4011e4"
2032. },
2033. {
2034. "name": "__vbaVarLateMemCallLd",
2035. "address": "0x4011e8"
2036. },
2037. {
2038. "name": "__vbaVarCopy",
2039. "address": "0x4011ec"
2040. },
2041. {
2042. "name": "__vbaFpI4",
2043. "address": "0x4011f0"
2044. },
2045. {
2046. "name": null,
2047. "address": "0x4011f4"
2048. },
2049. {
2050. "name": "__vbaR8IntI2",
2051. "address": "0x4011f8"
2052. },
2053. {
2054. "name": "_CIatan",
2055. "address": "0x4011fc"
2056. },
2057. {
2058. "name": "__vbaStrMove",
2059. "address": "0x401200"
2060. },
2061. {
2062. "name": null,
2063. "address": "0x401204"
2064. },
2065. {
2066. "name": "__vbaAryCopy",
2067. "address": "0x401208"
2068. },
2069. {
2070. "name": "__vbaCastObj",
2071. "address": "0x40120c"
2072. },
2073. {
2074. "name": null,
2075. "address": "0x401210"
2076. },
2077. {
2078. "name": null,
2079. "address": "0x401214"
2080. },
2081. {
2082. "name": "_allmul",
2083. "address": "0x401218"
2084. },
2085. {
2086. "name": null,
2087. "address": "0x40121c"
2088. },
2089. {
2090. "name": "_CItan",
2091. "address": "0x401220"
2092. },
2093. {
2094. "name": null,
2095. "address": "0x401224"
2096. },
2097. {
2098. "name": null,
2099. "address": "0x401228"
2100. },
2101. {
2102. "name": "_CIexp",
2103. "address": "0x40122c"
2104. },
2105. {
2106. "name": "__vbaFreeStr",
2107. "address": "0x401230"
2108. },
2109. {
2110. "name": "__vbaFreeObj",
2111. "address": "0x401234"
2112. },
2113. {
2114. "name": null,
2115. "address": "0x401238"
2116. }
2117. ],
2118. "dll": "MSVBVM60.DLL"
2119. }
2120. ],
2121. "digital_signers": null,
2122. "exported_dll_name": null,
2123. "actual_checksum": "0x000e38b6",
2124. "overlay": null,
2125. "imagebase": "0x00400000",
2126. "reported_checksum": "0x000e38b6",
2127. "icon_hash": null,
2128. "entrypoint": "0x0040166c",
2129. "timestamp": "2011-03-06 00:03:11",
2130. "osversion": "4.0",
2131. "sections": [
2132. {
2133. "name": ".text",
2134. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2135. "virtual_address": "0x00001000",
2136. "size_of_data": "0x000d8000",
2137. "entropy": "2.84",
2138. "raw_address": "0x00001000",
2139. "virtual_size": "0x000d782c",
2140. "characteristics_raw": "0x60000020"
2141. },
2142. {
2143. "name": ".data",
2144. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2145. "virtual_address": "0x000d9000",
2146. "size_of_data": "0x00001000",
2147. "entropy": "0.00",
2148. "raw_address": "0x000d9000",
2149. "virtual_size": "0x00000af4",
2150. "characteristics_raw": "0xc0000040"
2151. },
2152. {
2153. "name": ".rsrc",
2154. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2155. "virtual_address": "0x000da000",
2156. "size_of_data": "0x00005000",
2157. "entropy": "5.58",
2158. "raw_address": "0x000da000",
2159. "virtual_size": "0x00004e7a",
2160. "characteristics_raw": "0x40000040"
2161. }
2162. ],
2163. "resources": [],
2164. "dirents": [
2165. {
2166. "virtual_address": "0x00000000",
2167. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2168. "size": "0x00000000"
2169. },
2170. {
2171. "virtual_address": "0x000d8054",
2172. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2173. "size": "0x00000028"
2174. },
2175. {
2176. "virtual_address": "0x000da000",
2177. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2178. "size": "0x00004e7a"
2179. },
2180. {
2181. "virtual_address": "0x00000000",
2182. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2183. "size": "0x00000000"
2184. },
2185. {
2186. "virtual_address": "0x00000000",
2187. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2188. "size": "0x00000000"
2189. },
2190. {
2191. "virtual_address": "0x00000000",
2192. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2193. "size": "0x00000000"
2194. },
2195. {
2196. "virtual_address": "0x00000000",
2197. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2198. "size": "0x00000000"
2199. },
2200. {
2201. "virtual_address": "0x00000000",
2202. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2203. "size": "0x00000000"
2204. },
2205. {
2206. "virtual_address": "0x00000000",
2207. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2208. "size": "0x00000000"
2209. },
2210. {
2211. "virtual_address": "0x00000000",
2212. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2213. "size": "0x00000000"
2214. },
2215. {
2216. "virtual_address": "0x00000000",
2217. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2218. "size": "0x00000000"
2219. },
2220. {
2221. "virtual_address": "0x00000228",
2222. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2223. "size": "0x00000020"
2224. },
2225. {
2226. "virtual_address": "0x00001000",
2227. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2228. "size": "0x00000240"
2229. },
2230. {
2231. "virtual_address": "0x00000000",
2232. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2233. "size": "0x00000000"
2234. },
2235. {
2236. "virtual_address": "0x00000000",
2237. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2238. "size": "0x00000000"
2239. },
2240. {
2241. "virtual_address": "0x00000000",
2242. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2243. "size": "0x00000000"
2244. }
2245. ],
2246. "exports": [],
2247. "guest_signers": {},
2248. "imphash": "5227df37d4d7bed86143f73d8433e50a",
2249. "icon_fuzzy": null,
2250. "icon": null,
2251. "pdbpath": null,
2252. "imported_dll_count": 1,
2253. "versioninfo": []
2254. }
2255. }