paladin316

02.json

Jun 18th, 2019
155
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: "Zlob"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "02"
  7. [*] File Size: 53000
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "0617ddb1b7e7ab86159bc7be01c86c50a9d7a57db0914486c496e277c10b19ae"
  10. [*] MD5: "083982a12992d7532a3089f8b0235e2b"
  11. [*] SHA1: "5b103ab6a882b77ecff4029b87976a6380e1b308"
  12. [*] SHA512: "297ec2e7c9e7d21f901aa643ede264747f3241c7e8892c93dbccd260905f1deb888e812ce566babbb86b9413e8339495f54f86710d16fbac672c2b18f6f4da9a"
  13. [*] CRC32: "4EF938AE"
  14. [*] SSDEEP: "768:AhqQ+8Cdx/h6dsWI0Y9OZTpOg0nBZpfW89DvGH7dc7vCy6vUg/O4qwEZY1Kgz:ArMCKWIdOZ0g0nzpV9rGHq7v1x4RcaN"
  15.  
  16. [*] Process Execution: [
  17. "02.exe",
  18. "hkmoov.exe",
  19. "reg.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23. {
  24. "Description": "Creates RWX memory",
  25. "Details": []
  26. },
  27. {
  28. "Description": "A process attempted to delay the analysis task.",
  29. "Details": [
  30. {
  31. "Process": "hkmoov.exe tried to sleep 1740 seconds, actually delayed analysis time by 0 seconds"
  32. }
  33. ]
  34. },
  35. {
  36. "Description": "Reads data out of its own binary image",
  37. "Details": [
  38. {
  39. "self_read": "process: 02.exe, pid: 2488, offset: 0x00000000, length: 0x0000cf08"
  40. }
  41. ]
  42. },
  43. {
  44. "Description": "Drops a binary and executes it",
  45. "Details": [
  46. {
  47. "binary": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  48. }
  49. ]
  50. },
  51. {
  52. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  53. "Details": [
  54. {
  55. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  56. },
  57. {
  58. "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  59. },
  60. {
  61. "suspicious_request": "http://safegross.com/ppk/index.php"
  62. },
  63. {
  64. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  65. },
  66. {
  67. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  68. },
  69. {
  70. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  71. },
  72. {
  73. "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  74. },
  75. {
  76. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  77. },
  78. {
  79. "suspicious_request": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  80. },
  81. {
  82. "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  83. },
  84. {
  85. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  86. },
  87. {
  88. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  89. },
  90. {
  91. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  92. },
  93. {
  94. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  95. },
  96. {
  97. "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  98. },
  99. {
  100. "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  101. },
  102. {
  103. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  104. },
  105. {
  106. "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  107. },
  108. {
  109. "suspicious_request": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  110. },
  111. {
  112. "suspicious_request": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  113. },
  114. {
  115. "suspicious_request": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  116. },
  117. {
  118. "suspicious_request": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  119. },
  120. {
  121. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  122. },
  123. {
  124. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  125. },
  126. {
  127. "suspicious_request": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  128. },
  129. {
  130. "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  131. },
  132. {
  133. "suspicious_request": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  134. }
  135. ]
  136. },
  137. {
  138. "Description": "Performs some HTTP requests",
  139. "Details": [
  140. {
  141. "url": "http://safegross.com/ppk/index.php"
  142. },
  143. {
  144. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  145. },
  146. {
  147. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  148. },
  149. {
  150. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  151. },
  152. {
  153. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  154. },
  155. {
  156. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  157. },
  158. {
  159. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  160. },
  161. {
  162. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  163. },
  164. {
  165. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  166. },
  167. {
  168. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  169. },
  170. {
  171. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  172. },
  173. {
  174. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  175. },
  176. {
  177. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  178. },
  179. {
  180. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  181. },
  182. {
  183. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  184. },
  185. {
  186. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  187. },
  188. {
  189. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  190. },
  191. {
  192. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  193. },
  194. {
  195. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  196. },
  197. {
  198. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  199. },
  200. {
  201. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  202. },
  203. {
  204. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  205. },
  206. {
  207. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  208. },
  209. {
  210. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  211. },
  212. {
  213. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  214. },
  215. {
  216. "url": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  217. }
  218. ]
  219. },
  220. {
  221. "Description": "Attempts to identify installed AV products by installation directory",
  222. "Details": [
  223. {
  224. "file": "C:\\ProgramData\\AVAST Software"
  225. },
  226. {
  227. "file": "C:\\ProgramData\\Avira"
  228. },
  229. {
  230. "file": "C:\\ProgramData\\Kaspersky Lab"
  231. },
  232. {
  233. "file": "C:\\ProgramData\\ESET"
  234. },
  235. {
  236. "file": "C:\\ProgramData\\Panda Security"
  237. },
  238. {
  239. "file": "C:\\ProgramData\\Bitdefender"
  240. },
  241. {
  242. "file": "C:\\ProgramData\\AVG"
  243. },
  244. {
  245. "file": "C:\\ProgramData\\Doctor Web"
  246. }
  247. ]
  248. },
  249. {
  250. "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
  251. "Details": [
  252. {
  253. "FireEye": "Generic.mg.083982a12992d753"
  254. },
  255. {
  256. "McAfee": "GenericRXHU-CZ!083982A12992"
  257. },
  258. {
  259. "Symantec": "ML.Attribute.HighConfidence"
  260. },
  261. {
  262. "ESET-NOD32": "a variant of Win32/GenKryptik.DKZJ"
  263. },
  264. {
  265. "Avast": "FileRepMalware"
  266. },
  267. {
  268. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
  269. },
  270. {
  271. "Tencent": "Win32.Trojan.Raasmx.Auto"
  272. },
  273. {
  274. "Endgame": "malicious (high confidence)"
  275. },
  276. {
  277. "F-Secure": "Trojan.TR/AD.Zlob.haljw"
  278. },
  279. {
  280. "DrWeb": "Trojan.SpyBot.840"
  281. },
  282. {
  283. "McAfee-GW-Edition": "Artemis!Trojan"
  284. },
  285. {
  286. "Ikarus": "Backdoor.Rat.FlawedAmmyy"
  287. },
  288. {
  289. "Avira": "TR/AD.Zlob.haljw"
  290. },
  291. {
  292. "Fortinet": "W32/Kryptik.GTDL!tr"
  293. },
  294. {
  295. "Microsoft": "TrojanDownloader:Win32/Zlob.ZXP!bit"
  296. },
  297. {
  298. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  299. },
  300. {
  301. "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  302. },
  303. {
  304. "SentinelOne": "DFI - Suspicious PE"
  305. },
  306. {
  307. "GData": "Win32.Trojan.Agent.1H3PRG"
  308. },
  309. {
  310. "AVG": "FileRepMalware"
  311. },
  312. {
  313. "CrowdStrike": "win/malicious_confidence_70% (W)"
  314. }
  315. ]
  316. },
  317. {
  318. "Description": "Creates a copy of itself",
  319. "Details": [
  320. {
  321. "copy": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  322. }
  323. ]
  324. }
  325. ]
  326.  
  327. [*] Started Service: []
  328.  
  329. [*] Executed Commands: [
  330. "c:\\programdata\\d61e6e07ea\\hkmoov.exe",
  331. "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\d61e6e07ea"
  332. ]
  333.  
  334. [*] Mutexes: []
  335.  
  336. [*] Modified Files: [
  337. "C:\\ProgramData\\0",
  338. "C:\\programdata\\d61e6e07ea\\hkmoov.exe",
  339. "C:\\programdata\\d61e6e07ea\\hkmoov.exe:Zone.Identifier"
  340. ]
  341.  
  342. [*] Deleted Files: []
  343.  
  344. [*] Modified Registry Keys: [
  345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup"
  346. ]
  347.  
  348. [*] Deleted Registry Keys: []
  349.  
  350. [*] DNS Communications: [
  351. {
  352. "type": "A",
  353. "request": "safegross.com",
  354. "answers": [
  355. {
  356. "data": "151.237.80.80",
  357. "type": "A"
  358. },
  359. {
  360. "data": "37.152.176.90",
  361. "type": "A"
  362. },
  363. {
  364. "data": "93.103.166.70",
  365. "type": "A"
  366. },
  367. {
  368. "data": "89.238.207.5",
  369. "type": "A"
  370. },
  371. {
  372. "data": "91.104.177.151",
  373. "type": "A"
  374. },
  375. {
  376. "data": "89.190.74.198",
  377. "type": "A"
  378. },
  379. {
  380. "data": "2.185.146.116",
  381. "type": "A"
  382. },
  383. {
  384. "data": "5.253.53.236",
  385. "type": "A"
  386. },
  387. {
  388. "data": "95.158.162.200",
  389. "type": "A"
  390. },
  391. {
  392. "data": "197.255.225.249",
  393. "type": "A"
  394. },
  395. {
  396. "data": "89.45.19.26",
  397. "type": "A"
  398. },
  399. {
  400. "data": "186.87.135.97",
  401. "type": "A"
  402. },
  403. {
  404. "data": "193.33.1.18",
  405. "type": "A"
  406. },
  407. {
  408. "data": "31.5.167.149",
  409. "type": "A"
  410. },
  411. {
  412. "data": "41.110.200.194",
  413. "type": "A"
  414. },
  415. {
  416. "data": "85.187.48.16",
  417. "type": "A"
  418. },
  419. {
  420. "data": "181.59.254.21",
  421. "type": "A"
  422. },
  423. {
  424. "data": "89.45.19.24",
  425. "type": "A"
  426. },
  427. {
  428. "data": "86.101.230.109",
  429. "type": "A"
  430. }
  431. ]
  432. }
  433. ]
  434.  
  435. [*] Domains: [
  436. {
  437. "ip": "",
  438. "domain": "safegross.com"
  439. }
  440. ]
  441.  
  442. [*] Network Communication - ICMP: []
  443.  
  444. [*] Network Communication - HTTP: [
  445. {
  446. "count": 30,
  447. "body": "id=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  448. "uri": "http://safegross.com/ppk/index.php",
  449. "user-agent": "",
  450. "method": "POST",
  451. "host": "safegross.com",
  452. "version": "1.1",
  453. "path": "/ppk/index.php",
  454. "data": "POST /ppk/index.php HTTP/1.1\r\nHost: safegross.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 76\r\n\r\nid=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  455. "port": 80
  456. },
  457. {
  458. "count": 1,
  459. "body": "",
  460. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  461. "user-agent": "Microsoft-CryptoAPI/6.1",
  462. "method": "GET",
  463. "host": "ocsp.digicert.com",
  464. "version": "1.1",
  465. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  466. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  467. "port": 80
  468. },
  469. {
  470. "count": 1,
  471. "body": "",
  472. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  473. "user-agent": "Microsoft-CryptoAPI/6.1",
  474. "method": "GET",
  475. "host": "ocsp.digicert.com",
  476. "version": "1.1",
  477. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  478. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  479. "port": 80
  480. },
  481. {
  482. "count": 1,
  483. "body": "",
  484. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  485. "user-agent": "Microsoft-CryptoAPI/6.1",
  486. "method": "GET",
  487. "host": "ocsp.digicert.com",
  488. "version": "1.1",
  489. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  490. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  491. "port": 80
  492. },
  493. {
  494. "count": 1,
  495. "body": "",
  496. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  497. "user-agent": "Microsoft-CryptoAPI/6.1",
  498. "method": "GET",
  499. "host": "ocsp.pki.goog",
  500. "version": "1.1",
  501. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  502. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  503. "port": 80
  504. },
  505. {
  506. "count": 1,
  507. "body": "",
  508. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  509. "user-agent": "Microsoft-CryptoAPI/6.1",
  510. "method": "GET",
  511. "host": "ocsp.digicert.com",
  512. "version": "1.1",
  513. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  514. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  515. "port": 80
  516. },
  517. {
  518. "count": 1,
  519. "body": "",
  520. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  521. "user-agent": "Microsoft-CryptoAPI/6.1",
  522. "method": "GET",
  523. "host": "crl.microsoft.com",
  524. "version": "1.1",
  525. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  526. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  527. "port": 80
  528. },
  529. {
  530. "count": 1,
  531. "body": "",
  532. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  533. "user-agent": "Microsoft-CryptoAPI/6.1",
  534. "method": "GET",
  535. "host": "ocsp.comodoca.com",
  536. "version": "1.1",
  537. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  538. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  539. "port": 80
  540. },
  541. {
  542. "count": 1,
  543. "body": "",
  544. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  545. "user-agent": "Microsoft-CryptoAPI/6.1",
  546. "method": "GET",
  547. "host": "ocsp.pki.goog",
  548. "version": "1.1",
  549. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  550. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  551. "port": 80
  552. },
  553. {
  554. "count": 1,
  555. "body": "",
  556. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  557. "user-agent": "Microsoft-CryptoAPI/6.1",
  558. "method": "GET",
  559. "host": "ocsp.digicert.com",
  560. "version": "1.1",
  561. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  562. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  563. "port": 80
  564. },
  565. {
  566. "count": 1,
  567. "body": "",
  568. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  569. "user-agent": "Microsoft-CryptoAPI/6.1",
  570. "method": "GET",
  571. "host": "www.download.windowsupdate.com",
  572. "version": "1.1",
  573. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  574. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  575. "port": 80
  576. },
  577. {
  578. "count": 1,
  579. "body": "",
  580. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  581. "user-agent": "Microsoft-CryptoAPI/6.1",
  582. "method": "GET",
  583. "host": "crl.microsoft.com",
  584. "version": "1.1",
  585. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  586. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  587. "port": 80
  588. },
  589. {
  590. "count": 1,
  591. "body": "",
  592. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  593. "user-agent": "Microsoft-CryptoAPI/6.1",
  594. "method": "GET",
  595. "host": "ocsp.digicert.com",
  596. "version": "1.1",
  597. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  598. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  599. "port": 80
  600. },
  601. {
  602. "count": 1,
  603. "body": "",
  604. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  605. "user-agent": "Microsoft-CryptoAPI/6.1",
  606. "method": "GET",
  607. "host": "ocsp.digicert.com",
  608. "version": "1.1",
  609. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  610. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  611. "port": 80
  612. },
  613. {
  614. "count": 1,
  615. "body": "",
  616. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  617. "user-agent": "Microsoft-CryptoAPI/6.1",
  618. "method": "GET",
  619. "host": "ocsp.digicert.com",
  620. "version": "1.1",
  621. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  622. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  623. "port": 80
  624. },
  625. {
  626. "count": 1,
  627. "body": "",
  628. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  629. "user-agent": "Microsoft-CryptoAPI/6.1",
  630. "method": "GET",
  631. "host": "ocsp.pki.goog",
  632. "version": "1.1",
  633. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  634. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  635. "port": 80
  636. },
  637. {
  638. "count": 1,
  639. "body": "",
  640. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  641. "user-agent": "Microsoft-CryptoAPI/6.1",
  642. "method": "GET",
  643. "host": "ocsp.pki.goog",
  644. "version": "1.1",
  645. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  646. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  647. "port": 80
  648. },
  649. {
  650. "count": 1,
  651. "body": "",
  652. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  653. "user-agent": "Microsoft-CryptoAPI/6.1",
  654. "method": "GET",
  655. "host": "ocsp.digicert.com",
  656. "version": "1.1",
  657. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  658. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  659. "port": 80
  660. },
  661. {
  662. "count": 1,
  663. "body": "",
  664. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  665. "user-agent": "Microsoft-CryptoAPI/6.1",
  666. "method": "GET",
  667. "host": "ocsp.pki.goog",
  668. "version": "1.1",
  669. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  670. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  671. "port": 80
  672. },
  673. {
  674. "count": 1,
  675. "body": "",
  676. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  677. "user-agent": "Microsoft-CryptoAPI/6.1",
  678. "method": "GET",
  679. "host": "ocsp.msocsp.com",
  680. "version": "1.1",
  681. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  682. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  683. "port": 80
  684. },
  685. {
  686. "count": 1,
  687. "body": "",
  688. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  689. "user-agent": "Microsoft-CryptoAPI/6.1",
  690. "method": "GET",
  691. "host": "ocsp.thawte.com",
  692. "version": "1.1",
  693. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  694. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  695. "port": 80
  696. },
  697. {
  698. "count": 1,
  699. "body": "",
  700. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  701. "user-agent": "Microsoft-CryptoAPI/6.1",
  702. "method": "GET",
  703. "host": "ocsp.usertrust.com",
  704. "version": "1.1",
  705. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  706. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  707. "port": 80
  708. },
  709. {
  710. "count": 1,
  711. "body": "",
  712. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  713. "user-agent": "Microsoft-CryptoAPI/6.1",
  714. "method": "GET",
  715. "host": "th.symcd.com",
  716. "version": "1.1",
  717. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  718. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  719. "port": 80
  720. },
  721. {
  722. "count": 1,
  723. "body": "",
  724. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  725. "user-agent": "Microsoft-CryptoAPI/6.1",
  726. "method": "GET",
  727. "host": "ocsp.digicert.com",
  728. "version": "1.1",
  729. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  730. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  731. "port": 80
  732. },
  733. {
  734. "count": 1,
  735. "body": "",
  736. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  737. "user-agent": "Microsoft-CryptoAPI/6.1",
  738. "method": "GET",
  739. "host": "ocsp.digicert.com",
  740. "version": "1.1",
  741. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  742. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  743. "port": 80
  744. },
  745. {
  746. "count": 1,
  747. "body": "",
  748. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  749. "user-agent": "Microsoft-CryptoAPI/6.1",
  750. "method": "GET",
  751. "host": "ocsp.pki.goog",
  752. "version": "1.1",
  753. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  754. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  755. "port": 80
  756. },
  757. {
  758. "count": 1,
  759. "body": "",
  760. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  761. "user-agent": "Microsoft-CryptoAPI/6.1",
  762. "method": "GET",
  763. "host": "crl.microsoft.com",
  764. "version": "1.1",
  765. "path": "/pki/crl/products/microsoftrootcert.crl",
  766. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  767. "port": 80
  768. },
  769. {
  770. "count": 1,
  771. "body": "",
  772. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  773. "user-agent": "Microsoft BITS/7.5",
  774. "method": "HEAD",
  775. "host": "redirector.gvt1.com",
  776. "version": "1.1",
  777. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  778. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  779. "port": 80
  780. },
  781. {
  782. "count": 1,
  783. "body": "",
  784. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  785. "user-agent": "Microsoft BITS/7.5",
  786. "method": "HEAD",
  787. "host": "r4---sn-tt1eln7l.gvt1.com",
  788. "version": "1.1",
  789. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  790. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  791. "port": 80
  792. },
  793. {
  794. "count": 1,
  795. "body": "",
  796. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  797. "user-agent": "Microsoft BITS/7.5",
  798. "method": "GET",
  799. "host": "r4---sn-tt1eln7l.gvt1.com",
  800. "version": "1.1",
  801. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  802. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6812\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  803. "port": 80
  804. },
  805. {
  806. "count": 1,
  807. "body": "",
  808. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  809. "user-agent": "Microsoft BITS/7.5",
  810. "method": "GET",
  811. "host": "r4---sn-tt1eln7l.gvt1.com",
  812. "version": "1.1",
  813. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  814. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6813-17922\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  815. "port": 80
  816. },
  817. {
  818. "count": 1,
  819. "body": "",
  820. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  821. "user-agent": "Microsoft BITS/7.5",
  822. "method": "GET",
  823. "host": "r4---sn-tt1eln7l.gvt1.com",
  824. "version": "1.1",
  825. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  826. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17923-29023\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  827. "port": 80
  828. },
  829. {
  830. "count": 1,
  831. "body": "",
  832. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  833. "user-agent": "Microsoft BITS/7.5",
  834. "method": "GET",
  835. "host": "r4---sn-tt1eln7l.gvt1.com",
  836. "version": "1.1",
  837. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  838. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29024-39147\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  839. "port": 80
  840. },
  841. {
  842. "count": 1,
  843. "body": "",
  844. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  845. "user-agent": "Microsoft BITS/7.5",
  846. "method": "GET",
  847. "host": "r4---sn-tt1eln7l.gvt1.com",
  848. "version": "1.1",
  849. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  850. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=39148-61418\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  851. "port": 80
  852. },
  853. {
  854. "count": 1,
  855. "body": "",
  856. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  857. "user-agent": "Microsoft BITS/7.5",
  858. "method": "GET",
  859. "host": "r4---sn-tt1eln7l.gvt1.com",
  860. "version": "1.1",
  861. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  862. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=61419-107498\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  863. "port": 80
  864. },
  865. {
  866. "count": 1,
  867. "body": "",
  868. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  869. "user-agent": "Microsoft BITS/7.5",
  870. "method": "GET",
  871. "host": "r4---sn-tt1eln7l.gvt1.com",
  872. "version": "1.1",
  873. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  874. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=107499-199365\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  875. "port": 80
  876. },
  877. {
  878. "count": 1,
  879. "body": "",
  880. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  881. "user-agent": "Microsoft BITS/7.5",
  882. "method": "GET",
  883. "host": "r4---sn-tt1eln7l.gvt1.com",
  884. "version": "1.1",
  885. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  886. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=199366-354012\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  887. "port": 80
  888. },
  889. {
  890. "count": 1,
  891. "body": "",
  892. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  893. "user-agent": "Microsoft BITS/7.5",
  894. "method": "GET",
  895. "host": "r4---sn-tt1eln7l.gvt1.com",
  896. "version": "1.1",
  897. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  898. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=354013-635074\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  899. "port": 80
  900. },
  901. {
  902. "count": 1,
  903. "body": "",
  904. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  905. "user-agent": "Microsoft BITS/7.5",
  906. "method": "GET",
  907. "host": "r4---sn-tt1eln7l.gvt1.com",
  908. "version": "1.1",
  909. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  910. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=635075-1165709\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  911. "port": 80
  912. },
  913. {
  914. "count": 1,
  915. "body": "",
  916. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  917. "user-agent": "Microsoft BITS/7.5",
  918. "method": "GET",
  919. "host": "r4---sn-tt1eln7l.gvt1.com",
  920. "version": "1.1",
  921. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  922. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1165710-2146379\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  923. "port": 80
  924. },
  925. {
  926. "count": 1,
  927. "body": "",
  928. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  929. "user-agent": "Microsoft BITS/7.5",
  930. "method": "GET",
  931. "host": "r4---sn-tt1eln7l.gvt1.com",
  932. "version": "1.1",
  933. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  934. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2146380-3686471\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  935. "port": 80
  936. },
  937. {
  938. "count": 1,
  939. "body": "",
  940. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  941. "user-agent": "Microsoft BITS/7.5",
  942. "method": "GET",
  943. "host": "r4---sn-tt1eln7l.gvt1.com",
  944. "version": "1.1",
  945. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  946. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3686472-4603181\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  947. "port": 80
  948. },
  949. {
  950. "count": 1,
  951. "body": "",
  952. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  953. "user-agent": "Microsoft BITS/7.5",
  954. "method": "GET",
  955. "host": "r4---sn-tt1eln7l.gvt1.com",
  956. "version": "1.1",
  957. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  958. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4603182-5524358\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  959. "port": 80
  960. },
  961. {
  962. "count": 1,
  963. "body": "",
  964. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  965. "user-agent": "Microsoft BITS/7.5",
  966. "method": "GET",
  967. "host": "r4---sn-tt1eln7l.gvt1.com",
  968. "version": "1.1",
  969. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  970. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5524359-6290412\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  971. "port": 80
  972. },
  973. {
  974. "count": 1,
  975. "body": "",
  976. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  977. "user-agent": "Microsoft BITS/7.5",
  978. "method": "GET",
  979. "host": "r4---sn-tt1eln7l.gvt1.com",
  980. "version": "1.1",
  981. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  982. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6290413-7016321\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  983. "port": 80
  984. },
  985. {
  986. "count": 1,
  987. "body": "",
  988. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  989. "user-agent": "Microsoft BITS/7.5",
  990. "method": "GET",
  991. "host": "r4---sn-tt1eln7l.gvt1.com",
  992. "version": "1.1",
  993. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  994. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7016322-7610905\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  995. "port": 80
  996. },
  997. {
  998. "count": 1,
  999. "body": "",
  1000. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1001. "user-agent": "Microsoft BITS/7.5",
  1002. "method": "GET",
  1003. "host": "r4---sn-tt1eln7l.gvt1.com",
  1004. "version": "1.1",
  1005. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1006. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7610906-8243468\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1007. "port": 80
  1008. },
  1009. {
  1010. "count": 1,
  1011. "body": "",
  1012. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1013. "user-agent": "Microsoft BITS/7.5",
  1014. "method": "GET",
  1015. "host": "r4---sn-tt1eln7l.gvt1.com",
  1016. "version": "1.1",
  1017. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1018. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8243469-9148646\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1019. "port": 80
  1020. },
  1021. {
  1022. "count": 1,
  1023. "body": "",
  1024. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1025. "user-agent": "Microsoft BITS/7.5",
  1026. "method": "GET",
  1027. "host": "r4---sn-tt1eln7l.gvt1.com",
  1028. "version": "1.1",
  1029. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1030. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9148647-9993742\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1031. "port": 80
  1032. },
  1033. {
  1034. "count": 1,
  1035. "body": "",
  1036. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1037. "user-agent": "Microsoft BITS/7.5",
  1038. "method": "GET",
  1039. "host": "r4---sn-tt1eln7l.gvt1.com",
  1040. "version": "1.1",
  1041. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1042. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9993743-10565590\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1043. "port": 80
  1044. },
  1045. {
  1046. "count": 1,
  1047. "body": "",
  1048. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1049. "user-agent": "Microsoft BITS/7.5",
  1050. "method": "GET",
  1051. "host": "r4---sn-tt1eln7l.gvt1.com",
  1052. "version": "1.1",
  1053. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1054. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10565591-11061729\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1055. "port": 80
  1056. },
  1057. {
  1058. "count": 1,
  1059. "body": "",
  1060. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1061. "user-agent": "Microsoft BITS/7.5",
  1062. "method": "GET",
  1063. "host": "r4---sn-tt1eln7l.gvt1.com",
  1064. "version": "1.1",
  1065. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1066. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11061730-11920879\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1067. "port": 80
  1068. },
  1069. {
  1070. "count": 1,
  1071. "body": "",
  1072. "uri": "http://r4---sn-tt1eln7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1073. "user-agent": "Microsoft BITS/7.5",
  1074. "method": "GET",
  1075. "host": "r4---sn-tt1eln7l.gvt1.com",
  1076. "version": "1.1",
  1077. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  1078. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1eln7l&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11920880-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1eln7l.gvt1.com\r\n\r\n",
  1079. "port": 80
  1080. }
  1081. ]
  1082.  
  1083. [*] Network Communication - SMTP: []
  1084.  
  1085. [*] Network Communication - Hosts: []
  1086.  
  1087. [*] Network Communication - IRC: []
  1088.  
  1089. [*] Static Analysis: {
  1090. "pe": {
  1091. "peid_signatures": null,
  1092. "imports": [
  1093. {
  1094. "imports": [
  1095. {
  1096. "name": "GetModuleHandleA",
  1097. "address": "0x41c00c"
  1098. },
  1099. {
  1100. "name": "InterlockedDecrement",
  1101. "address": "0x41c010"
  1102. },
  1103. {
  1104. "name": "VirtualAllocEx",
  1105. "address": "0x41c014"
  1106. },
  1107. {
  1108. "name": "GetOEMCP",
  1109. "address": "0x41c018"
  1110. },
  1111. {
  1112. "name": "GetTickCount",
  1113. "address": "0x41c01c"
  1114. },
  1115. {
  1116. "name": "GetProcAddress",
  1117. "address": "0x41c020"
  1118. },
  1119. {
  1120. "name": "LoadLibraryA",
  1121. "address": "0x41c024"
  1122. },
  1123. {
  1124. "name": "GetCommandLineW",
  1125. "address": "0x41c028"
  1126. },
  1127. {
  1128. "name": "GetCurrentProcess",
  1129. "address": "0x41c02c"
  1130. },
  1131. {
  1132. "name": "GetProcessHeap",
  1133. "address": "0x41c030"
  1134. },
  1135. {
  1136. "name": "InterlockedIncrement",
  1137. "address": "0x41c034"
  1138. },
  1139. {
  1140. "name": "lstrlenA",
  1141. "address": "0x41c038"
  1142. },
  1143. {
  1144. "name": "GetVersionExA",
  1145. "address": "0x41c03c"
  1146. },
  1147. {
  1148. "name": "GetVersionExW",
  1149. "address": "0x41c040"
  1150. },
  1151. {
  1152. "name": "GetCommandLineA",
  1153. "address": "0x41c044"
  1154. },
  1155. {
  1156. "name": "GetLastError",
  1157. "address": "0x41c048"
  1158. },
  1159. {
  1160. "name": "GetCurrentThread",
  1161. "address": "0x41c04c"
  1162. },
  1163. {
  1164. "name": "GetStartupInfoW",
  1165. "address": "0x41c050"
  1166. }
  1167. ],
  1168. "dll": "KERNEL32.dll"
  1169. },
  1170. {
  1171. "imports": [
  1172. {
  1173. "name": "DestroyWindow",
  1174. "address": "0x41c058"
  1175. },
  1176. {
  1177. "name": "RegisterClassW",
  1178. "address": "0x41c05c"
  1179. },
  1180. {
  1181. "name": "LoadIconA",
  1182. "address": "0x41c060"
  1183. },
  1184. {
  1185. "name": "SetWindowLongW",
  1186. "address": "0x41c064"
  1187. },
  1188. {
  1189. "name": "SetWindowTextW",
  1190. "address": "0x41c068"
  1191. },
  1192. {
  1193. "name": "DefWindowProcW",
  1194. "address": "0x41c06c"
  1195. },
  1196. {
  1197. "name": "CreateWindowExA",
  1198. "address": "0x41c070"
  1199. },
  1200. {
  1201. "name": "DestroyIcon",
  1202. "address": "0x41c074"
  1203. },
  1204. {
  1205. "name": "SendMessageW",
  1206. "address": "0x41c078"
  1207. },
  1208. {
  1209. "name": "CreateWindowExW",
  1210. "address": "0x41c07c"
  1211. },
  1212. {
  1213. "name": "UnregisterClassA",
  1214. "address": "0x41c080"
  1215. },
  1216. {
  1217. "name": "LoadStringW",
  1218. "address": "0x41c084"
  1219. },
  1220. {
  1221. "name": "PostMessageW",
  1222. "address": "0x41c088"
  1223. }
  1224. ],
  1225. "dll": "USER32.dll"
  1226. },
  1227. {
  1228. "imports": [
  1229. {
  1230. "name": "CreateDIBSection",
  1231. "address": "0x41c000"
  1232. },
  1233. {
  1234. "name": "CreateBitmap",
  1235. "address": "0x41c004"
  1236. }
  1237. ],
  1238. "dll": "GDI32.dll"
  1239. },
  1240. {
  1241. "imports": [
  1242. {
  1243. "name": "CoInitialize",
  1244. "address": "0x41c0d8"
  1245. },
  1246. {
  1247. "name": "CoGetObject",
  1248. "address": "0x41c0dc"
  1249. }
  1250. ],
  1251. "dll": "ole32.dll"
  1252. },
  1253. {
  1254. "imports": [
  1255. {
  1256. "name": "__setusermatherr",
  1257. "address": "0x41c090"
  1258. },
  1259. {
  1260. "name": "_c_exit",
  1261. "address": "0x41c094"
  1262. },
  1263. {
  1264. "name": "_except_handler3",
  1265. "address": "0x41c098"
  1266. },
  1267. {
  1268. "name": "_XcptFilter",
  1269. "address": "0x41c09c"
  1270. },
  1271. {
  1272. "name": "_cexit",
  1273. "address": "0x41c0a0"
  1274. },
  1275. {
  1276. "name": "exit",
  1277. "address": "0x41c0a4"
  1278. },
  1279. {
  1280. "name": "_wcmdln",
  1281. "address": "0x41c0a8"
  1282. },
  1283. {
  1284. "name": "__wgetmainargs",
  1285. "address": "0x41c0ac"
  1286. },
  1287. {
  1288. "name": "_initterm",
  1289. "address": "0x41c0b0"
  1290. },
  1291. {
  1292. "name": "_exit",
  1293. "address": "0x41c0b4"
  1294. },
  1295. {
  1296. "name": "_adjust_fdiv",
  1297. "address": "0x41c0b8"
  1298. },
  1299. {
  1300. "name": "__p__commode",
  1301. "address": "0x41c0bc"
  1302. },
  1303. {
  1304. "name": "__p__fmode",
  1305. "address": "0x41c0c0"
  1306. },
  1307. {
  1308. "name": "__set_app_type",
  1309. "address": "0x41c0c4"
  1310. },
  1311. {
  1312. "name": "_controlfp",
  1313. "address": "0x41c0c8"
  1314. },
  1315. {
  1316. "name": "__dllonexit",
  1317. "address": "0x41c0cc"
  1318. },
  1319. {
  1320. "name": "_onexit",
  1321. "address": "0x41c0d0"
  1322. }
  1323. ],
  1324. "dll": "msvcrt.dll"
  1325. }
  1326. ],
  1327. "digital_signers": null,
  1328. "exported_dll_name": null,
  1329. "actual_checksum": "0x0001bd6e",
  1330. "overlay": {
  1331. "size": "0x00001f08",
  1332. "offset": "0x0000b000"
  1333. },
  1334. "imagebase": "0x00400000",
  1335. "reported_checksum": "0x0001bd6e",
  1336. "icon_hash": null,
  1337. "entrypoint": "0x00403c36",
  1338. "timestamp": "2016-08-19 20:55:53",
  1339. "osversion": "4.0",
  1340. "sections": [
  1341. {
  1342. "name": ".text",
  1343. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1344. "virtual_address": "0x00001000",
  1345. "size_of_data": "0x00003000",
  1346. "entropy": "6.03",
  1347. "raw_address": "0x00001000",
  1348. "virtual_size": "0x00002f16",
  1349. "characteristics_raw": "0xf0000020"
  1350. },
  1351. {
  1352. "name": ".bss",
  1353. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1354. "virtual_address": "0x00004000",
  1355. "size_of_data": "0x00000000",
  1356. "entropy": "0.00",
  1357. "raw_address": "0x00000000",
  1358. "virtual_size": "0x00017030",
  1359. "characteristics_raw": "0xc0000080"
  1360. },
  1361. {
  1362. "name": ".rdata",
  1363. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1364. "virtual_address": "0x0001c000",
  1365. "size_of_data": "0x00001000",
  1366. "entropy": "2.45",
  1367. "raw_address": "0x00004000",
  1368. "virtual_size": "0x000005dc",
  1369. "characteristics_raw": "0x40000040"
  1370. },
  1371. {
  1372. "name": ".data",
  1373. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1374. "virtual_address": "0x0001d000",
  1375. "size_of_data": "0x00005000",
  1376. "entropy": "6.51",
  1377. "raw_address": "0x00005000",
  1378. "virtual_size": "0x00004f34",
  1379. "characteristics_raw": "0xd0000040"
  1380. },
  1381. {
  1382. "name": ".reloc",
  1383. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1384. "virtual_address": "0x00022000",
  1385. "size_of_data": "0x00001000",
  1386. "entropy": "0.72",
  1387. "raw_address": "0x0000a000",
  1388. "virtual_size": "0x0000024e",
  1389. "characteristics_raw": "0x42000040"
  1390. }
  1391. ],
  1392. "resources": [],
  1393. "dirents": [
  1394. {
  1395. "virtual_address": "0x00000000",
  1396. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1397. "size": "0x00000000"
  1398. },
  1399. {
  1400. "virtual_address": "0x0001c104",
  1401. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1402. "size": "0x00000078"
  1403. },
  1404. {
  1405. "virtual_address": "0x00000000",
  1406. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1407. "size": "0x00000000"
  1408. },
  1409. {
  1410. "virtual_address": "0x00000000",
  1411. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1412. "size": "0x00000000"
  1413. },
  1414. {
  1415. "virtual_address": "0x0000b000",
  1416. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1417. "size": "0x00001f08"
  1418. },
  1419. {
  1420. "virtual_address": "0x00022000",
  1421. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1422. "size": "0x00000128"
  1423. },
  1424. {
  1425. "virtual_address": "0x00000000",
  1426. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1427. "size": "0x00000000"
  1428. },
  1429. {
  1430. "virtual_address": "0x00000000",
  1431. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1432. "size": "0x00000000"
  1433. },
  1434. {
  1435. "virtual_address": "0x00000000",
  1436. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1437. "size": "0x00000000"
  1438. },
  1439. {
  1440. "virtual_address": "0x00000000",
  1441. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1442. "size": "0x00000000"
  1443. },
  1444. {
  1445. "virtual_address": "0x00000000",
  1446. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1447. "size": "0x00000000"
  1448. },
  1449. {
  1450. "virtual_address": "0x00000000",
  1451. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1452. "size": "0x00000000"
  1453. },
  1454. {
  1455. "virtual_address": "0x0001c000",
  1456. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1457. "size": "0x000000e4"
  1458. },
  1459. {
  1460. "virtual_address": "0x00000000",
  1461. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1462. "size": "0x00000000"
  1463. },
  1464. {
  1465. "virtual_address": "0x00000000",
  1466. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1467. "size": "0x00000000"
  1468. },
  1469. {
  1470. "virtual_address": "0x00000000",
  1471. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1472. "size": "0x00000000"
  1473. }
  1474. ],
  1475. "exports": [],
  1476. "guest_signers": {},
  1477. "imphash": "04dcd7bc2fb74491dde37e786182f466",
  1478. "icon_fuzzy": null,
  1479. "icon": null,
  1480. "pdbpath": null,
  1481. "imported_dll_count": 5,
  1482. "versioninfo": []
  1483. }
  1484. }
  1485.  
  1486. [*] Resolved APIs: [
  1487. "cryptbase.dll.SystemFunction036",
  1488. "uxtheme.dll.ThemeInitApiHook",
  1489. "user32.dll.IsProcessDPIAware",
  1490. "user32.dll.GetWindowContextHelpId",
  1491. "kernel32.dll.VirtualAlloc",
  1492. "kernel32.dll.VirtualProtect",
  1493. "kernel32.dll.LoadLibraryA",
  1494. "kernel32.dll.VirtualFree",
  1495. "kernel32.dll.VirtualQuery",
  1496. "advapi32.dll.GetUserNameA",
  1497. "kernel32.dll.AddAtomA",
  1498. "kernel32.dll.CloseHandle",
  1499. "kernel32.dll.CreateDirectoryA",
  1500. "kernel32.dll.CreateFileA",
  1501. "kernel32.dll.CreateProcessA",
  1502. "kernel32.dll.ExitProcess",
  1503. "kernel32.dll.FindAtomA",
  1504. "kernel32.dll.FreeLibrary",
  1505. "kernel32.dll.GetAtomNameA",
  1506. "kernel32.dll.GetComputerNameA",
  1507. "kernel32.dll.GetFileAttributesA",
  1508. "kernel32.dll.GetFileSize",
  1509. "kernel32.dll.GetModuleFileNameA",
  1510. "kernel32.dll.GetModuleHandleA",
  1511. "kernel32.dll.GetProcAddress",
  1512. "kernel32.dll.GetSystemDirectoryA",
  1513. "kernel32.dll.GetSystemInfo",
  1514. "kernel32.dll.GetTempPathA",
  1515. "kernel32.dll.GetVersionExA",
  1516. "kernel32.dll.GetVolumeInformationA",
  1517. "kernel32.dll.SetUnhandledExceptionFilter",
  1518. "kernel32.dll.Sleep",
  1519. "kernel32.dll.WaitForSingleObject",
  1520. "kernel32.dll.WriteFile",
  1521. "msvcrt.dll._itoa",
  1522. "msvcrt.dll._strlwr",
  1523. "msvcrt.dll.__getmainargs",
  1524. "msvcrt.dll.__p__environ",
  1525. "msvcrt.dll.__p__fmode",
  1526. "msvcrt.dll.__set_app_type",
  1527. "msvcrt.dll._cexit",
  1528. "msvcrt.dll._iob",
  1529. "msvcrt.dll._onexit",
  1530. "msvcrt.dll._setmode",
  1531. "msvcrt.dll.abort",
  1532. "msvcrt.dll.atexit",
  1533. "msvcrt.dll.atoi",
  1534. "msvcrt.dll.exit",
  1535. "msvcrt.dll.fclose",
  1536. "msvcrt.dll.fflush",
  1537. "msvcrt.dll.fopen",
  1538. "msvcrt.dll.fprintf",
  1539. "msvcrt.dll.fread",
  1540. "msvcrt.dll.free",
  1541. "msvcrt.dll.fwrite",
  1542. "msvcrt.dll.malloc",
  1543. "msvcrt.dll.memcpy",
  1544. "msvcrt.dll.memmove",
  1545. "msvcrt.dll.memset",
  1546. "msvcrt.dll.signal",
  1547. "msvcrt.dll.strcat",
  1548. "msvcrt.dll.strcmp",
  1549. "msvcrt.dll.strcpy",
  1550. "msvcrt.dll.strlen",
  1551. "msvcrt.dll.strncat",
  1552. "shell32.dll.ShellExecuteExA",
  1553. "user32.dll.GetSystemMetrics",
  1554. "wsock32.dll.WSACleanup",
  1555. "wsock32.dll.WSAStartup",
  1556. "wsock32.dll.closesocket",
  1557. "wsock32.dll.connect",
  1558. "wsock32.dll.gethostbyname",
  1559. "wsock32.dll.htons",
  1560. "wsock32.dll.inet_addr",
  1561. "wsock32.dll.inet_ntoa",
  1562. "wsock32.dll.recv",
  1563. "wsock32.dll.send",
  1564. "wsock32.dll.socket",
  1565. "shell32.dll.#680",
  1566. "kernel32.dll.GetNativeSystemInfo",
  1567. "kernel32.dll.SortGetHandle",
  1568. "kernel32.dll.SortCloseHandle"
  1569. ]
  1570.  
  1571. [*] Static Analysis: {
  1572. "pe": {
  1573. "peid_signatures": null,
  1574. "imports": [
  1575. {
  1576. "imports": [
  1577. {
  1578. "name": "GetModuleHandleA",
  1579. "address": "0x41c00c"
  1580. },
  1581. {
  1582. "name": "InterlockedDecrement",
  1583. "address": "0x41c010"
  1584. },
  1585. {
  1586. "name": "VirtualAllocEx",
  1587. "address": "0x41c014"
  1588. },
  1589. {
  1590. "name": "GetOEMCP",
  1591. "address": "0x41c018"
  1592. },
  1593. {
  1594. "name": "GetTickCount",
  1595. "address": "0x41c01c"
  1596. },
  1597. {
  1598. "name": "GetProcAddress",
  1599. "address": "0x41c020"
  1600. },
  1601. {
  1602. "name": "LoadLibraryA",
  1603. "address": "0x41c024"
  1604. },
  1605. {
  1606. "name": "GetCommandLineW",
  1607. "address": "0x41c028"
  1608. },
  1609. {
  1610. "name": "GetCurrentProcess",
  1611. "address": "0x41c02c"
  1612. },
  1613. {
  1614. "name": "GetProcessHeap",
  1615. "address": "0x41c030"
  1616. },
  1617. {
  1618. "name": "InterlockedIncrement",
  1619. "address": "0x41c034"
  1620. },
  1621. {
  1622. "name": "lstrlenA",
  1623. "address": "0x41c038"
  1624. },
  1625. {
  1626. "name": "GetVersionExA",
  1627. "address": "0x41c03c"
  1628. },
  1629. {
  1630. "name": "GetVersionExW",
  1631. "address": "0x41c040"
  1632. },
  1633. {
  1634. "name": "GetCommandLineA",
  1635. "address": "0x41c044"
  1636. },
  1637. {
  1638. "name": "GetLastError",
  1639. "address": "0x41c048"
  1640. },
  1641. {
  1642. "name": "GetCurrentThread",
  1643. "address": "0x41c04c"
  1644. },
  1645. {
  1646. "name": "GetStartupInfoW",
  1647. "address": "0x41c050"
  1648. }
  1649. ],
  1650. "dll": "KERNEL32.dll"
  1651. },
  1652. {
  1653. "imports": [
  1654. {
  1655. "name": "DestroyWindow",
  1656. "address": "0x41c058"
  1657. },
  1658. {
  1659. "name": "RegisterClassW",
  1660. "address": "0x41c05c"
  1661. },
  1662. {
  1663. "name": "LoadIconA",
  1664. "address": "0x41c060"
  1665. },
  1666. {
  1667. "name": "SetWindowLongW",
  1668. "address": "0x41c064"
  1669. },
  1670. {
  1671. "name": "SetWindowTextW",
  1672. "address": "0x41c068"
  1673. },
  1674. {
  1675. "name": "DefWindowProcW",
  1676. "address": "0x41c06c"
  1677. },
  1678. {
  1679. "name": "CreateWindowExA",
  1680. "address": "0x41c070"
  1681. },
  1682. {
  1683. "name": "DestroyIcon",
  1684. "address": "0x41c074"
  1685. },
  1686. {
  1687. "name": "SendMessageW",
  1688. "address": "0x41c078"
  1689. },
  1690. {
  1691. "name": "CreateWindowExW",
  1692. "address": "0x41c07c"
  1693. },
  1694. {
  1695. "name": "UnregisterClassA",
  1696. "address": "0x41c080"
  1697. },
  1698. {
  1699. "name": "LoadStringW",
  1700. "address": "0x41c084"
  1701. },
  1702. {
  1703. "name": "PostMessageW",
  1704. "address": "0x41c088"
  1705. }
  1706. ],
  1707. "dll": "USER32.dll"
  1708. },
  1709. {
  1710. "imports": [
  1711. {
  1712. "name": "CreateDIBSection",
  1713. "address": "0x41c000"
  1714. },
  1715. {
  1716. "name": "CreateBitmap",
  1717. "address": "0x41c004"
  1718. }
  1719. ],
  1720. "dll": "GDI32.dll"
  1721. },
  1722. {
  1723. "imports": [
  1724. {
  1725. "name": "CoInitialize",
  1726. "address": "0x41c0d8"
  1727. },
  1728. {
  1729. "name": "CoGetObject",
  1730. "address": "0x41c0dc"
  1731. }
  1732. ],
  1733. "dll": "ole32.dll"
  1734. },
  1735. {
  1736. "imports": [
  1737. {
  1738. "name": "__setusermatherr",
  1739. "address": "0x41c090"
  1740. },
  1741. {
  1742. "name": "_c_exit",
  1743. "address": "0x41c094"
  1744. },
  1745. {
  1746. "name": "_except_handler3",
  1747. "address": "0x41c098"
  1748. },
  1749. {
  1750. "name": "_XcptFilter",
  1751. "address": "0x41c09c"
  1752. },
  1753. {
  1754. "name": "_cexit",
  1755. "address": "0x41c0a0"
  1756. },
  1757. {
  1758. "name": "exit",
  1759. "address": "0x41c0a4"
  1760. },
  1761. {
  1762. "name": "_wcmdln",
  1763. "address": "0x41c0a8"
  1764. },
  1765. {
  1766. "name": "__wgetmainargs",
  1767. "address": "0x41c0ac"
  1768. },
  1769. {
  1770. "name": "_initterm",
  1771. "address": "0x41c0b0"
  1772. },
  1773. {
  1774. "name": "_exit",
  1775. "address": "0x41c0b4"
  1776. },
  1777. {
  1778. "name": "_adjust_fdiv",
  1779. "address": "0x41c0b8"
  1780. },
  1781. {
  1782. "name": "__p__commode",
  1783. "address": "0x41c0bc"
  1784. },
  1785. {
  1786. "name": "__p__fmode",
  1787. "address": "0x41c0c0"
  1788. },
  1789. {
  1790. "name": "__set_app_type",
  1791. "address": "0x41c0c4"
  1792. },
  1793. {
  1794. "name": "_controlfp",
  1795. "address": "0x41c0c8"
  1796. },
  1797. {
  1798. "name": "__dllonexit",
  1799. "address": "0x41c0cc"
  1800. },
  1801. {
  1802. "name": "_onexit",
  1803. "address": "0x41c0d0"
  1804. }
  1805. ],
  1806. "dll": "msvcrt.dll"
  1807. }
  1808. ],
  1809. "digital_signers": null,
  1810. "exported_dll_name": null,
  1811. "actual_checksum": "0x0001bd6e",
  1812. "overlay": {
  1813. "size": "0x00001f08",
  1814. "offset": "0x0000b000"
  1815. },
  1816. "imagebase": "0x00400000",
  1817. "reported_checksum": "0x0001bd6e",
  1818. "icon_hash": null,
  1819. "entrypoint": "0x00403c36",
  1820. "timestamp": "2016-08-19 20:55:53",
  1821. "osversion": "4.0",
  1822. "sections": [
  1823. {
  1824. "name": ".text",
  1825. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1826. "virtual_address": "0x00001000",
  1827. "size_of_data": "0x00003000",
  1828. "entropy": "6.03",
  1829. "raw_address": "0x00001000",
  1830. "virtual_size": "0x00002f16",
  1831. "characteristics_raw": "0xf0000020"
  1832. },
  1833. {
  1834. "name": ".bss",
  1835. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1836. "virtual_address": "0x00004000",
  1837. "size_of_data": "0x00000000",
  1838. "entropy": "0.00",
  1839. "raw_address": "0x00000000",
  1840. "virtual_size": "0x00017030",
  1841. "characteristics_raw": "0xc0000080"
  1842. },
  1843. {
  1844. "name": ".rdata",
  1845. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1846. "virtual_address": "0x0001c000",
  1847. "size_of_data": "0x00001000",
  1848. "entropy": "2.45",
  1849. "raw_address": "0x00004000",
  1850. "virtual_size": "0x000005dc",
  1851. "characteristics_raw": "0x40000040"
  1852. },
  1853. {
  1854. "name": ".data",
  1855. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1856. "virtual_address": "0x0001d000",
  1857. "size_of_data": "0x00005000",
  1858. "entropy": "6.51",
  1859. "raw_address": "0x00005000",
  1860. "virtual_size": "0x00004f34",
  1861. "characteristics_raw": "0xd0000040"
  1862. },
  1863. {
  1864. "name": ".reloc",
  1865. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1866. "virtual_address": "0x00022000",
  1867. "size_of_data": "0x00001000",
  1868. "entropy": "0.72",
  1869. "raw_address": "0x0000a000",
  1870. "virtual_size": "0x0000024e",
  1871. "characteristics_raw": "0x42000040"
  1872. }
  1873. ],
  1874. "resources": [],
  1875. "dirents": [
  1876. {
  1877. "virtual_address": "0x00000000",
  1878. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1879. "size": "0x00000000"
  1880. },
  1881. {
  1882. "virtual_address": "0x0001c104",
  1883. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1884. "size": "0x00000078"
  1885. },
  1886. {
  1887. "virtual_address": "0x00000000",
  1888. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1889. "size": "0x00000000"
  1890. },
  1891. {
  1892. "virtual_address": "0x00000000",
  1893. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1894. "size": "0x00000000"
  1895. },
  1896. {
  1897. "virtual_address": "0x0000b000",
  1898. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1899. "size": "0x00001f08"
  1900. },
  1901. {
  1902. "virtual_address": "0x00022000",
  1903. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1904. "size": "0x00000128"
  1905. },
  1906. {
  1907. "virtual_address": "0x00000000",
  1908. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1909. "size": "0x00000000"
  1910. },
  1911. {
  1912. "virtual_address": "0x00000000",
  1913. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1914. "size": "0x00000000"
  1915. },
  1916. {
  1917. "virtual_address": "0x00000000",
  1918. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1919. "size": "0x00000000"
  1920. },
  1921. {
  1922. "virtual_address": "0x00000000",
  1923. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1924. "size": "0x00000000"
  1925. },
  1926. {
  1927. "virtual_address": "0x00000000",
  1928. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1929. "size": "0x00000000"
  1930. },
  1931. {
  1932. "virtual_address": "0x00000000",
  1933. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1934. "size": "0x00000000"
  1935. },
  1936. {
  1937. "virtual_address": "0x0001c000",
  1938. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1939. "size": "0x000000e4"
  1940. },
  1941. {
  1942. "virtual_address": "0x00000000",
  1943. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1944. "size": "0x00000000"
  1945. },
  1946. {
  1947. "virtual_address": "0x00000000",
  1948. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1949. "size": "0x00000000"
  1950. },
  1951. {
  1952. "virtual_address": "0x00000000",
  1953. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1954. "size": "0x00000000"
  1955. }
  1956. ],
  1957. "exports": [],
  1958. "guest_signers": {},
  1959. "imphash": "04dcd7bc2fb74491dde37e786182f466",
  1960. "icon_fuzzy": null,
  1961. "icon": null,
  1962. "pdbpath": null,
  1963. "imported_dll_count": 5,
  1964. "versioninfo": []
  1965. }
  1966. }
RAW Paste Data