SHARE
TWEET

02.json

paladin316 Jun 18th, 2019 95 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: "Zlob"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "02"
  7. [*] File Size: 53000
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "0617ddb1b7e7ab86159bc7be01c86c50a9d7a57db0914486c496e277c10b19ae"
  10. [*] MD5: "083982a12992d7532a3089f8b0235e2b"
  11. [*] SHA1: "5b103ab6a882b77ecff4029b87976a6380e1b308"
  12. [*] SHA512: "297ec2e7c9e7d21f901aa643ede264747f3241c7e8892c93dbccd260905f1deb888e812ce566babbb86b9413e8339495f54f86710d16fbac672c2b18f6f4da9a"
  13. [*] CRC32: "4EF938AE"
  14. [*] SSDEEP: "768:AhqQ+8Cdx/h6dsWI0Y9OZTpOg0nBZpfW89DvGH7dc7vCy6vUg/O4qwEZY1Kgz:ArMCKWIdOZ0g0nzpV9rGHq7v1x4RcaN"
  15.  
  16. [*] Process Execution: [
  17.     "02.exe",
  18.     "hkmoov.exe",
  19.     "reg.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23.     {
  24.         "Description": "Creates RWX memory",
  25.         "Details": []
  26.     },
  27.     {
  28.         "Description": "A process attempted to delay the analysis task.",
  29.         "Details": [
  30.             {
  31.                 "Process": "hkmoov.exe tried to sleep 1740 seconds, actually delayed analysis time by 0 seconds"
  32.             }
  33.         ]
  34.     },
  35.     {
  36.         "Description": "Reads data out of its own binary image",
  37.         "Details": [
  38.             {
  39.                 "self_read": "process: 02.exe, pid: 2488, offset: 0x00000000, length: 0x0000cf08"
  40.             }
  41.         ]
  42.     },
  43.     {
  44.         "Description": "Drops a binary and executes it",
  45.         "Details": [
  46.             {
  47.                 "binary": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  48.             }
  49.         ]
  50.     },
  51.     {
  52.         "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  53.         "Details": [
  54.             {
  55.                 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  56.             },
  57.             {
  58.                 "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  59.             },
  60.             {
  61.                 "suspicious_request": "http://safegross.com/ppk/index.php"
  62.             },
  63.             {
  64.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  65.             },
  66.             {
  67.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  68.             },
  69.             {
  70.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  71.             },
  72.             {
  73.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  74.             },
  75.             {
  76.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  77.             },
  78.             {
  79.                 "suspicious_request": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  80.             },
  81.             {
  82.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  83.             },
  84.             {
  85.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  86.             },
  87.             {
  88.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  89.             },
  90.             {
  91.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  92.             },
  93.             {
  94.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  95.             },
  96.             {
  97.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  98.             },
  99.             {
  100.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  101.             },
  102.             {
  103.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  104.             },
  105.             {
  106.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  107.             },
  108.             {
  109.                 "suspicious_request": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  110.             },
  111.             {
  112.                 "suspicious_request": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  113.             },
  114.             {
  115.                 "suspicious_request": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  116.             },
  117.             {
  118.                 "suspicious_request": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  119.             },
  120.             {
  121.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  122.             },
  123.             {
  124.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  125.             },
  126.             {
  127.                 "suspicious_request": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  128.             },
  129.             {
  130.                 "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  131.             },
  132.             {
  133.                 "suspicious_request": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  134.             }
  135.         ]
  136.     },
  137.     {
  138.         "Description": "Performs some HTTP requests",
  139.         "Details": [
  140.             {
  141.                 "url": "http://safegross.com/ppk/index.php"
  142.             },
  143.             {
  144.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  145.             },
  146.             {
  147.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  148.             },
  149.             {
  150.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  151.             },
  152.             {
  153.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  154.             },
  155.             {
  156.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  157.             },
  158.             {
  159.                 "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  160.             },
  161.             {
  162.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  163.             },
  164.             {
  165.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  166.             },
  167.             {
  168.                 "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  169.             },
  170.             {
  171.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  172.             },
  173.             {
  174.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  175.             },
  176.             {
  177.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  178.             },
  179.             {
  180.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  181.             },
  182.             {
  183.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  184.             },
  185.             {
  186.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  187.             },
  188.             {
  189.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  190.             },
  191.             {
  192.                 "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  193.             },
  194.             {
  195.                 "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  196.             },
  197.             {
  198.                 "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  199.             },
  200.             {
  201.                 "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  202.             },
  203.             {
  204.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  205.             },
  206.             {
  207.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  208.             },
  209.             {
  210.                 "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  211.             },
  212.             {
  213.                 "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  214.             },
  215.             {
  216.                 "url": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  217.             }
  218.         ]
  219.     },
  220.     {
  221.         "Description": "Attempts to identify installed AV products by installation directory",
  222.         "Details": [
  223.             {
  224.                 "file": "C:\\ProgramData\\AVAST Software"
  225.             },
  226.             {
  227.                 "file": "C:\\ProgramData\\Avira"
  228.             },
  229.             {
  230.                 "file": "C:\\ProgramData\\Kaspersky Lab"
  231.             },
  232.             {
  233.                 "file": "C:\\ProgramData\\ESET"
  234.             },
  235.             {
  236.                 "file": "C:\\ProgramData\\Panda Security"
  237.             },
  238.             {
  239.                 "file": "C:\\ProgramData\\Bitdefender"
  240.             },
  241.             {
  242.                 "file": "C:\\ProgramData\\AVG"
  243.             },
  244.             {
  245.                 "file": "C:\\ProgramData\\Doctor Web"
  246.             }
  247.         ]
  248.     },
  249.     {
  250.         "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
  251.         "Details": [
  252.             {
  253.                 "FireEye": "Generic.mg.083982a12992d753"
  254.             },
  255.             {
  256.                 "McAfee": "GenericRXHU-CZ!083982A12992"
  257.             },
  258.             {
  259.                 "Symantec": "ML.Attribute.HighConfidence"
  260.             },
  261.             {
  262.                 "ESET-NOD32": "a variant of Win32/GenKryptik.DKZJ"
  263.             },
  264.             {
  265.                 "Avast": "FileRepMalware"
  266.             },
  267.             {
  268.                 "Kaspersky": "UDS:DangerousObject.Multi.Generic"
  269.             },
  270.             {
  271.                 "Tencent": "Win32.Trojan.Raasmx.Auto"
  272.             },
  273.             {
  274.                 "Endgame": "malicious (high confidence)"
  275.             },
  276.             {
  277.                 "F-Secure": "Trojan.TR/AD.Zlob.haljw"
  278.             },
  279.             {
  280.                 "DrWeb": "Trojan.SpyBot.840"
  281.             },
  282.             {
  283.                 "McAfee-GW-Edition": "Artemis!Trojan"
  284.             },
  285.             {
  286.                 "Ikarus": "Backdoor.Rat.FlawedAmmyy"
  287.             },
  288.             {
  289.                 "Avira": "TR/AD.Zlob.haljw"
  290.             },
  291.             {
  292.                 "Fortinet": "W32/Kryptik.GTDL!tr"
  293.             },
  294.             {
  295.                 "Microsoft": "TrojanDownloader:Win32/Zlob.ZXP!bit"
  296.             },
  297.             {
  298.                 "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  299.             },
  300.             {
  301.                 "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  302.             },
  303.             {
  304.                 "SentinelOne": "DFI - Suspicious PE"
  305.             },
  306.             {
  307.                 "GData": "Win32.Trojan.Agent.1H3PRG"
  308.             },
  309.             {
  310.                 "AVG": "FileRepMalware"
  311.             },
  312.             {
  313.                 "CrowdStrike": "win/malicious_confidence_70% (W)"
  314.             }
  315.         ]
  316.     },
  317.     {
  318.         "Description": "Creates a copy of itself",
  319.         "Details": [
  320.             {
  321.                 "copy": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  322.             }
  323.         ]
  324.     }
  325. ]
  326.  
  327. [*] Started Service: []
  328.  
  329. [*] Executed Commands: [
  330.     "c:\\programdata\\d61e6e07ea\\hkmoov.exe",
  331.     "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\d61e6e07ea"
  332. ]
  333.  
  334. [*] Mutexes: []
  335.  
  336. [*] Modified Files: [
  337.     "C:\\ProgramData\\0",
  338.     "C:\\programdata\\d61e6e07ea\\hkmoov.exe",
  339.     "C:\\programdata\\d61e6e07ea\\hkmoov.exe:Zone.Identifier"
  340. ]
  341.  
  342. [*] Deleted Files: []
  343.  
  344. [*] Modified Registry Keys: [
  345.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup"
  346. ]
  347.  
  348. [*] Deleted Registry Keys: []
  349.  
  350. [*] DNS Communications: [
  351.     {
  352.         "type": "A",
  353.         "request": "safegross.com",
  354.         "answers": [
  355.             {
  356.                 "data": "151.237.80.80",
  357.                 "type": "A"
  358.             },
  359.             {
  360.                 "data": "37.152.176.90",
  361.                 "type": "A"
  362.             },
  363.             {
  364.                 "data": "93.103.166.70",
  365.                 "type": "A"
  366.             },
  367.             {
  368.                 "data": "89.238.207.5",
  369.                 "type": "A"
  370.             },
  371.             {
  372.                 "data": "91.104.177.151",
  373.                 "type": "A"
  374.             },
  375.             {
  376.                 "data": "89.190.74.198",
  377.                 "type": "A"
  378.             },
  379.             {
  380.                 "data": "2.185.146.116",
  381.                 "type": "A"
  382.             },
  383.             {
  384.                 "data": "5.253.53.236",
  385.                 "type": "A"
  386.             },
  387.             {
  388.                 "data": "95.158.162.200",
  389.                 "type": "A"
  390.             },
  391.             {
  392.                 "data": "197.255.225.249",
  393.                 "type": "A"
  394.             },
  395.             {
  396.                 "data": "89.45.19.26",
  397.                 "type": "A"
  398.             },
  399.             {
  400.                 "data": "186.87.135.97",
  401.                 "type": "A"
  402.             },
  403.             {
  404.                 "data": "193.33.1.18",
  405.                 "type": "A"
  406.             },
  407.             {
  408.                 "data": "31.5.167.149",
  409.                 "type": "A"
  410.             },
  411.             {
  412.                 "data": "41.110.200.194",
  413.                 "type": "A"
  414.             },
  415.             {
  416.                 "data": "85.187.48.16",
  417.                 "type": "A"
  418.             },
  419.             {
  420.                 "data": "181.59.254.21",
  421.                 "type": "A"
  422.             },
  423.             {
  424.                 "data": "89.45.19.24",
  425.                 "type": "A"
  426.             },
  427.             {
  428.                 "data": "86.101.230.109",
  429.                 "type": "A"
  430.             }
  431.         ]
  432.     }
  433. ]
  434.  
  435. [*] Domains: [
  436.     {
  437.         "ip": "",
  438.         "domain": "safegross.com"
  439.     }
  440. ]
  441.  
  442. [*] Network Communication - ICMP: []
  443.  
  444. [*] Network Communication - HTTP: [
  445.     {
  446.         "count": 30,
  447.         "body": "id=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  448.         "uri": "http://safegross.com/ppk/index.php",
  449.         "user-agent": "",
  450.         "method": "POST",
  451.         "host": "safegross.com",
  452.         "version": "1.1",
  453.         "path": "/ppk/index.php",
  454.         "data": "POST /ppk/index.php HTTP/1.1\r\nHost: safegross.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 76\r\n\r\nid=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  455.         "port": 80
  456.     },
  457.     {
  458.         "count": 1,
  459.         "body": "",
  460.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  461.         "user-agent": "Microsoft-CryptoAPI/6.1",
  462.         "method": "GET",
  463.         "host": "ocsp.digicert.com",
  464.         "version": "1.1",
  465.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  466.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  467.         "port": 80
  468.     },
  469.     {
  470.         "count": 1,
  471.         "body": "",
  472.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  473.         "user-agent": "Microsoft-CryptoAPI/6.1",
  474.         "method": "GET",
  475.         "host": "ocsp.digicert.com",
  476.         "version": "1.1",
  477.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  478.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  479.         "port": 80
  480.     },
  481.     {
  482.         "count": 1,
  483.         "body": "",
  484.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  485.         "user-agent": "Microsoft-CryptoAPI/6.1",
  486.         "method": "GET",
  487.         "host": "ocsp.digicert.com",
  488.         "version": "1.1",
  489.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  490.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  491.         "port": 80
  492.     },
  493.     {
  494.         "count": 1,
  495.         "body": "",
  496.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  497.         "user-agent": "Microsoft-CryptoAPI/6.1",
  498.         "method": "GET",
  499.         "host": "ocsp.pki.goog",
  500.         "version": "1.1",
  501.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  502.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  503.         "port": 80
  504.     },
  505.     {
  506.         "count": 1,
  507.         "body": "",
  508.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  509.         "user-agent": "Microsoft-CryptoAPI/6.1",
  510.         "method": "GET",
  511.         "host": "ocsp.digicert.com",
  512.         "version": "1.1",
  513.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  514.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  515.         "port": 80
  516.     },
  517.     {
  518.         "count": 1,
  519.         "body": "",
  520.         "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  521.         "user-agent": "Microsoft-CryptoAPI/6.1",
  522.         "method": "GET",
  523.         "host": "crl.microsoft.com",
  524.         "version": "1.1",
  525.         "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  526.         "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  527.         "port": 80
  528.     },
  529.     {
  530.         "count": 1,
  531.         "body": "",
  532.         "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  533.         "user-agent": "Microsoft-CryptoAPI/6.1",
  534.         "method": "GET",
  535.         "host": "ocsp.comodoca.com",
  536.         "version": "1.1",
  537.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  538.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  539.         "port": 80
  540.     },
  541.     {
  542.         "count": 1,
  543.         "body": "",
  544.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  545.         "user-agent": "Microsoft-CryptoAPI/6.1",
  546.         "method": "GET",
  547.         "host": "ocsp.pki.goog",
  548.         "version": "1.1",
  549.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  550.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  551.         "port": 80
  552.     },
  553.     {
  554.         "count": 1,
  555.         "body": "",
  556.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  557.         "user-agent": "Microsoft-CryptoAPI/6.1",
  558.         "method": "GET",
  559.         "host": "ocsp.digicert.com",
  560.         "version": "1.1",
  561.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  562.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  563.         "port": 80
  564.     },
  565.     {
  566.         "count": 1,
  567.         "body": "",
  568.         "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  569.         "user-agent": "Microsoft-CryptoAPI/6.1",
  570.         "method": "GET",
  571.         "host": "www.download.windowsupdate.com",
  572.         "version": "1.1",
  573.         "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  574.         "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  575.         "port": 80
  576.     },
  577.     {
  578.         "count": 1,
  579.         "body": "",
  580.         "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  581.         "user-agent": "Microsoft-CryptoAPI/6.1",
  582.         "method": "GET",
  583.         "host": "crl.microsoft.com",
  584.         "version": "1.1",
  585.         "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  586.         "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  587.         "port": 80
  588.     },
  589.     {
  590.         "count": 1,
  591.         "body": "",
  592.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  593.         "user-agent": "Microsoft-CryptoAPI/6.1",
  594.         "method": "GET",
  595.         "host": "ocsp.digicert.com",
  596.         "version": "1.1",
  597.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  598.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  599.         "port": 80
  600.     },
  601.     {
  602.         "count": 1,
  603.         "body": "",
  604.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  605.         "user-agent": "Microsoft-CryptoAPI/6.1",
  606.         "method": "GET",
  607.         "host": "ocsp.digicert.com",
  608.         "version": "1.1",
  609.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  610.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  611.         "port": 80
  612.     },
  613.     {
  614.         "count": 1,
  615.         "body": "",
  616.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  617.         "user-agent": "Microsoft-CryptoAPI/6.1",
  618.         "method": "GET",
  619.         "host": "ocsp.digicert.com",
  620.         "version": "1.1",
  621.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  622.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  623.         "port": 80
  624.     },
  625.     {
  626.         "count": 1,
  627.         "body": "",
  628.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  629.         "user-agent": "Microsoft-CryptoAPI/6.1",
  630.         "method": "GET",
  631.         "host": "ocsp.pki.goog",
  632.         "version": "1.1",
  633.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  634.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  635.         "port": 80
  636.     },
  637.     {
  638.         "count": 1,
  639.         "body": "",
  640.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  641.         "user-agent": "Microsoft-CryptoAPI/6.1",
  642.         "method": "GET",
  643.         "host": "ocsp.pki.goog",
  644.         "version": "1.1",
  645.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  646.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  647.         "port": 80
  648.     },
  649.     {
  650.         "count": 1,
  651.         "body": "",
  652.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  653.         "user-agent": "Microsoft-CryptoAPI/6.1",
  654.         "method": "GET",
  655.         "host": "ocsp.digicert.com",
  656.         "version": "1.1",
  657.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  658.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  659.         "port": 80
  660.     },
  661.     {
  662.         "count": 1,
  663.         "body": "",
  664.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  665.         "user-agent": "Microsoft-CryptoAPI/6.1",
  666.         "method": "GET",
  667.         "host": "ocsp.pki.goog",
  668.         "version": "1.1",
  669.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  670.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  671.         "port": 80
  672.     },
  673.     {
  674.         "count": 1,
  675.         "body": "",
  676.         "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  677.         "user-agent": "Microsoft-CryptoAPI/6.1",
  678.         "method": "GET",
  679.         "host": "ocsp.msocsp.com",
  680.         "version": "1.1",
  681.         "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  682.         "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  683.         "port": 80
  684.     },
  685.     {
  686.         "count": 1,
  687.         "body": "",
  688.         "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  689.         "user-agent": "Microsoft-CryptoAPI/6.1",
  690.         "method": "GET",
  691.         "host": "ocsp.thawte.com",
  692.         "version": "1.1",
  693.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  694.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  695.         "port": 80
  696.     },
  697.     {
  698.         "count": 1,
  699.         "body": "",
  700.         "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  701.         "user-agent": "Microsoft-CryptoAPI/6.1",
  702.         "method": "GET",
  703.         "host": "ocsp.usertrust.com",
  704.         "version": "1.1",
  705.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  706.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  707.         "port": 80
  708.     },
  709.     {
  710.         "count": 1,
  711.         "body": "",
  712.         "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  713.         "user-agent": "Microsoft-CryptoAPI/6.1",
  714.         "method": "GET",
  715.         "host": "th.symcd.com",
  716.         "version": "1.1",
  717.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  718.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  719.         "port": 80
  720.     },
  721.     {
  722.         "count": 1,
  723.         "body": "",
  724.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  725.         "user-agent": "Microsoft-CryptoAPI/6.1",
  726.         "method": "GET",
  727.         "host": "ocsp.digicert.com",
  728.         "version": "1.1",
  729.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  730.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  731.         "port": 80
  732.     },
  733.     {
  734.         "count": 1,
  735.         "body": "",
  736.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  737.         "user-agent": "Microsoft-CryptoAPI/6.1",
  738.         "method": "GET",
  739.         "host": "ocsp.digicert.com",
  740.         "version": "1.1",
  741.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  742.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  743.         "port": 80
  744.     },
  745.     {
  746.         "count": 1,
  747.         "body": "",
  748.         "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  749.         "user-agent": "Microsoft-CryptoAPI/6.1",
  750.         "method": "GET",
  751.         "host": "ocsp.pki.goog",
  752.         "version": "1.1",
  753.         "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  754.         "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  755.         "port": 80
  756.     },
  757.     {
  758.         "count": 1,
  759.         "body": "",
  760.         "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  761.         "user-agent": "Microsoft-CryptoAPI/6.1",
  762.         "method": "GET",
  763.         "host": "crl.microsoft.com",
  764.         "version": "1.1",
  765.         "path": "/pki/crl/products/microsoftrootcert.crl",
  766.         "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  767.         "port": 80
  768.     },
  769.     {
  770.         "count": 1,
  771.         "body": "",
  772.         "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  773.         "user-agent": "Microsoft BITS/7.5",
  774.         "method": "HEAD",
  775.         "host": "redirector.gvt1.com",
  776.         "version": "1.1",
  777.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  778.         "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  779.         "port": 80
  780.     },
  781.     {
  782.         "count": 1,
  783.         "body": "",
  784.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  785.         "user-agent": "Microsoft BITS/7.5",
  786.         "method": "HEAD",
  787.         "host": "r4---sn-tt1eln7l.gvt1.com",
  788.         "version": "1.1",
  789.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  790.         "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  791.         "port": 80
  792.     },
  793.     {
  794.         "count": 1,
  795.         "body": "",
  796.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  797.         "user-agent": "Microsoft BITS/7.5",
  798.         "method": "GET",
  799.         "host": "r4---sn-tt1eln7l.gvt1.com",
  800.         "version": "1.1",
  801.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  802.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6812\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  803.         "port": 80
  804.     },
  805.     {
  806.         "count": 1,
  807.         "body": "",
  808.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  809.         "user-agent": "Microsoft BITS/7.5",
  810.         "method": "GET",
  811.         "host": "r4---sn-tt1eln7l.gvt1.com",
  812.         "version": "1.1",
  813.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  814.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6813-17922\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  815.         "port": 80
  816.     },
  817.     {
  818.         "count": 1,
  819.         "body": "",
  820.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  821.         "user-agent": "Microsoft BITS/7.5",
  822.         "method": "GET",
  823.         "host": "r4---sn-tt1eln7l.gvt1.com",
  824.         "version": "1.1",
  825.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  826.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17923-29023\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  827.         "port": 80
  828.     },
  829.     {
  830.         "count": 1,
  831.         "body": "",
  832.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  833.         "user-agent": "Microsoft BITS/7.5",
  834.         "method": "GET",
  835.         "host": "r4---sn-tt1eln7l.gvt1.com",
  836.         "version": "1.1",
  837.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  838.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29024-39147\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  839.         "port": 80
  840.     },
  841.     {
  842.         "count": 1,
  843.         "body": "",
  844.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  845.         "user-agent": "Microsoft BITS/7.5",
  846.         "method": "GET",
  847.         "host": "r4---sn-tt1eln7l.gvt1.com",
  848.         "version": "1.1",
  849.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  850.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=39148-61418\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  851.         "port": 80
  852.     },
  853.     {
  854.         "count": 1,
  855.         "body": "",
  856.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  857.         "user-agent": "Microsoft BITS/7.5",
  858.         "method": "GET",
  859.         "host": "r4---sn-tt1eln7l.gvt1.com",
  860.         "version": "1.1",
  861.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  862.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=61419-107498\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  863.         "port": 80
  864.     },
  865.     {
  866.         "count": 1,
  867.         "body": "",
  868.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  869.         "user-agent": "Microsoft BITS/7.5",
  870.         "method": "GET",
  871.         "host": "r4---sn-tt1eln7l.gvt1.com",
  872.         "version": "1.1",
  873.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  874.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=107499-199365\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  875.         "port": 80
  876.     },
  877.     {
  878.         "count": 1,
  879.         "body": "",
  880.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  881.         "user-agent": "Microsoft BITS/7.5",
  882.         "method": "GET",
  883.         "host": "r4---sn-tt1eln7l.gvt1.com",
  884.         "version": "1.1",
  885.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  886.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=199366-354012\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  887.         "port": 80
  888.     },
  889.     {
  890.         "count": 1,
  891.         "body": "",
  892.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  893.         "user-agent": "Microsoft BITS/7.5",
  894.         "method": "GET",
  895.         "host": "r4---sn-tt1eln7l.gvt1.com",
  896.         "version": "1.1",
  897.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  898.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=354013-635074\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  899.         "port": 80
  900.     },
  901.     {
  902.         "count": 1,
  903.         "body": "",
  904.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  905.         "user-agent": "Microsoft BITS/7.5",
  906.         "method": "GET",
  907.         "host": "r4---sn-tt1eln7l.gvt1.com",
  908.         "version": "1.1",
  909.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  910.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=635075-1165709\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  911.         "port": 80
  912.     },
  913.     {
  914.         "count": 1,
  915.         "body": "",
  916.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  917.         "user-agent": "Microsoft BITS/7.5",
  918.         "method": "GET",
  919.         "host": "r4---sn-tt1eln7l.gvt1.com",
  920.         "version": "1.1",
  921.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  922.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1165710-2146379\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  923.         "port": 80
  924.     },
  925.     {
  926.         "count": 1,
  927.         "body": "",
  928.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  929.         "user-agent": "Microsoft BITS/7.5",
  930.         "method": "GET",
  931.         "host": "r4---sn-tt1eln7l.gvt1.com",
  932.         "version": "1.1",
  933.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  934.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2146380-3686471\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  935.         "port": 80
  936.     },
  937.     {
  938.         "count": 1,
  939.         "body": "",
  940.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  941.         "user-agent": "Microsoft BITS/7.5",
  942.         "method": "GET",
  943.         "host": "r4---sn-tt1eln7l.gvt1.com",
  944.         "version": "1.1",
  945.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  946.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3686472-4603181\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  947.         "port": 80
  948.     },
  949.     {
  950.         "count": 1,
  951.         "body": "",
  952.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  953.         "user-agent": "Microsoft BITS/7.5",
  954.         "method": "GET",
  955.         "host": "r4---sn-tt1eln7l.gvt1.com",
  956.         "version": "1.1",
  957.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  958.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4603182-5524358\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  959.         "port": 80
  960.     },
  961.     {
  962.         "count": 1,
  963.         "body": "",
  964.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  965.         "user-agent": "Microsoft BITS/7.5",
  966.         "method": "GET",
  967.         "host": "r4---sn-tt1eln7l.gvt1.com",
  968.         "version": "1.1",
  969.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  970.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5524359-6290412\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  971.         "port": 80
  972.     },
  973.     {
  974.         "count": 1,
  975.         "body": "",
  976.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  977.         "user-agent": "Microsoft BITS/7.5",
  978.         "method": "GET",
  979.         "host": "r4---sn-tt1eln7l.gvt1.com",
  980.         "version": "1.1",
  981.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  982.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6290413-7016321\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  983.         "port": 80
  984.     },
  985.     {
  986.         "count": 1,
  987.         "body": "",
  988.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  989.         "user-agent": "Microsoft BITS/7.5",
  990.         "method": "GET",
  991.         "host": "r4---sn-tt1eln7l.gvt1.com",
  992.         "version": "1.1",
  993.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  994.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7016322-7610905\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  995.         "port": 80
  996.     },
  997.     {
  998.         "count": 1,
  999.         "body": "",
  1000.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1001.         "user-agent": "Microsoft BITS/7.5",
  1002.         "method": "GET",
  1003.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1004.         "version": "1.1",
  1005.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1006.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7610906-8243468\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1007.         "port": 80
  1008.     },
  1009.     {
  1010.         "count": 1,
  1011.         "body": "",
  1012.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1013.         "user-agent": "Microsoft BITS/7.5",
  1014.         "method": "GET",
  1015.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1016.         "version": "1.1",
  1017.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1018.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8243469-9148646\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1019.         "port": 80
  1020.     },
  1021.     {
  1022.         "count": 1,
  1023.         "body": "",
  1024.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1025.         "user-agent": "Microsoft BITS/7.5",
  1026.         "method": "GET",
  1027.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1028.         "version": "1.1",
  1029.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1030.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9148647-9993742\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1031.         "port": 80
  1032.     },
  1033.     {
  1034.         "count": 1,
  1035.         "body": "",
  1036.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1037.         "user-agent": "Microsoft BITS/7.5",
  1038.         "method": "GET",
  1039.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1040.         "version": "1.1",
  1041.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1042.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9993743-10565590\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1043.         "port": 80
  1044.     },
  1045.     {
  1046.         "count": 1,
  1047.         "body": "",
  1048.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1049.         "user-agent": "Microsoft BITS/7.5",
  1050.         "method": "GET",
  1051.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1052.         "version": "1.1",
  1053.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1054.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10565591-11061729\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1055.         "port": 80
  1056.     },
  1057.     {
  1058.         "count": 1,
  1059.         "body": "",
  1060.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1061.         "user-agent": "Microsoft BITS/7.5",
  1062.         "method": "GET",
  1063.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1064.         "version": "1.1",
  1065.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1066.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11061730-11920879\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1067.         "port": 80
  1068.     },
  1069.     {
  1070.         "count": 1,
  1071.         "body": "",
  1072.         "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1073.         "user-agent": "Microsoft BITS/7.5",
  1074.         "method": "GET",
  1075.         "host": "r4---sn-tt1eln7l.gvt1.com",
  1076.         "version": "1.1",
  1077.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1078.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11920880-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1079.         "port": 80
  1080.     }
  1081. ]
  1082.  
  1083. [*] Network Communication - SMTP: []
  1084.  
  1085. [*] Network Communication - Hosts: []
  1086.  
  1087. [*] Network Communication - IRC: []
  1088.  
  1089. [*] Static Analysis: {
  1090.     "pe": {
  1091.         "peid_signatures": null,
  1092.         "imports": [
  1093.             {
  1094.                 "imports": [
  1095.                     {
  1096.                         "name": "GetModuleHandleA",
  1097.                         "address": "0x41c00c"
  1098.                     },
  1099.                     {
  1100.                         "name": "InterlockedDecrement",
  1101.                         "address": "0x41c010"
  1102.                     },
  1103.                     {
  1104.                         "name": "VirtualAllocEx",
  1105.                         "address": "0x41c014"
  1106.                     },
  1107.                     {
  1108.                         "name": "GetOEMCP",
  1109.                         "address": "0x41c018"
  1110.                     },
  1111.                     {
  1112.                         "name": "GetTickCount",
  1113.                         "address": "0x41c01c"
  1114.                     },
  1115.                     {
  1116.                         "name": "GetProcAddress",
  1117.                         "address": "0x41c020"
  1118.                     },
  1119.                     {
  1120.                         "name": "LoadLibraryA",
  1121.                         "address": "0x41c024"
  1122.                     },
  1123.                     {
  1124.                         "name": "GetCommandLineW",
  1125.                         "address": "0x41c028"
  1126.                     },
  1127.                     {
  1128.                         "name": "GetCurrentProcess",
  1129.                         "address": "0x41c02c"
  1130.                     },
  1131.                     {
  1132.                         "name": "GetProcessHeap",
  1133.                         "address": "0x41c030"
  1134.                     },
  1135.                     {
  1136.                         "name": "InterlockedIncrement",
  1137.                         "address": "0x41c034"
  1138.                     },
  1139.                     {
  1140.                         "name": "lstrlenA",
  1141.                         "address": "0x41c038"
  1142.                     },
  1143.                     {
  1144.                         "name": "GetVersionExA",
  1145.                         "address": "0x41c03c"
  1146.                     },
  1147.                     {
  1148.                         "name": "GetVersionExW",
  1149.                         "address": "0x41c040"
  1150.                     },
  1151.                     {
  1152.                         "name": "GetCommandLineA",
  1153.                         "address": "0x41c044"
  1154.                     },
  1155.                     {
  1156.                         "name": "GetLastError",
  1157.                         "address": "0x41c048"
  1158.                     },
  1159.                     {
  1160.                         "name": "GetCurrentThread",
  1161.                         "address": "0x41c04c"
  1162.                     },
  1163.                     {
  1164.                         "name": "GetStartupInfoW",
  1165.                         "address": "0x41c050"
  1166.                     }
  1167.                 ],
  1168.                 "dll": "KERNEL32.dll"
  1169.             },
  1170.             {
  1171.                 "imports": [
  1172.                     {
  1173.                         "name": "DestroyWindow",
  1174.                         "address": "0x41c058"
  1175.                     },
  1176.                     {
  1177.                         "name": "RegisterClassW",
  1178.                         "address": "0x41c05c"
  1179.                     },
  1180.                     {
  1181.                         "name": "LoadIconA",
  1182.                         "address": "0x41c060"
  1183.                     },
  1184.                     {
  1185.                         "name": "SetWindowLongW",
  1186.                         "address": "0x41c064"
  1187.                     },
  1188.                     {
  1189.                         "name": "SetWindowTextW",
  1190.                         "address": "0x41c068"
  1191.                     },
  1192.                     {
  1193.                         "name": "DefWindowProcW",
  1194.                         "address": "0x41c06c"
  1195.                     },
  1196.                     {
  1197.                         "name": "CreateWindowExA",
  1198.                         "address": "0x41c070"
  1199.                     },
  1200.                     {
  1201.                         "name": "DestroyIcon",
  1202.                         "address": "0x41c074"
  1203.                     },
  1204.                     {
  1205.                         "name": "SendMessageW",
  1206.                         "address": "0x41c078"
  1207.                     },
  1208.                     {
  1209.                         "name": "CreateWindowExW",
  1210.                         "address": "0x41c07c"
  1211.                     },
  1212.                     {
  1213.                         "name": "UnregisterClassA",
  1214.                         "address": "0x41c080"
  1215.                     },
  1216.                     {
  1217.                         "name": "LoadStringW",
  1218.                         "address": "0x41c084"
  1219.                     },
  1220.                     {
  1221.                         "name": "PostMessageW",
  1222.                         "address": "0x41c088"
  1223.                     }
  1224.                 ],
  1225.                 "dll": "USER32.dll"
  1226.             },
  1227.             {
  1228.                 "imports": [
  1229.                     {
  1230.                         "name": "CreateDIBSection",
  1231.                         "address": "0x41c000"
  1232.                     },
  1233.                     {
  1234.                         "name": "CreateBitmap",
  1235.                         "address": "0x41c004"
  1236.                     }
  1237.                 ],
  1238.                 "dll": "GDI32.dll"
  1239.             },
  1240.             {
  1241.                 "imports": [
  1242.                     {
  1243.                         "name": "CoInitialize",
  1244.                         "address": "0x41c0d8"
  1245.                     },
  1246.                     {
  1247.                         "name": "CoGetObject",
  1248.                         "address": "0x41c0dc"
  1249.                     }
  1250.                 ],
  1251.                 "dll": "ole32.dll"
  1252.             },
  1253.             {
  1254.                 "imports": [
  1255.                     {
  1256.                         "name": "__setusermatherr",
  1257.                         "address": "0x41c090"
  1258.                     },
  1259.                     {
  1260.                         "name": "_c_exit",
  1261.                         "address": "0x41c094"
  1262.                     },
  1263.                     {
  1264.                         "name": "_except_handler3",
  1265.                         "address": "0x41c098"
  1266.                     },
  1267.                     {
  1268.                         "name": "_XcptFilter",
  1269.                         "address": "0x41c09c"
  1270.                     },
  1271.                     {
  1272.                         "name": "_cexit",
  1273.                         "address": "0x41c0a0"
  1274.                     },
  1275.                     {
  1276.                         "name": "exit",
  1277.                         "address": "0x41c0a4"
  1278.                     },
  1279.                     {
  1280.                         "name": "_wcmdln",
  1281.                         "address": "0x41c0a8"
  1282.                     },
  1283.                     {
  1284.                         "name": "__wgetmainargs",
  1285.                         "address": "0x41c0ac"
  1286.                     },
  1287.                     {
  1288.                         "name": "_initterm",
  1289.                         "address": "0x41c0b0"
  1290.                     },
  1291.                     {
  1292.                         "name": "_exit",
  1293.                         "address": "0x41c0b4"
  1294.                     },
  1295.                     {
  1296.                         "name": "_adjust_fdiv",
  1297.                         "address": "0x41c0b8"
  1298.                     },
  1299.                     {
  1300.                         "name": "__p__commode",
  1301.                         "address": "0x41c0bc"
  1302.                     },
  1303.                     {
  1304.                         "name": "__p__fmode",
  1305.                         "address": "0x41c0c0"
  1306.                     },
  1307.                     {
  1308.                         "name": "__set_app_type",
  1309.                         "address": "0x41c0c4"
  1310.                     },
  1311.                     {
  1312.                         "name": "_controlfp",
  1313.                         "address": "0x41c0c8"
  1314.                     },
  1315.                     {
  1316.                         "name": "__dllonexit",
  1317.                         "address": "0x41c0cc"
  1318.                     },
  1319.                     {
  1320.                         "name": "_onexit",
  1321.                         "address": "0x41c0d0"
  1322.                     }
  1323.                 ],
  1324.                 "dll": "msvcrt.dll"
  1325.             }
  1326.         ],
  1327.         "digital_signers": null,
  1328.         "exported_dll_name": null,
  1329.         "actual_checksum": "0x0001bd6e",
  1330.         "overlay": {
  1331.             "size": "0x00001f08",
  1332.             "offset": "0x0000b000"
  1333.         },
  1334.         "imagebase": "0x00400000",
  1335.         "reported_checksum": "0x0001bd6e",
  1336.         "icon_hash": null,
  1337.         "entrypoint": "0x00403c36",
  1338.         "timestamp": "2016-08-19 20:55:53",
  1339.         "osversion": "4.0",
  1340.         "sections": [
  1341.             {
  1342.                 "name": ".text",
  1343.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1344.                 "virtual_address": "0x00001000",
  1345.                 "size_of_data": "0x00003000",
  1346.                 "entropy": "6.03",
  1347.                 "raw_address": "0x00001000",
  1348.                 "virtual_size": "0x00002f16",
  1349.                 "characteristics_raw": "0xf0000020"
  1350.             },
  1351.             {
  1352.                 "name": ".bss",
  1353.                 "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1354.                 "virtual_address": "0x00004000",
  1355.                 "size_of_data": "0x00000000",
  1356.                 "entropy": "0.00",
  1357.                 "raw_address": "0x00000000",
  1358.                 "virtual_size": "0x00017030",
  1359.                 "characteristics_raw": "0xc0000080"
  1360.             },
  1361.             {
  1362.                 "name": ".rdata",
  1363.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1364.                 "virtual_address": "0x0001c000",
  1365.                 "size_of_data": "0x00001000",
  1366.                 "entropy": "2.45",
  1367.                 "raw_address": "0x00004000",
  1368.                 "virtual_size": "0x000005dc",
  1369.                 "characteristics_raw": "0x40000040"
  1370.             },
  1371.             {
  1372.                 "name": ".data",
  1373.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1374.                 "virtual_address": "0x0001d000",
  1375.                 "size_of_data": "0x00005000",
  1376.                 "entropy": "6.51",
  1377.                 "raw_address": "0x00005000",
  1378.                 "virtual_size": "0x00004f34",
  1379.                 "characteristics_raw": "0xd0000040"
  1380.             },
  1381.             {
  1382.                 "name": ".reloc",
  1383.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1384.                 "virtual_address": "0x00022000",
  1385.                 "size_of_data": "0x00001000",
  1386.                 "entropy": "0.72",
  1387.                 "raw_address": "0x0000a000",
  1388.                 "virtual_size": "0x0000024e",
  1389.                 "characteristics_raw": "0x42000040"
  1390.             }
  1391.         ],
  1392.         "resources": [],
  1393.         "dirents": [
  1394.             {
  1395.                 "virtual_address": "0x00000000",
  1396.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1397.                 "size": "0x00000000"
  1398.             },
  1399.             {
  1400.                 "virtual_address": "0x0001c104",
  1401.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1402.                 "size": "0x00000078"
  1403.             },
  1404.             {
  1405.                 "virtual_address": "0x00000000",
  1406.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1407.                 "size": "0x00000000"
  1408.             },
  1409.             {
  1410.                 "virtual_address": "0x00000000",
  1411.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1412.                 "size": "0x00000000"
  1413.             },
  1414.             {
  1415.                 "virtual_address": "0x0000b000",
  1416.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1417.                 "size": "0x00001f08"
  1418.             },
  1419.             {
  1420.                 "virtual_address": "0x00022000",
  1421.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1422.                 "size": "0x00000128"
  1423.             },
  1424.             {
  1425.                 "virtual_address": "0x00000000",
  1426.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1427.                 "size": "0x00000000"
  1428.             },
  1429.             {
  1430.                 "virtual_address": "0x00000000",
  1431.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1432.                 "size": "0x00000000"
  1433.             },
  1434.             {
  1435.                 "virtual_address": "0x00000000",
  1436.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1437.                 "size": "0x00000000"
  1438.             },
  1439.             {
  1440.                 "virtual_address": "0x00000000",
  1441.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1442.                 "size": "0x00000000"
  1443.             },
  1444.             {
  1445.                 "virtual_address": "0x00000000",
  1446.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1447.                 "size": "0x00000000"
  1448.             },
  1449.             {
  1450.                 "virtual_address": "0x00000000",
  1451.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1452.                 "size": "0x00000000"
  1453.             },
  1454.             {
  1455.                 "virtual_address": "0x0001c000",
  1456.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1457.                 "size": "0x000000e4"
  1458.             },
  1459.             {
  1460.                 "virtual_address": "0x00000000",
  1461.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1462.                 "size": "0x00000000"
  1463.             },
  1464.             {
  1465.                 "virtual_address": "0x00000000",
  1466.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1467.                 "size": "0x00000000"
  1468.             },
  1469.             {
  1470.                 "virtual_address": "0x00000000",
  1471.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1472.                 "size": "0x00000000"
  1473.             }
  1474.         ],
  1475.         "exports": [],
  1476.         "guest_signers": {},
  1477.         "imphash": "04dcd7bc2fb74491dde37e786182f466",
  1478.         "icon_fuzzy": null,
  1479.         "icon": null,
  1480.         "pdbpath": null,
  1481.         "imported_dll_count": 5,
  1482.         "versioninfo": []
  1483.     }
  1484. }
  1485.  
  1486. [*] Resolved APIs: [
  1487.     "cryptbase.dll.SystemFunction036",
  1488.     "uxtheme.dll.ThemeInitApiHook",
  1489.     "user32.dll.IsProcessDPIAware",
  1490.     "user32.dll.GetWindowContextHelpId",
  1491.     "kernel32.dll.VirtualAlloc",
  1492.     "kernel32.dll.VirtualProtect",
  1493.     "kernel32.dll.LoadLibraryA",
  1494.     "kernel32.dll.VirtualFree",
  1495.     "kernel32.dll.VirtualQuery",
  1496.     "advapi32.dll.GetUserNameA",
  1497.     "kernel32.dll.AddAtomA",
  1498.     "kernel32.dll.CloseHandle",
  1499.     "kernel32.dll.CreateDirectoryA",
  1500.     "kernel32.dll.CreateFileA",
  1501.     "kernel32.dll.CreateProcessA",
  1502.     "kernel32.dll.ExitProcess",
  1503.     "kernel32.dll.FindAtomA",
  1504.     "kernel32.dll.FreeLibrary",
  1505.     "kernel32.dll.GetAtomNameA",
  1506.     "kernel32.dll.GetComputerNameA",
  1507.     "kernel32.dll.GetFileAttributesA",
  1508.     "kernel32.dll.GetFileSize",
  1509.     "kernel32.dll.GetModuleFileNameA",
  1510.     "kernel32.dll.GetModuleHandleA",
  1511.     "kernel32.dll.GetProcAddress",
  1512.     "kernel32.dll.GetSystemDirectoryA",
  1513.     "kernel32.dll.GetSystemInfo",
  1514.     "kernel32.dll.GetTempPathA",
  1515.     "kernel32.dll.GetVersionExA",
  1516.     "kernel32.dll.GetVolumeInformationA",
  1517.     "kernel32.dll.SetUnhandledExceptionFilter",
  1518.     "kernel32.dll.Sleep",
  1519.     "kernel32.dll.WaitForSingleObject",
  1520.     "kernel32.dll.WriteFile",
  1521.     "msvcrt.dll._itoa",
  1522.     "msvcrt.dll._strlwr",
  1523.     "msvcrt.dll.__getmainargs",
  1524.     "msvcrt.dll.__p__environ",
  1525.     "msvcrt.dll.__p__fmode",
  1526.     "msvcrt.dll.__set_app_type",
  1527.     "msvcrt.dll._cexit",
  1528.     "msvcrt.dll._iob",
  1529.     "msvcrt.dll._onexit",
  1530.     "msvcrt.dll._setmode",
  1531.     "msvcrt.dll.abort",
  1532.     "msvcrt.dll.atexit",
  1533.     "msvcrt.dll.atoi",
  1534.     "msvcrt.dll.exit",
  1535.     "msvcrt.dll.fclose",
  1536.     "msvcrt.dll.fflush",
  1537.     "msvcrt.dll.fopen",
  1538.     "msvcrt.dll.fprintf",
  1539.     "msvcrt.dll.fread",
  1540.     "msvcrt.dll.free",
  1541.     "msvcrt.dll.fwrite",
  1542.     "msvcrt.dll.malloc",
  1543.     "msvcrt.dll.memcpy",
  1544.     "msvcrt.dll.memmove",
  1545.     "msvcrt.dll.memset",
  1546.     "msvcrt.dll.signal",
  1547.     "msvcrt.dll.strcat",
  1548.     "msvcrt.dll.strcmp",
  1549.     "msvcrt.dll.strcpy",
  1550.     "msvcrt.dll.strlen",
  1551.     "msvcrt.dll.strncat",
  1552.     "shell32.dll.ShellExecuteExA",
  1553.     "user32.dll.GetSystemMetrics",
  1554.     "wsock32.dll.WSACleanup",
  1555.     "wsock32.dll.WSAStartup",
  1556.     "wsock32.dll.closesocket",
  1557.     "wsock32.dll.connect",
  1558.     "wsock32.dll.gethostbyname",
  1559.     "wsock32.dll.htons",
  1560.     "wsock32.dll.inet_addr",
  1561.     "wsock32.dll.inet_ntoa",
  1562.     "wsock32.dll.recv",
  1563.     "wsock32.dll.send",
  1564.     "wsock32.dll.socket",
  1565.     "shell32.dll.#680",
  1566.     "kernel32.dll.GetNativeSystemInfo",
  1567.     "kernel32.dll.SortGetHandle",
  1568.     "kernel32.dll.SortCloseHandle"
  1569. ]
  1570.  
  1571. [*] Static Analysis: {
  1572.     "pe": {
  1573.         "peid_signatures": null,
  1574.         "imports": [
  1575.             {
  1576.                 "imports": [
  1577.                     {
  1578.                         "name": "GetModuleHandleA",
  1579.                         "address": "0x41c00c"
  1580.                     },
  1581.                     {
  1582.                         "name": "InterlockedDecrement",
  1583.                         "address": "0x41c010"
  1584.                     },
  1585.                     {
  1586.                         "name": "VirtualAllocEx",
  1587.                         "address": "0x41c014"
  1588.                     },
  1589.                     {
  1590.                         "name": "GetOEMCP",
  1591.                         "address": "0x41c018"
  1592.                     },
  1593.                     {
  1594.                         "name": "GetTickCount",
  1595.                         "address": "0x41c01c"
  1596.                     },
  1597.                     {
  1598.                         "name": "GetProcAddress",
  1599.                         "address": "0x41c020"
  1600.                     },
  1601.                     {
  1602.                         "name": "LoadLibraryA",
  1603.                         "address": "0x41c024"
  1604.                     },
  1605.                     {
  1606.                         "name": "GetCommandLineW",
  1607.                         "address": "0x41c028"
  1608.                     },
  1609.                     {
  1610.                         "name": "GetCurrentProcess",
  1611.                         "address": "0x41c02c"
  1612.                     },
  1613.                     {
  1614.                         "name": "GetProcessHeap",
  1615.                         "address": "0x41c030"
  1616.                     },
  1617.                     {
  1618.                         "name": "InterlockedIncrement",
  1619.                         "address": "0x41c034"
  1620.                     },
  1621.                     {
  1622.                         "name": "lstrlenA",
  1623.                         "address": "0x41c038"
  1624.                     },
  1625.                     {
  1626.                         "name": "GetVersionExA",
  1627.                         "address": "0x41c03c"
  1628.                     },
  1629.                     {
  1630.                         "name": "GetVersionExW",
  1631.                         "address": "0x41c040"
  1632.                     },
  1633.                     {
  1634.                         "name": "GetCommandLineA",
  1635.                         "address": "0x41c044"
  1636.                     },
  1637.                     {
  1638.                         "name": "GetLastError",
  1639.                         "address": "0x41c048"
  1640.                     },
  1641.                     {
  1642.                         "name": "GetCurrentThread",
  1643.                         "address": "0x41c04c"
  1644.                     },
  1645.                     {
  1646.                         "name": "GetStartupInfoW",
  1647.                         "address": "0x41c050"
  1648.                     }
  1649.                 ],
  1650.                 "dll": "KERNEL32.dll"
  1651.             },
  1652.             {
  1653.                 "imports": [
  1654.                     {
  1655.                         "name": "DestroyWindow",
  1656.                         "address": "0x41c058"
  1657.                     },
  1658.                     {
  1659.                         "name": "RegisterClassW",
  1660.                         "address": "0x41c05c"
  1661.                     },
  1662.                     {
  1663.                         "name": "LoadIconA",
  1664.                         "address": "0x41c060"
  1665.                     },
  1666.                     {
  1667.                         "name": "SetWindowLongW",
  1668.                         "address": "0x41c064"
  1669.                     },
  1670.                     {
  1671.                         "name": "SetWindowTextW",
  1672.                         "address": "0x41c068"
  1673.                     },
  1674.                     {
  1675.                         "name": "DefWindowProcW",
  1676.                         "address": "0x41c06c"
  1677.                     },
  1678.                     {
  1679.                         "name": "CreateWindowExA",
  1680.                         "address": "0x41c070"
  1681.                     },
  1682.                     {
  1683.                         "name": "DestroyIcon",
  1684.                         "address": "0x41c074"
  1685.                     },
  1686.                     {
  1687.                         "name": "SendMessageW",
  1688.                         "address": "0x41c078"
  1689.                     },
  1690.                     {
  1691.                         "name": "CreateWindowExW",
  1692.                         "address": "0x41c07c"
  1693.                     },
  1694.                     {
  1695.                         "name": "UnregisterClassA",
  1696.                         "address": "0x41c080"
  1697.                     },
  1698.                     {
  1699.                         "name": "LoadStringW",
  1700.                         "address": "0x41c084"
  1701.                     },
  1702.                     {
  1703.                         "name": "PostMessageW",
  1704.                         "address": "0x41c088"
  1705.                     }
  1706.                 ],
  1707.                 "dll": "USER32.dll"
  1708.             },
  1709.             {
  1710.                 "imports": [
  1711.                     {
  1712.                         "name": "CreateDIBSection",
  1713.                         "address": "0x41c000"
  1714.                     },
  1715.                     {
  1716.                         "name": "CreateBitmap",
  1717.                         "address": "0x41c004"
  1718.                     }
  1719.                 ],
  1720.                 "dll": "GDI32.dll"
  1721.             },
  1722.             {
  1723.                 "imports": [
  1724.                     {
  1725.                         "name": "CoInitialize",
  1726.                         "address": "0x41c0d8"
  1727.                     },
  1728.                     {
  1729.                         "name": "CoGetObject",
  1730.                         "address": "0x41c0dc"
  1731.                     }
  1732.                 ],
  1733.                 "dll": "ole32.dll"
  1734.             },
  1735.             {
  1736.                 "imports": [
  1737.                     {
  1738.                         "name": "__setusermatherr",
  1739.                         "address": "0x41c090"
  1740.                     },
  1741.                     {
  1742.                         "name": "_c_exit",
  1743.                         "address": "0x41c094"
  1744.                     },
  1745.                     {
  1746.                         "name": "_except_handler3",
  1747.                         "address": "0x41c098"
  1748.                     },
  1749.                     {
  1750.                         "name": "_XcptFilter",
  1751.                         "address": "0x41c09c"
  1752.                     },
  1753.                     {
  1754.                         "name": "_cexit",
  1755.                         "address": "0x41c0a0"
  1756.                     },
  1757.                     {
  1758.                         "name": "exit",
  1759.                         "address": "0x41c0a4"
  1760.                     },
  1761.                     {
  1762.                         "name": "_wcmdln",
  1763.                         "address": "0x41c0a8"
  1764.                     },
  1765.                     {
  1766.                         "name": "__wgetmainargs",
  1767.                         "address": "0x41c0ac"
  1768.                     },
  1769.                     {
  1770.                         "name": "_initterm",
  1771.                         "address": "0x41c0b0"
  1772.                     },
  1773.                     {
  1774.                         "name": "_exit",
  1775.                         "address": "0x41c0b4"
  1776.                     },
  1777.                     {
  1778.                         "name": "_adjust_fdiv",
  1779.                         "address": "0x41c0b8"
  1780.                     },
  1781.                     {
  1782.                         "name": "__p__commode",
  1783.                         "address": "0x41c0bc"
  1784.                     },
  1785.                     {
  1786.                         "name": "__p__fmode",
  1787.                         "address": "0x41c0c0"
  1788.                     },
  1789.                     {
  1790.                         "name": "__set_app_type",
  1791.                         "address": "0x41c0c4"
  1792.                     },
  1793.                     {
  1794.                         "name": "_controlfp",
  1795.                         "address": "0x41c0c8"
  1796.                     },
  1797.                     {
  1798.                         "name": "__dllonexit",
  1799.                         "address": "0x41c0cc"
  1800.                     },
  1801.                     {
  1802.                         "name": "_onexit",
  1803.                         "address": "0x41c0d0"
  1804.                     }
  1805.                 ],
  1806.                 "dll": "msvcrt.dll"
  1807.             }
  1808.         ],
  1809.         "digital_signers": null,
  1810.         "exported_dll_name": null,
  1811.         "actual_checksum": "0x0001bd6e",
  1812.         "overlay": {
  1813.             "size": "0x00001f08",
  1814.             "offset": "0x0000b000"
  1815.         },
  1816.         "imagebase": "0x00400000",
  1817.         "reported_checksum": "0x0001bd6e",
  1818.         "icon_hash": null,
  1819.         "entrypoint": "0x00403c36",
  1820.         "timestamp": "2016-08-19 20:55:53",
  1821.         "osversion": "4.0",
  1822.         "sections": [
  1823.             {
  1824.                 "name": ".text",
  1825.                 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1826.                 "virtual_address": "0x00001000",
  1827.                 "size_of_data": "0x00003000",
  1828.                 "entropy": "6.03",
  1829.                 "raw_address": "0x00001000",
  1830.                 "virtual_size": "0x00002f16",
  1831.                 "characteristics_raw": "0xf0000020"
  1832.             },
  1833.             {
  1834.                 "name": ".bss",
  1835.                 "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1836.                 "virtual_address": "0x00004000",
  1837.                 "size_of_data": "0x00000000",
  1838.                 "entropy": "0.00",
  1839.                 "raw_address": "0x00000000",
  1840.                 "virtual_size": "0x00017030",
  1841.                 "characteristics_raw": "0xc0000080"
  1842.             },
  1843.             {
  1844.                 "name": ".rdata",
  1845.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1846.                 "virtual_address": "0x0001c000",
  1847.                 "size_of_data": "0x00001000",
  1848.                 "entropy": "2.45",
  1849.                 "raw_address": "0x00004000",
  1850.                 "virtual_size": "0x000005dc",
  1851.                 "characteristics_raw": "0x40000040"
  1852.             },
  1853.             {
  1854.                 "name": ".data",
  1855.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1856.                 "virtual_address": "0x0001d000",
  1857.                 "size_of_data": "0x00005000",
  1858.                 "entropy": "6.51",
  1859.                 "raw_address": "0x00005000",
  1860.                 "virtual_size": "0x00004f34",
  1861.                 "characteristics_raw": "0xd0000040"
  1862.             },
  1863.             {
  1864.                 "name": ".reloc",
  1865.                 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1866.                 "virtual_address": "0x00022000",
  1867.                 "size_of_data": "0x00001000",
  1868.                 "entropy": "0.72",
  1869.                 "raw_address": "0x0000a000",
  1870.                 "virtual_size": "0x0000024e",
  1871.                 "characteristics_raw": "0x42000040"
  1872.             }
  1873.         ],
  1874.         "resources": [],
  1875.         "dirents": [
  1876.             {
  1877.                 "virtual_address": "0x00000000",
  1878.                 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1879.                 "size": "0x00000000"
  1880.             },
  1881.             {
  1882.                 "virtual_address": "0x0001c104",
  1883.                 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1884.                 "size": "0x00000078"
  1885.             },
  1886.             {
  1887.                 "virtual_address": "0x00000000",
  1888.                 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1889.                 "size": "0x00000000"
  1890.             },
  1891.             {
  1892.                 "virtual_address": "0x00000000",
  1893.                 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1894.                 "size": "0x00000000"
  1895.             },
  1896.             {
  1897.                 "virtual_address": "0x0000b000",
  1898.                 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1899.                 "size": "0x00001f08"
  1900.             },
  1901.             {
  1902.                 "virtual_address": "0x00022000",
  1903.                 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1904.                 "size": "0x00000128"
  1905.             },
  1906.             {
  1907.                 "virtual_address": "0x00000000",
  1908.                 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1909.                 "size": "0x00000000"
  1910.             },
  1911.             {
  1912.                 "virtual_address": "0x00000000",
  1913.                 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1914.                 "size": "0x00000000"
  1915.             },
  1916.             {
  1917.                 "virtual_address": "0x00000000",
  1918.                 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1919.                 "size": "0x00000000"
  1920.             },
  1921.             {
  1922.                 "virtual_address": "0x00000000",
  1923.                 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1924.                 "size": "0x00000000"
  1925.             },
  1926.             {
  1927.                 "virtual_address": "0x00000000",
  1928.                 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1929.                 "size": "0x00000000"
  1930.             },
  1931.             {
  1932.                 "virtual_address": "0x00000000",
  1933.                 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1934.                 "size": "0x00000000"
  1935.             },
  1936.             {
  1937.                 "virtual_address": "0x0001c000",
  1938.                 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1939.                 "size": "0x000000e4"
  1940.             },
  1941.             {
  1942.                 "virtual_address": "0x00000000",
  1943.                 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1944.                 "size": "0x00000000"
  1945.             },
  1946.             {
  1947.                 "virtual_address": "0x00000000",
  1948.                 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1949.                 "size": "0x00000000"
  1950.             },
  1951.             {
  1952.                 "virtual_address": "0x00000000",
  1953.                 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1954.                 "size": "0x00000000"
  1955.             }
  1956.         ],
  1957.         "exports": [],
  1958.         "guest_signers": {},
  1959.         "imphash": "04dcd7bc2fb74491dde37e786182f466",
  1960.         "icon_fuzzy": null,
  1961.         "icon": null,
  1962.         "pdbpath": null,
  1963.         "imported_dll_count": 5,
  1964.         "versioninfo": []
  1965.     }
  1966. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top