Exes_181d2f93_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_181d2f93.exe"
7. [*] File Size: 1179136
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed"
9. [*] SHA256: "56ff6937ac04352eeb83b3ae75b9a1d2efb3177f7b460c148864a3236b22efb2"
10. [*] MD5: "072760d80286205652af3041d68d7033"
11. [*] SHA1: "94eb839fd537dbfb93cb51c53b2eb15f70480edc"
12. [*] SHA512: "2736a3a4a299aaa1e08fe0da7607357a52dae3869c22c27f2a4356e0dcb240d3cb1b1ceef0bf1c3645917aa2d874c5f3ba5e7846f2e0d78015dc1e0ed90dcbf4"
13. [*] CRC32: "181D2F93"
14. [*] SSDEEP: "24576:7q5TfcdHj4fmbrPevqKoyWdMIZJ0HyFaoVuy8jadVhZIV7Um5ibp:7UTsamnmvqKoyWdMIZJ0hm38juS"
15.  
16. [*] Process Execution: [
17. "Exes_181d2f93.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Performs some HTTP requests",
23. "Details": [
24. {
25. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
26. },
27. {
28. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
29. },
30. {
31. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
32. },
33. {
34. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
35. },
36. {
37. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
38. },
39. {
40. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
41. },
42. {
43. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
44. },
45. {
46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
47. },
48. {
49. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
50. },
51. {
52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
53. },
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
59. },
60. {
61. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
62. },
63. {
64. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
68. },
69. {
70. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
71. },
72. {
73. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
74. },
75. {
76. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
77. },
78. {
79. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
80. },
81. {
82. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
83. },
84. {
85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
86. },
87. {
88. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
89. },
90. {
91. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
92. },
93. {
94. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
95. },
96. {
97. "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes"
98. }
99. ]
100. },
101. {
102. "Description": "The binary likely contains encrypted or compressed data.",
103. "Details": [
104. {
105. "section": "name: UPX1, entropy: 7.94, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00054400, virtual_size: 0x00055000"
106. },
107. {
108. "section": "name: .rsrc, entropy: 7.71, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000cb600, virtual_size: 0x000cc000"
109. }
110. ]
111. },
112. {
113. "Description": "The executable is compressed using UPX",
114. "Details": [
115. {
116. "section": "name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x0014e000"
117. }
118. ]
119. },
120. {
121. "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
122. "Details": [
123. {
124. "FireEye": "Generic.mg.072760d802862056"
125. },
126. {
127. "VIPRE": "Trojan.Win32.Generic!BT"
128. },
129. {
130. "K7GW": "Riskware ( 0040eff71 )"
131. },
132. {
133. "K7AntiVirus": "Riskware ( 0040eff71 )"
134. },
135. {
136. "Symantec": "Trojan.Gen.2"
137. },
138. {
139. "APEX": "Malicious"
140. },
141. {
142. "ClamAV": "Win.Malware.Agent-6346337-0"
143. },
144. {
145. "AegisLab": "Trojan.Win32.Generic.4!c"
146. },
147. {
148. "DrWeb": "BackDoor.Comet.2352"
149. },
150. {
151. "Invincea": "heuristic"
152. },
153. {
154. "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.tc"
155. },
156. {
157. "SentinelOne": "DFI - Malicious PE"
158. },
159. {
160. "Endgame": "malicious (moderate confidence)"
161. },
162. {
163. "Acronis": "suspicious"
164. },
165. {
166. "McAfee": "Artemis!072760D80286"
167. },
168. {
169. "VBA32": "Backdoor.Comet"
170. }
171. ]
172. }
173. ]
174.  
175. [*] Started Service: []
176.  
177. [*] Created Services: []
178.  
179. [*] Mutexes: [
180. "CicLoadWinStaWinSta0",
181. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
182. ]
183.  
184. [*] Modified Files: [
185. "C:\\Users\\user\\AppData\\Local\\Temp\\aut27B.tmp",
186. "C:\\Users\\user\\AppData\\Local\\Temp\\idm_reset.reg",
187. "C:\\Users\\user\\AppData\\Local\\Temp\\aut29B.tmp",
188. "C:\\Users\\user\\AppData\\Local\\Temp\\idm_trial.reg",
189. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2AC.tmp",
190. "C:\\Users\\user\\AppData\\Local\\Temp\\idm_reg.reg",
191. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2BC.tmp",
192. "C:\\Users\\user\\AppData\\Local\\Temp\\SetACLx32.exe",
193. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2FC.tmp",
194. "C:\\Users\\user\\AppData\\Local\\Temp\\SetACLx64.exe"
195. ]
196.  
197. [*] Deleted Files: [
198. "C:\\Users\\user\\AppData\\Local\\Temp\\aut27B.tmp",
199. "C:\\Users\\user\\AppData\\Local\\Temp\\aut29B.tmp",
200. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2AC.tmp",
201. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2BC.tmp",
202. "C:\\Users\\user\\AppData\\Local\\Temp\\aut2FC.tmp"
203. ]
204.  
205. [*] Modified Registry Keys: []
206.  
207. [*] Deleted Registry Keys: []
208.  
209. [*] DNS Communications: []
210.  
211. [*] Domains: []
212.  
213. [*] Network Communication - ICMP: []
214.  
215. [*] Network Communication - HTTP: [
216. {
217. "count": 1,
218. "body": "",
219. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
220. "user-agent": "Microsoft-CryptoAPI/6.1",
221. "method": "GET",
222. "host": "ocsp.digicert.com",
223. "version": "1.1",
224. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
225. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
226. "port": 80
227. },
228. {
229. "count": 1,
230. "body": "",
231. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
232. "user-agent": "Microsoft-CryptoAPI/6.1",
233. "method": "GET",
234. "host": "ocsp.digicert.com",
235. "version": "1.1",
236. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
237. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
238. "port": 80
239. },
240. {
241. "count": 1,
242. "body": "",
243. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
244. "user-agent": "Microsoft-CryptoAPI/6.1",
245. "method": "GET",
246. "host": "ocsp.digicert.com",
247. "version": "1.1",
248. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
249. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
250. "port": 80
251. },
252. {
253. "count": 1,
254. "body": "",
255. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
256. "user-agent": "Microsoft-CryptoAPI/6.1",
257. "method": "GET",
258. "host": "ocsp.pki.goog",
259. "version": "1.1",
260. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
261. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
262. "port": 80
263. },
264. {
265. "count": 1,
266. "body": "",
267. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
268. "user-agent": "Microsoft-CryptoAPI/6.1",
269. "method": "GET",
270. "host": "ocsp.digicert.com",
271. "version": "1.1",
272. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
273. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
274. "port": 80
275. },
276. {
277. "count": 1,
278. "body": "",
279. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
280. "user-agent": "Microsoft-CryptoAPI/6.1",
281. "method": "GET",
282. "host": "crl.microsoft.com",
283. "version": "1.1",
284. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
285. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
286. "port": 80
287. },
288. {
289. "count": 1,
290. "body": "",
291. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
292. "user-agent": "Microsoft-CryptoAPI/6.1",
293. "method": "GET",
294. "host": "ocsp.comodoca.com",
295. "version": "1.1",
296. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
297. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
298. "port": 80
299. },
300. {
301. "count": 1,
302. "body": "",
303. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
304. "user-agent": "Microsoft-CryptoAPI/6.1",
305. "method": "GET",
306. "host": "ocsp.pki.goog",
307. "version": "1.1",
308. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
309. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
310. "port": 80
311. },
312. {
313. "count": 1,
314. "body": "",
315. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
316. "user-agent": "Microsoft-CryptoAPI/6.1",
317. "method": "GET",
318. "host": "ocsp.digicert.com",
319. "version": "1.1",
320. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
321. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
322. "port": 80
323. },
324. {
325. "count": 1,
326. "body": "",
327. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
328. "user-agent": "Microsoft-CryptoAPI/6.1",
329. "method": "GET",
330. "host": "www.download.windowsupdate.com",
331. "version": "1.1",
332. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
333. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
334. "port": 80
335. },
336. {
337. "count": 1,
338. "body": "",
339. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
340. "user-agent": "Microsoft-CryptoAPI/6.1",
341. "method": "GET",
342. "host": "crl.microsoft.com",
343. "version": "1.1",
344. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
345. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
346. "port": 80
347. },
348. {
349. "count": 1,
350. "body": "",
351. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
352. "user-agent": "Microsoft-CryptoAPI/6.1",
353. "method": "GET",
354. "host": "ocsp.digicert.com",
355. "version": "1.1",
356. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
357. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
358. "port": 80
359. },
360. {
361. "count": 1,
362. "body": "",
363. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
364. "user-agent": "Microsoft-CryptoAPI/6.1",
365. "method": "GET",
366. "host": "ocsp.digicert.com",
367. "version": "1.1",
368. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
369. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
370. "port": 80
371. },
372. {
373. "count": 1,
374. "body": "",
375. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
376. "user-agent": "Microsoft-CryptoAPI/6.1",
377. "method": "GET",
378. "host": "ocsp.digicert.com",
379. "version": "1.1",
380. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
381. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
382. "port": 80
383. },
384. {
385. "count": 1,
386. "body": "",
387. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
388. "user-agent": "Microsoft-CryptoAPI/6.1",
389. "method": "GET",
390. "host": "ocsp.pki.goog",
391. "version": "1.1",
392. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
393. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
394. "port": 80
395. },
396. {
397. "count": 1,
398. "body": "",
399. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
400. "user-agent": "Microsoft-CryptoAPI/6.1",
401. "method": "GET",
402. "host": "ocsp.pki.goog",
403. "version": "1.1",
404. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
405. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
406. "port": 80
407. },
408. {
409. "count": 1,
410. "body": "",
411. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
412. "user-agent": "Microsoft-CryptoAPI/6.1",
413. "method": "GET",
414. "host": "ocsp.digicert.com",
415. "version": "1.1",
416. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
417. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
418. "port": 80
419. },
420. {
421. "count": 1,
422. "body": "",
423. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
424. "user-agent": "Microsoft-CryptoAPI/6.1",
425. "method": "GET",
426. "host": "ocsp.pki.goog",
427. "version": "1.1",
428. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
429. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
430. "port": 80
431. },
432. {
433. "count": 1,
434. "body": "",
435. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
436. "user-agent": "Microsoft-CryptoAPI/6.1",
437. "method": "GET",
438. "host": "ocsp.msocsp.com",
439. "version": "1.1",
440. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
441. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
442. "port": 80
443. },
444. {
445. "count": 1,
446. "body": "",
447. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
448. "user-agent": "Microsoft-CryptoAPI/6.1",
449. "method": "GET",
450. "host": "ocsp.thawte.com",
451. "version": "1.1",
452. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
453. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
454. "port": 80
455. },
456. {
457. "count": 1,
458. "body": "",
459. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
460. "user-agent": "Microsoft-CryptoAPI/6.1",
461. "method": "GET",
462. "host": "ocsp.usertrust.com",
463. "version": "1.1",
464. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
465. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
466. "port": 80
467. },
468. {
469. "count": 1,
470. "body": "",
471. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
472. "user-agent": "Microsoft-CryptoAPI/6.1",
473. "method": "GET",
474. "host": "th.symcd.com",
475. "version": "1.1",
476. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
477. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
478. "port": 80
479. },
480. {
481. "count": 1,
482. "body": "",
483. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
484. "user-agent": "Microsoft-CryptoAPI/6.1",
485. "method": "GET",
486. "host": "ocsp.digicert.com",
487. "version": "1.1",
488. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
489. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
490. "port": 80
491. },
492. {
493. "count": 1,
494. "body": "",
495. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
496. "user-agent": "Microsoft-CryptoAPI/6.1",
497. "method": "GET",
498. "host": "ocsp.digicert.com",
499. "version": "1.1",
500. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
501. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
502. "port": 80
503. },
504. {
505. "count": 1,
506. "body": "",
507. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
508. "user-agent": "Microsoft-CryptoAPI/6.1",
509. "method": "GET",
510. "host": "ocsp.pki.goog",
511. "version": "1.1",
512. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
513. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
514. "port": 80
515. },
516. {
517. "count": 1,
518. "body": "",
519. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
520. "user-agent": "Microsoft-CryptoAPI/6.1",
521. "method": "GET",
522. "host": "crl.microsoft.com",
523. "version": "1.1",
524. "path": "/pki/crl/products/microsoftrootcert.crl",
525. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
526. "port": 80
527. },
528. {
529. "count": 1,
530. "body": "",
531. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
532. "user-agent": "Microsoft BITS/7.5",
533. "method": "HEAD",
534. "host": "redirector.gvt1.com",
535. "version": "1.1",
536. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
537. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
538. "port": 80
539. },
540. {
541. "count": 1,
542. "body": "",
543. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
544. "user-agent": "Microsoft BITS/7.5",
545. "method": "HEAD",
546. "host": "r13---sn-bvvbax-2ime.gvt1.com",
547. "version": "1.1",
548. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
549. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
550. "port": 80
551. },
552. {
553. "count": 1,
554. "body": "",
555. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
556. "user-agent": "Microsoft BITS/7.5",
557. "method": "GET",
558. "host": "r13---sn-bvvbax-2ime.gvt1.com",
559. "version": "1.1",
560. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
561. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7171\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
562. "port": 80
563. },
564. {
565. "count": 1,
566. "body": "",
567. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
568. "user-agent": "Microsoft BITS/7.5",
569. "method": "GET",
570. "host": "r13---sn-bvvbax-2ime.gvt1.com",
571. "version": "1.1",
572. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
573. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7172-17738\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
574. "port": 80
575. },
576. {
577. "count": 1,
578. "body": "",
579. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
580. "user-agent": "Microsoft BITS/7.5",
581. "method": "GET",
582. "host": "r13---sn-bvvbax-2ime.gvt1.com",
583. "version": "1.1",
584. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
585. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17739-27619\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
586. "port": 80
587. },
588. {
589. "count": 1,
590. "body": "",
591. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
592. "user-agent": "Microsoft BITS/7.5",
593. "method": "GET",
594. "host": "r13---sn-bvvbax-2ime.gvt1.com",
595. "version": "1.1",
596. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
597. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27620-36862\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
598. "port": 80
599. },
600. {
601. "count": 1,
602. "body": "",
603. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
604. "user-agent": "Microsoft BITS/7.5",
605. "method": "GET",
606. "host": "r13---sn-bvvbax-2ime.gvt1.com",
607. "version": "1.1",
608. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
609. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=36863-57626\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
610. "port": 80
611. },
612. {
613. "count": 1,
614. "body": "",
615. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
616. "user-agent": "Microsoft BITS/7.5",
617. "method": "GET",
618. "host": "r13---sn-bvvbax-2ime.gvt1.com",
619. "version": "1.1",
620. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
621. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=57627-100211\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
622. "port": 80
623. },
624. {
625. "count": 1,
626. "body": "",
627. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
628. "user-agent": "Microsoft BITS/7.5",
629. "method": "GET",
630. "host": "r13---sn-bvvbax-2ime.gvt1.com",
631. "version": "1.1",
632. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
633. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=100212-187078\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
634. "port": 80
635. },
636. {
637. "count": 1,
638. "body": "",
639. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
640. "user-agent": "Microsoft BITS/7.5",
641. "method": "GET",
642. "host": "r13---sn-bvvbax-2ime.gvt1.com",
643. "version": "1.1",
644. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
645. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=187079-363953\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
646. "port": 80
647. },
648. {
649. "count": 1,
650. "body": "",
651. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
652. "user-agent": "Microsoft BITS/7.5",
653. "method": "GET",
654. "host": "r13---sn-bvvbax-2ime.gvt1.com",
655. "version": "1.1",
656. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
657. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=363954-721408\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
658. "port": 80
659. },
660. {
661. "count": 1,
662. "body": "",
663. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
664. "user-agent": "Microsoft BITS/7.5",
665. "method": "GET",
666. "host": "r13---sn-bvvbax-2ime.gvt1.com",
667. "version": "1.1",
668. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
669. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=721409-1336537\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
670. "port": 80
671. },
672. {
673. "count": 1,
674. "body": "",
675. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
676. "user-agent": "Microsoft BITS/7.5",
677. "method": "GET",
678. "host": "r13---sn-bvvbax-2ime.gvt1.com",
679. "version": "1.1",
680. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
681. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1336538-2784830\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
682. "port": 80
683. },
684. {
685. "count": 1,
686. "body": "",
687. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
688. "user-agent": "Microsoft BITS/7.5",
689. "method": "GET",
690. "host": "r13---sn-bvvbax-2ime.gvt1.com",
691. "version": "1.1",
692. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
693. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2784831-5563531\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
694. "port": 80
695. },
696. {
697. "count": 1,
698. "body": "",
699. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
700. "user-agent": "Microsoft BITS/7.5",
701. "method": "GET",
702. "host": "r13---sn-bvvbax-2ime.gvt1.com",
703. "version": "1.1",
704. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
705. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5563532-11346945\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
706. "port": 80
707. },
708. {
709. "count": 1,
710. "body": "",
711. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
712. "user-agent": "Microsoft BITS/7.5",
713. "method": "GET",
714. "host": "r13---sn-bvvbax-2ime.gvt1.com",
715. "version": "1.1",
716. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
717. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11346946-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
718. "port": 80
719. }
720. ]
721.  
722. [*] Network Communication - SMTP: []
723.  
724. [*] Network Communication - Hosts: []
725.  
726. [*] Network Communication - IRC: []
727.  
728. [*] Static Analysis: {
729. "pe": {
730. "peid_signatures": null,
731. "imports": [
732. {
733. "imports": [
734. {
735. "name": "LoadLibraryA",
736. "address": "0x66f338"
737. },
738. {
739. "name": "GetProcAddress",
740. "address": "0x66f33c"
741. },
742. {
743. "name": "VirtualProtect",
744. "address": "0x66f340"
745. },
746. {
747. "name": "VirtualAlloc",
748. "address": "0x66f344"
749. },
750. {
751. "name": "VirtualFree",
752. "address": "0x66f348"
753. },
754. {
755. "name": "ExitProcess",
756. "address": "0x66f34c"
757. }
758. ],
759. "dll": "KERNEL32.DLL"
760. },
761. {
762. "imports": [
763. {
764. "name": "AddAce",
765. "address": "0x66f354"
766. }
767. ],
768. "dll": "ADVAPI32.dll"
769. },
770. {
771. "imports": [
772. {
773. "name": "ImageList_Remove",
774. "address": "0x66f35c"
775. }
776. ],
777. "dll": "COMCTL32.dll"
778. },
779. {
780. "imports": [
781. {
782. "name": "GetSaveFileNameW",
783. "address": "0x66f364"
784. }
785. ],
786. "dll": "COMDLG32.dll"
787. },
788. {
789. "imports": [
790. {
791. "name": "LineTo",
792. "address": "0x66f36c"
793. }
794. ],
795. "dll": "GDI32.dll"
796. },
797. {
798. "imports": [
799. {
800. "name": "IcmpSendEcho",
801. "address": "0x66f374"
802. }
803. ],
804. "dll": "IPHLPAPI.DLL"
805. },
806. {
807. "imports": [
808. {
809. "name": "WNetUseConnectionW",
810. "address": "0x66f37c"
811. }
812. ],
813. "dll": "MPR.dll"
814. },
815. {
816. "imports": [
817. {
818. "name": "CoGetObject",
819. "address": "0x66f384"
820. }
821. ],
822. "dll": "ole32.dll"
823. },
824. {
825. "imports": [
826. {
827. "name": "VariantInit",
828. "address": "0x66f38c"
829. }
830. ],
831. "dll": "OLEAUT32.dll"
832. },
833. {
834. "imports": [
835. {
836. "name": "GetProcessMemoryInfo",
837. "address": "0x66f394"
838. }
839. ],
840. "dll": "PSAPI.DLL"
841. },
842. {
843. "imports": [
844. {
845. "name": "DragFinish",
846. "address": "0x66f39c"
847. }
848. ],
849. "dll": "SHELL32.dll"
850. },
851. {
852. "imports": [
853. {
854. "name": "GetDC",
855. "address": "0x66f3a4"
856. }
857. ],
858. "dll": "USER32.dll"
859. },
860. {
861. "imports": [
862. {
863. "name": "LoadUserProfileW",
864. "address": "0x66f3ac"
865. }
866. ],
867. "dll": "USERENV.dll"
868. },
869. {
870. "imports": [
871. {
872. "name": "IsThemeActive",
873. "address": "0x66f3b4"
874. }
875. ],
876. "dll": "UxTheme.dll"
877. },
878. {
879. "imports": [
880. {
881. "name": "VerQueryValueW",
882. "address": "0x66f3bc"
883. }
884. ],
885. "dll": "VERSION.dll"
886. },
887. {
888. "imports": [
889. {
890. "name": "FtpOpenFileW",
891. "address": "0x66f3c4"
892. }
893. ],
894. "dll": "WININET.dll"
895. },
896. {
897. "imports": [
898. {
899. "name": "timeGetTime",
900. "address": "0x66f3cc"
901. }
902. ],
903. "dll": "WINMM.dll"
904. },
905. {
906. "imports": [
907. {
908. "name": "socket",
909. "address": "0x66f3d4"
910. }
911. ],
912. "dll": "WSOCK32.dll"
913. }
914. ],
915. "digital_signers": null,
916. "exported_dll_name": null,
917. "actual_checksum": "0x0012a275",
918. "overlay": null,
919. "imagebase": "0x00400000",
920. "reported_checksum": "0x00000000",
921. "icon_hash": null,
922. "entrypoint": "0x005a30d0",
923. "timestamp": "2015-04-11 15:52:02",
924. "osversion": "5.1",
925. "sections": [
926. {
927. "name": "UPX0",
928. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
929. "virtual_address": "0x00001000",
930. "size_of_data": "0x00000000",
931. "entropy": "0.00",
932. "raw_address": "0x00000400",
933. "virtual_size": "0x0014e000",
934. "characteristics_raw": "0xe0000080"
935. },
936. {
937. "name": "UPX1",
938. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
939. "virtual_address": "0x0014f000",
940. "size_of_data": "0x00054400",
941. "entropy": "7.94",
942. "raw_address": "0x00000400",
943. "virtual_size": "0x00055000",
944. "characteristics_raw": "0xe0000040"
945. },
946. {
947. "name": ".rsrc",
948. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
949. "virtual_address": "0x001a4000",
950. "size_of_data": "0x000cb600",
951. "entropy": "7.71",
952. "raw_address": "0x00054800",
953. "virtual_size": "0x000cc000",
954. "characteristics_raw": "0xc0000040"
955. }
956. ],
957. "resources": [
958. {
959. "name": "RT_MENU",
960. "language": "LANG_ENGLISH",
961. "filetype": null,
962. "sublanguage": "SUBLANG_ENGLISH_UK",
963. "entropy": "0.00",
964. "offset": "0x000fb98c",
965. "size": "0x00000050"
966. },
967. {
968. "name": "RT_DIALOG",
969. "language": "LANG_ENGLISH",
970. "filetype": null,
971. "sublanguage": "SUBLANG_ENGLISH_UK",
972. "entropy": "0.00",
973. "offset": "0x000fb9dc",
974. "size": "0x000000fc"
975. },
976. {
977. "name": "RT_STRING",
978. "language": "LANG_ENGLISH",
979. "filetype": null,
980. "sublanguage": "SUBLANG_ENGLISH_UK",
981. "entropy": "0.00",
982. "offset": "0x000fdc48",
983. "size": "0x00000158"
984. },
985. {
986. "name": "RT_STRING",
987. "language": "LANG_ENGLISH",
988. "filetype": null,
989. "sublanguage": "SUBLANG_ENGLISH_UK",
990. "entropy": "0.00",
991. "offset": "0x000fdc48",
992. "size": "0x00000158"
993. },
994. {
995. "name": "RT_STRING",
996. "language": "LANG_ENGLISH",
997. "filetype": null,
998. "sublanguage": "SUBLANG_ENGLISH_UK",
999. "entropy": "0.00",
1000. "offset": "0x000fdc48",
1001. "size": "0x00000158"
1002. },
1003. {
1004. "name": "RT_STRING",
1005. "language": "LANG_ENGLISH",
1006. "filetype": null,
1007. "sublanguage": "SUBLANG_ENGLISH_UK",
1008. "entropy": "0.00",
1009. "offset": "0x000fdc48",
1010. "size": "0x00000158"
1011. },
1012. {
1013. "name": "RT_STRING",
1014. "language": "LANG_ENGLISH",
1015. "filetype": null,
1016. "sublanguage": "SUBLANG_ENGLISH_UK",
1017. "entropy": "0.00",
1018. "offset": "0x000fdc48",
1019. "size": "0x00000158"
1020. },
1021. {
1022. "name": "RT_STRING",
1023. "language": "LANG_ENGLISH",
1024. "filetype": null,
1025. "sublanguage": "SUBLANG_ENGLISH_UK",
1026. "entropy": "0.00",
1027. "offset": "0x000fdc48",
1028. "size": "0x00000158"
1029. },
1030. {
1031. "name": "RT_STRING",
1032. "language": "LANG_ENGLISH",
1033. "filetype": null,
1034. "sublanguage": "SUBLANG_ENGLISH_UK",
1035. "entropy": "0.00",
1036. "offset": "0x000fdc48",
1037. "size": "0x00000158"
1038. }
1039. ],
1040. "dirents": [
1041. {
1042. "virtual_address": "0x00000000",
1043. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1044. "size": "0x00000000"
1045. },
1046. {
1047. "virtual_address": "0x0026f1bc",
1048. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1049. "size": "0x00000424"
1050. },
1051. {
1052. "virtual_address": "0x001a4000",
1053. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1054. "size": "0x000cb1bc"
1055. },
1056. {
1057. "virtual_address": "0x00000000",
1058. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1059. "size": "0x00000000"
1060. },
1061. {
1062. "virtual_address": "0x00000000",
1063. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1064. "size": "0x00000000"
1065. },
1066. {
1067. "virtual_address": "0x0026f5e0",
1068. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1069. "size": "0x0000000c"
1070. },
1071. {
1072. "virtual_address": "0x00000000",
1073. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1074. "size": "0x00000000"
1075. },
1076. {
1077. "virtual_address": "0x00000000",
1078. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1079. "size": "0x00000000"
1080. },
1081. {
1082. "virtual_address": "0x00000000",
1083. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1084. "size": "0x00000000"
1085. },
1086. {
1087. "virtual_address": "0x00000000",
1088. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1089. "size": "0x00000000"
1090. },
1091. {
1092. "virtual_address": "0x001a32b4",
1093. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1094. "size": "0x00000048"
1095. },
1096. {
1097. "virtual_address": "0x00000000",
1098. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1099. "size": "0x00000000"
1100. },
1101. {
1102. "virtual_address": "0x00000000",
1103. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1104. "size": "0x00000000"
1105. },
1106. {
1107. "virtual_address": "0x00000000",
1108. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1109. "size": "0x00000000"
1110. },
1111. {
1112. "virtual_address": "0x00000000",
1113. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1114. "size": "0x00000000"
1115. },
1116. {
1117. "virtual_address": "0x00000000",
1118. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1119. "size": "0x00000000"
1120. }
1121. ],
1122. "exports": [],
1123. "guest_signers": {},
1124. "imphash": "ef471c0edf1877cd5a881a6a8bf647b9",
1125. "icon_fuzzy": null,
1126. "icon": null,
1127. "pdbpath": null,
1128. "imported_dll_count": 18,
1129. "versioninfo": []
1130. }
1131. }
1132.  
1133. [*] Resolved APIs: [
1134. "kernel32.dll.HeapAlloc",
1135. "kernel32.dll.GetProcessHeap",
1136. "kernel32.dll.HeapFree",
1137. "kernel32.dll.Sleep",
1138. "kernel32.dll.GetCurrentThreadId",
1139. "kernel32.dll.MultiByteToWideChar",
1140. "kernel32.dll.MulDiv",
1141. "kernel32.dll.GetVersionExW",
1142. "kernel32.dll.GetSystemInfo",
1143. "kernel32.dll.FreeLibrary",
1144. "kernel32.dll.LoadLibraryA",
1145. "kernel32.dll.GetProcAddress",
1146. "kernel32.dll.SetErrorMode",
1147. "kernel32.dll.GetModuleFileNameW",
1148. "kernel32.dll.WideCharToMultiByte",
1149. "kernel32.dll.lstrcpyW",
1150. "kernel32.dll.lstrlenW",
1151. "kernel32.dll.GetModuleHandleW",
1152. "kernel32.dll.QueryPerformanceCounter",
1153. "kernel32.dll.VirtualFreeEx",
1154. "kernel32.dll.OpenProcess",
1155. "kernel32.dll.VirtualAllocEx",
1156. "kernel32.dll.WriteProcessMemory",
1157. "kernel32.dll.ReadProcessMemory",
1158. "kernel32.dll.CreateFileW",
1159. "kernel32.dll.SetFilePointerEx",
1160. "kernel32.dll.ReadFile",
1161. "kernel32.dll.WriteFile",
1162. "kernel32.dll.FlushFileBuffers",
1163. "kernel32.dll.TerminateProcess",
1164. "kernel32.dll.CreateToolhelp32Snapshot",
1165. "kernel32.dll.Process32FirstW",
1166. "kernel32.dll.Process32NextW",
1167. "kernel32.dll.SetFileTime",
1168. "kernel32.dll.GetFileAttributesW",
1169. "kernel32.dll.FindFirstFileW",
1170. "kernel32.dll.FindClose",
1171. "kernel32.dll.GetLongPathNameW",
1172. "kernel32.dll.GetCurrentThread",
1173. "kernel32.dll.FindNextFileW",
1174. "kernel32.dll.MoveFileW",
1175. "kernel32.dll.CopyFileW",
1176. "kernel32.dll.CreateDirectoryW",
1177. "kernel32.dll.RemoveDirectoryW",
1178. "kernel32.dll.SetSystemPowerState",
1179. "kernel32.dll.QueryPerformanceFrequency",
1180. "kernel32.dll.FindResourceW",
1181. "kernel32.dll.LoadResource",
1182. "kernel32.dll.LockResource",
1183. "kernel32.dll.SizeofResource",
1184. "kernel32.dll.EnumResourceNamesW",
1185. "kernel32.dll.OutputDebugStringW",
1186. "kernel32.dll.GetTempPathW",
1187. "kernel32.dll.GetTempFileNameW",
1188. "kernel32.dll.DeviceIoControl",
1189. "kernel32.dll.GetLocalTime",
1190. "kernel32.dll.CompareStringW",
1191. "kernel32.dll.DeleteCriticalSection",
1192. "kernel32.dll.WaitForSingleObject",
1193. "kernel32.dll.LeaveCriticalSection",
1194. "kernel32.dll.GetStdHandle",
1195. "kernel32.dll.CreatePipe",
1196. "kernel32.dll.InterlockedExchange",
1197. "kernel32.dll.TerminateThread",
1198. "kernel32.dll.LoadLibraryExW",
1199. "kernel32.dll.FindResourceExW",
1200. "kernel32.dll.VirtualFree",
1201. "kernel32.dll.FormatMessageW",
1202. "kernel32.dll.GetExitCodeProcess",
1203. "kernel32.dll.GetPrivateProfileStringW",
1204. "kernel32.dll.WritePrivateProfileStringW",
1205. "kernel32.dll.GetPrivateProfileSectionW",
1206. "kernel32.dll.WritePrivateProfileSectionW",
1207. "kernel32.dll.GetPrivateProfileSectionNamesW",
1208. "kernel32.dll.FileTimeToLocalFileTime",
1209. "kernel32.dll.FileTimeToSystemTime",
1210. "kernel32.dll.SystemTimeToFileTime",
1211. "kernel32.dll.LocalFileTimeToFileTime",
1212. "kernel32.dll.GetDriveTypeW",
1213. "kernel32.dll.GetDiskFreeSpaceExW",
1214. "kernel32.dll.GetDiskFreeSpaceW",
1215. "kernel32.dll.GetVolumeInformationW",
1216. "kernel32.dll.SetVolumeLabelW",
1217. "kernel32.dll.CreateHardLinkW",
1218. "kernel32.dll.SetFileAttributesW",
1219. "kernel32.dll.GetShortPathNameW",
1220. "kernel32.dll.CreateEventW",
1221. "kernel32.dll.SetEvent",
1222. "kernel32.dll.GetEnvironmentVariableW",
1223. "kernel32.dll.SetEnvironmentVariableW",
1224. "kernel32.dll.GlobalLock",
1225. "kernel32.dll.GlobalUnlock",
1226. "kernel32.dll.GlobalAlloc",
1227. "kernel32.dll.GetFileSize",
1228. "kernel32.dll.GlobalFree",
1229. "kernel32.dll.GlobalMemoryStatusEx",
1230. "kernel32.dll.Beep",
1231. "kernel32.dll.GetSystemDirectoryW",
1232. "kernel32.dll.GetComputerNameW",
1233. "kernel32.dll.GetWindowsDirectoryW",
1234. "kernel32.dll.GetCurrentProcessId",
1235. "kernel32.dll.GetProcessIoCounters",
1236. "kernel32.dll.CreateProcessW",
1237. "kernel32.dll.SetPriorityClass",
1238. "kernel32.dll.LoadLibraryW",
1239. "kernel32.dll.VirtualAlloc",
1240. "kernel32.dll.CloseHandle",
1241. "kernel32.dll.GetLastError",
1242. "kernel32.dll.GetFullPathNameW",
1243. "kernel32.dll.SetCurrentDirectoryW",
1244. "kernel32.dll.IsDebuggerPresent",
1245. "kernel32.dll.GetCurrentDirectoryW",
1246. "kernel32.dll.lstrcmpiW",
1247. "kernel32.dll.RaiseException",
1248. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
1249. "kernel32.dll.InterlockedDecrement",
1250. "kernel32.dll.InterlockedIncrement",
1251. "kernel32.dll.CreateThread",
1252. "kernel32.dll.DuplicateHandle",
1253. "kernel32.dll.EnterCriticalSection",
1254. "kernel32.dll.GetCurrentProcess",
1255. "kernel32.dll.ExitProcess",
1256. "kernel32.dll.GetModuleHandleExW",
1257. "kernel32.dll.ExitThread",
1258. "kernel32.dll.GetSystemTimeAsFileTime",
1259. "kernel32.dll.ResumeThread",
1260. "kernel32.dll.GetCommandLineW",
1261. "kernel32.dll.IsProcessorFeaturePresent",
1262. "kernel32.dll.HeapSize",
1263. "kernel32.dll.IsValidCodePage",
1264. "kernel32.dll.GetACP",
1265. "kernel32.dll.GetOEMCP",
1266. "kernel32.dll.GetCPInfo",
1267. "kernel32.dll.SetLastError",
1268. "kernel32.dll.UnhandledExceptionFilter",
1269. "kernel32.dll.SetUnhandledExceptionFilter",
1270. "kernel32.dll.TlsAlloc",
1271. "kernel32.dll.TlsGetValue",
1272. "kernel32.dll.TlsSetValue",
1273. "kernel32.dll.TlsFree",
1274. "kernel32.dll.GetStartupInfoW",
1275. "kernel32.dll.GetStringTypeW",
1276. "kernel32.dll.SetStdHandle",
1277. "kernel32.dll.GetFileType",
1278. "kernel32.dll.GetConsoleCP",
1279. "kernel32.dll.GetConsoleMode",
1280. "kernel32.dll.RtlUnwind",
1281. "kernel32.dll.ReadConsoleW",
1282. "kernel32.dll.SetFilePointer",
1283. "kernel32.dll.GetTimeZoneInformation",
1284. "kernel32.dll.GetDateFormatW",
1285. "kernel32.dll.GetTimeFormatW",
1286. "kernel32.dll.LCMapStringW",
1287. "kernel32.dll.GetEnvironmentStringsW",
1288. "kernel32.dll.FreeEnvironmentStringsW",
1289. "kernel32.dll.HeapReAlloc",
1290. "kernel32.dll.WriteConsoleW",
1291. "kernel32.dll.SetEndOfFile",
1292. "kernel32.dll.DeleteFileW",
1293. "kernel32.dll.SetEnvironmentVariableA",
1294. "advapi32.dll.GetAclInformation",
1295. "advapi32.dll.RegEnumValueW",
1296. "advapi32.dll.RegDeleteValueW",
1297. "advapi32.dll.RegDeleteKeyW",
1298. "advapi32.dll.RegEnumKeyExW",
1299. "advapi32.dll.RegSetValueExW",
1300. "advapi32.dll.RegCreateKeyExW",
1301. "advapi32.dll.GetUserNameW",
1302. "advapi32.dll.RegOpenKeyExW",
1303. "advapi32.dll.RegCloseKey",
1304. "advapi32.dll.RegQueryValueExW",
1305. "advapi32.dll.RegConnectRegistryW",
1306. "advapi32.dll.InitializeSecurityDescriptor",
1307. "advapi32.dll.InitializeAcl",
1308. "advapi32.dll.AdjustTokenPrivileges",
1309. "advapi32.dll.OpenThreadToken",
1310. "advapi32.dll.OpenProcessToken",
1311. "advapi32.dll.LookupPrivilegeValueW",
1312. "advapi32.dll.DuplicateTokenEx",
1313. "advapi32.dll.CreateProcessAsUserW",
1314. "advapi32.dll.CreateProcessWithLogonW",
1315. "advapi32.dll.GetLengthSid",
1316. "advapi32.dll.CopySid",
1317. "advapi32.dll.InitiateSystemShutdownExW",
1318. "advapi32.dll.LogonUserW",
1319. "advapi32.dll.AllocateAndInitializeSid",
1320. "advapi32.dll.CheckTokenMembership",
1321. "advapi32.dll.FreeSid",
1322. "advapi32.dll.GetTokenInformation",
1323. "advapi32.dll.GetSecurityDescriptorDacl",
1324. "advapi32.dll.SetSecurityDescriptorDacl",
1325. "advapi32.dll.AddAce",
1326. "advapi32.dll.GetAce",
1327. "comctl32.dll.ImageList_Destroy",
1328. "comctl32.dll.ImageList_Remove",
1329. "comctl32.dll.ImageList_SetDragCursorImage",
1330. "comctl32.dll.ImageList_BeginDrag",
1331. "comctl32.dll.ImageList_DragEnter",
1332. "comctl32.dll.ImageList_DragLeave",
1333. "comctl32.dll.ImageList_EndDrag",
1334. "comctl32.dll.ImageList_DragMove",
1335. "comctl32.dll.ImageList_Create",
1336. "comctl32.dll.InitCommonControlsEx",
1337. "comctl32.dll.ImageList_ReplaceIcon",
1338. "comdlg32.dll.GetSaveFileNameW",
1339. "comdlg32.dll.GetOpenFileNameW",
1340. "gdi32.dll.SetPixel",
1341. "gdi32.dll.DeleteObject",
1342. "gdi32.dll.GetTextExtentPoint32W",
1343. "gdi32.dll.ExtCreatePen",
1344. "gdi32.dll.StrokeAndFillPath",
1345. "gdi32.dll.StrokePath",
1346. "gdi32.dll.GetDeviceCaps",
1347. "gdi32.dll.CloseFigure",
1348. "gdi32.dll.LineTo",
1349. "gdi32.dll.AngleArc",
1350. "gdi32.dll.CreateCompatibleBitmap",
1351. "gdi32.dll.CreateCompatibleDC",
1352. "gdi32.dll.MoveToEx",
1353. "gdi32.dll.Ellipse",
1354. "gdi32.dll.PolyDraw",
1355. "gdi32.dll.BeginPath",
1356. "gdi32.dll.SelectObject",
1357. "gdi32.dll.StretchBlt",
1358. "gdi32.dll.GetDIBits",
1359. "gdi32.dll.DeleteDC",
1360. "gdi32.dll.GetPixel",
1361. "gdi32.dll.CreateDCW",
1362. "gdi32.dll.GetStockObject",
1363. "gdi32.dll.Rectangle",
1364. "gdi32.dll.SetViewportOrgEx",
1365. "gdi32.dll.GetObjectW",
1366. "gdi32.dll.SetBkMode",
1367. "gdi32.dll.RoundRect",
1368. "gdi32.dll.SetBkColor",
1369. "gdi32.dll.CreatePen",
1370. "gdi32.dll.CreateSolidBrush",
1371. "gdi32.dll.SetTextColor",
1372. "gdi32.dll.CreateFontW",
1373. "gdi32.dll.GetTextFaceW",
1374. "gdi32.dll.EndPath",
1375. "iphlpapi.dll.IcmpCreateFile",
1376. "iphlpapi.dll.IcmpCloseHandle",
1377. "iphlpapi.dll.IcmpSendEcho",
1378. "mpr.dll.WNetUseConnectionW",
1379. "mpr.dll.WNetCancelConnection2W",
1380. "mpr.dll.WNetGetConnectionW",
1381. "mpr.dll.WNetAddConnection2W",
1382. "ole32.dll.CoTaskMemAlloc",
1383. "ole32.dll.CoTaskMemFree",
1384. "ole32.dll.CLSIDFromString",
1385. "ole32.dll.ProgIDFromCLSID",
1386. "ole32.dll.CLSIDFromProgID",
1387. "ole32.dll.OleSetMenuDescriptor",
1388. "ole32.dll.MkParseDisplayName",
1389. "ole32.dll.OleSetContainedObject",
1390. "ole32.dll.CoCreateInstance",
1391. "ole32.dll.IIDFromString",
1392. "ole32.dll.StringFromGUID2",
1393. "ole32.dll.CreateStreamOnHGlobal",
1394. "ole32.dll.CoInitialize",
1395. "ole32.dll.CoUninitialize",
1396. "ole32.dll.GetRunningObjectTable",
1397. "ole32.dll.CoGetInstanceFromFile",
1398. "ole32.dll.CoGetObject",
1399. "ole32.dll.CoInitializeSecurity",
1400. "ole32.dll.CoCreateInstanceEx",
1401. "ole32.dll.CoSetProxyBlanket",
1402. "oleaut32.dll.#163",
1403. "oleaut32.dll.#183",
1404. "oleaut32.dll.#11",
1405. "oleaut32.dll.#3",
1406. "oleaut32.dll.#6",
1407. "oleaut32.dll.#38",
1408. "oleaut32.dll.#39",
1409. "oleaut32.dll.#24",
1410. "oleaut32.dll.#23",
1411. "oleaut32.dll.#37",
1412. "oleaut32.dll.#186",
1413. "oleaut32.dll.#411",
1414. "oleaut32.dll.#2",
1415. "oleaut32.dll.#7",
1416. "oleaut32.dll.#185",
1417. "oleaut32.dll.#220",
1418. "oleaut32.dll.#77",
1419. "oleaut32.dll.#418",
1420. "oleaut32.dll.#164",
1421. "oleaut32.dll.#10",
1422. "oleaut32.dll.#9",
1423. "oleaut32.dll.#31",
1424. "oleaut32.dll.#32",
1425. "oleaut32.dll.#146",
1426. "oleaut32.dll.#12",
1427. "oleaut32.dll.#41",
1428. "oleaut32.dll.#8",
1429. "psapi.dll.GetProcessMemoryInfo",
1430. "shell32.dll.DragQueryPoint",
1431. "shell32.dll.ShellExecuteExW",
1432. "shell32.dll.DragQueryFileW",
1433. "shell32.dll.SHEmptyRecycleBinW",
1434. "shell32.dll.SHGetPathFromIDListW",
1435. "shell32.dll.SHBrowseForFolderW",
1436. "shell32.dll.SHCreateShellItem",
1437. "shell32.dll.SHGetDesktopFolder",
1438. "shell32.dll.SHGetSpecialFolderLocation",
1439. "shell32.dll.SHGetFolderPathW",
1440. "shell32.dll.SHFileOperationW",
1441. "shell32.dll.ExtractIconExW",
1442. "shell32.dll.Shell_NotifyIconW",
1443. "shell32.dll.ShellExecuteW",
1444. "shell32.dll.DragFinish",
1445. "user32.dll.SetWindowPos",
1446. "user32.dll.GetCursorInfo",
1447. "user32.dll.RegisterHotKey",
1448. "user32.dll.ClientToScreen",
1449. "user32.dll.GetKeyboardLayoutNameW",
1450. "user32.dll.IsCharAlphaW",
1451. "user32.dll.IsCharAlphaNumericW",
1452. "user32.dll.IsCharLowerW",
1453. "user32.dll.IsCharUpperW",
1454. "user32.dll.GetMenuStringW",
1455. "user32.dll.GetSubMenu",
1456. "user32.dll.GetCaretPos",
1457. "user32.dll.IsZoomed",
1458. "user32.dll.MonitorFromPoint",
1459. "user32.dll.GetMonitorInfoW",
1460. "user32.dll.SetWindowLongW",
1461. "user32.dll.SetLayeredWindowAttributes",
1462. "user32.dll.FlashWindow",
1463. "user32.dll.GetClassLongW",
1464. "user32.dll.TranslateAcceleratorW",
1465. "user32.dll.IsDialogMessageW",
1466. "user32.dll.GetSysColor",
1467. "user32.dll.InflateRect",
1468. "user32.dll.DrawFocusRect",
1469. "user32.dll.DrawTextW",
1470. "user32.dll.FrameRect",
1471. "user32.dll.DrawFrameControl",
1472. "user32.dll.FillRect",
1473. "user32.dll.PtInRect",
1474. "user32.dll.DestroyAcceleratorTable",
1475. "user32.dll.CreateAcceleratorTableW",
1476. "user32.dll.SetCursor",
1477. "user32.dll.GetWindowDC",
1478. "user32.dll.GetSystemMetrics",
1479. "user32.dll.DrawMenuBar",
1480. "user32.dll.GetActiveWindow",
1481. "user32.dll.CharNextW",
1482. "user32.dll.wsprintfW",
1483. "user32.dll.RedrawWindow",
1484. "user32.dll.DestroyMenu",
1485. "user32.dll.SetMenu",
1486. "user32.dll.GetWindowTextLengthW",
1487. "user32.dll.CreateMenu",
1488. "user32.dll.IsDlgButtonChecked",
1489. "user32.dll.DefDlgProcW",
1490. "user32.dll.CallWindowProcW",
1491. "user32.dll.ReleaseCapture",
1492. "user32.dll.SetCapture",
1493. "user32.dll.MonitorFromRect",
1494. "user32.dll.LoadImageW",
1495. "user32.dll.CreateIconFromResourceEx",
1496. "user32.dll.mouse_event",
1497. "user32.dll.ExitWindowsEx",
1498. "user32.dll.SetActiveWindow",
1499. "user32.dll.FindWindowExW",
1500. "user32.dll.EnumThreadWindows",
1501. "user32.dll.SetMenuDefaultItem",
1502. "user32.dll.InsertMenuItemW",
1503. "user32.dll.IsMenu",
1504. "user32.dll.TrackPopupMenuEx",
1505. "user32.dll.GetCursorPos",
1506. "user32.dll.CopyImage",
1507. "user32.dll.CheckMenuRadioItem",
1508. "user32.dll.GetMenuItemID",
1509. "user32.dll.GetMenuItemCount",
1510. "user32.dll.SetMenuItemInfoW",
1511. "user32.dll.GetMenuItemInfoW",
1512. "user32.dll.SetForegroundWindow",
1513. "user32.dll.IsIconic",
1514. "user32.dll.FindWindowW",
1515. "user32.dll.UnregisterHotKey",
1516. "user32.dll.keybd_event",
1517. "user32.dll.SendInput",
1518. "user32.dll.GetAsyncKeyState",
1519. "user32.dll.SetKeyboardState",
1520. "user32.dll.GetKeyboardState",
1521. "user32.dll.GetKeyState",
1522. "user32.dll.VkKeyScanW",
1523. "user32.dll.LoadStringW",
1524. "user32.dll.DialogBoxParamW",
1525. "user32.dll.MessageBeep",
1526. "user32.dll.EndDialog",
1527. "user32.dll.SendDlgItemMessageW",
1528. "user32.dll.GetDlgItem",
1529. "user32.dll.SetWindowTextW",
1530. "user32.dll.CopyRect",
1531. "user32.dll.ReleaseDC",
1532. "user32.dll.GetDC",
1533. "user32.dll.EndPaint",
1534. "user32.dll.BeginPaint",
1535. "user32.dll.GetClientRect",
1536. "user32.dll.GetMenu",
1537. "user32.dll.DestroyWindow",
1538. "user32.dll.EnumWindows",
1539. "user32.dll.GetDesktopWindow",
1540. "user32.dll.IsWindow",
1541. "user32.dll.IsWindowEnabled",
1542. "user32.dll.IsWindowVisible",
1543. "user32.dll.EnableWindow",
1544. "user32.dll.InvalidateRect",
1545. "user32.dll.GetWindowLongW",
1546. "user32.dll.GetWindowThreadProcessId",
1547. "user32.dll.AttachThreadInput",
1548. "user32.dll.GetFocus",
1549. "user32.dll.ScreenToClient",
1550. "user32.dll.SendMessageTimeoutW",
1551. "user32.dll.EnumChildWindows",
1552. "user32.dll.CharUpperBuffW",
1553. "user32.dll.GetClassNameW",
1554. "user32.dll.GetParent",
1555. "user32.dll.GetDlgCtrlID",
1556. "user32.dll.SendMessageW",
1557. "user32.dll.MapVirtualKeyW",
1558. "user32.dll.PostMessageW",
1559. "user32.dll.GetWindowRect",
1560. "user32.dll.SetUserObjectSecurity",
1561. "user32.dll.CloseDesktop",
1562. "user32.dll.CloseWindowStation",
1563. "user32.dll.OpenDesktopW",
1564. "user32.dll.SetProcessWindowStation",
1565. "user32.dll.GetProcessWindowStation",
1566. "user32.dll.OpenWindowStationW",
1567. "user32.dll.GetUserObjectSecurity",
1568. "user32.dll.AdjustWindowRectEx",
1569. "user32.dll.SetRect",
1570. "user32.dll.SetClipboardData",
1571. "user32.dll.EmptyClipboard",
1572. "user32.dll.CountClipboardFormats",
1573. "user32.dll.CloseClipboard",
1574. "user32.dll.GetClipboardData",
1575. "user32.dll.IsClipboardFormatAvailable",
1576. "user32.dll.OpenClipboard",
1577. "user32.dll.BlockInput",
1578. "user32.dll.GetMessageW",
1579. "user32.dll.LockWindowUpdate",
1580. "user32.dll.DispatchMessageW",
1581. "user32.dll.TranslateMessage",
1582. "user32.dll.DeleteMenu",
1583. "user32.dll.PeekMessageW",
1584. "user32.dll.MessageBoxW",
1585. "user32.dll.DefWindowProcW",
1586. "user32.dll.MoveWindow",
1587. "user32.dll.SetFocus",
1588. "user32.dll.PostQuitMessage",
1589. "user32.dll.KillTimer",
1590. "user32.dll.CreatePopupMenu",
1591. "user32.dll.RegisterWindowMessageW",
1592. "user32.dll.SetTimer",
1593. "user32.dll.ShowWindow",
1594. "user32.dll.CreateWindowExW",
1595. "user32.dll.RegisterClassExW",
1596. "user32.dll.LoadIconW",
1597. "user32.dll.LoadCursorW",
1598. "user32.dll.GetSysColorBrush",
1599. "user32.dll.GetForegroundWindow",
1600. "user32.dll.MessageBoxA",
1601. "user32.dll.DestroyIcon",
1602. "user32.dll.SystemParametersInfoW",
1603. "user32.dll.CharLowerBuffW",
1604. "user32.dll.GetWindowTextW",
1605. "userenv.dll.UnloadUserProfile",
1606. "userenv.dll.DestroyEnvironmentBlock",
1607. "userenv.dll.CreateEnvironmentBlock",
1608. "userenv.dll.LoadUserProfileW",
1609. "uxtheme.dll.IsThemeActive",
1610. "version.dll.GetFileVersionInfoW",
1611. "version.dll.VerQueryValueW",
1612. "version.dll.GetFileVersionInfoSizeW",
1613. "wininet.dll.InternetReadFile",
1614. "wininet.dll.InternetCloseHandle",
1615. "wininet.dll.InternetOpenW",
1616. "wininet.dll.InternetSetOptionW",
1617. "wininet.dll.InternetCrackUrlW",
1618. "wininet.dll.HttpQueryInfoW",
1619. "wininet.dll.InternetQueryOptionW",
1620. "wininet.dll.HttpOpenRequestW",
1621. "wininet.dll.HttpSendRequestW",
1622. "wininet.dll.FtpOpenFileW",
1623. "wininet.dll.FtpGetFileSize",
1624. "wininet.dll.InternetOpenUrlW",
1625. "wininet.dll.InternetConnectW",
1626. "wininet.dll.InternetQueryDataAvailable",
1627. "winmm.dll.timeGetTime",
1628. "winmm.dll.waveOutSetVolume",
1629. "winmm.dll.mciSendStringW",
1630. "wsock32.dll.#151",
1631. "wsock32.dll.#16",
1632. "wsock32.dll.#19",
1633. "wsock32.dll.#21",
1634. "wsock32.dll.#15",
1635. "wsock32.dll.#17",
1636. "wsock32.dll.#18",
1637. "wsock32.dll.#115",
1638. "wsock32.dll.#9",
1639. "wsock32.dll.#1",
1640. "wsock32.dll.#13",
1641. "wsock32.dll.#2",
1642. "wsock32.dll.#3",
1643. "wsock32.dll.#4",
1644. "wsock32.dll.#116",
1645. "wsock32.dll.#10",
1646. "wsock32.dll.#20",
1647. "wsock32.dll.#111",
1648. "wsock32.dll.#11",
1649. "wsock32.dll.#52",
1650. "wsock32.dll.#57",
1651. "wsock32.dll.#23",
1652. "kernel32.dll.FlsAlloc",
1653. "kernel32.dll.FlsFree",
1654. "kernel32.dll.FlsGetValue",
1655. "kernel32.dll.FlsSetValue",
1656. "kernel32.dll.InitializeCriticalSectionEx",
1657. "kernel32.dll.CreateSemaphoreExW",
1658. "kernel32.dll.SetThreadStackGuarantee",
1659. "kernel32.dll.CreateThreadpoolTimer",
1660. "kernel32.dll.SetThreadpoolTimer",
1661. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
1662. "kernel32.dll.CloseThreadpoolTimer",
1663. "kernel32.dll.CreateThreadpoolWait",
1664. "kernel32.dll.SetThreadpoolWait",
1665. "kernel32.dll.CloseThreadpoolWait",
1666. "kernel32.dll.FlushProcessWriteBuffers",
1667. "kernel32.dll.FreeLibraryWhenCallbackReturns",
1668. "kernel32.dll.GetCurrentProcessorNumber",
1669. "kernel32.dll.GetLogicalProcessorInformation",
1670. "kernel32.dll.CreateSymbolicLinkW",
1671. "kernel32.dll.EnumSystemLocalesEx",
1672. "kernel32.dll.CompareStringEx",
1673. "kernel32.dll.GetDateFormatEx",
1674. "kernel32.dll.GetLocaleInfoEx",
1675. "kernel32.dll.GetTimeFormatEx",
1676. "kernel32.dll.GetUserDefaultLocaleName",
1677. "kernel32.dll.IsValidLocaleName",
1678. "kernel32.dll.LCMapStringEx",
1679. "kernel32.dll.IsWow64Process",
1680. "kernel32.dll.GetNativeSystemInfo",
1681. "cryptbase.dll.SystemFunction036",
1682. "uxtheme.dll.ThemeInitApiHook",
1683. "user32.dll.IsProcessDPIAware",
1684. "kernel32.dll.Wow64DisableWow64FsRedirection",
1685. "kernel32.dll.Wow64RevertWow64FsRedirection",
1686. "dwmapi.dll.DwmIsCompositionEnabled",
1687. "comctl32.dll.RegisterClassNameW",
1688. "kernel32.dll.SortGetHandle",
1689. "kernel32.dll.SortCloseHandle",
1690. "uxtheme.dll.OpenThemeData",
1691. "uxtheme.dll.GetThemeBool",
1692. "imm32.dll.ImmGetContext",
1693. "imm32.dll.ImmReleaseContext",
1694. "imm32.dll.ImmAssociateContext",
1695. "imm32.dll.ImmIsIME",
1696. "comctl32.dll.HIMAGELIST_QueryInterface",
1697. "comctl32.dll.DrawShadowText",
1698. "comctl32.dll.DrawSizeBox",
1699. "comctl32.dll.DrawScrollBar",
1700. "comctl32.dll.SizeBoxHwnd",
1701. "comctl32.dll.ScrollBar_MouseMove",
1702. "comctl32.dll.ScrollBar_Menu",
1703. "comctl32.dll.HandleScrollCmd",
1704. "comctl32.dll.DetachScrollBars",
1705. "comctl32.dll.AttachScrollBars",
1706. "comctl32.dll.CCSetScrollInfo",
1707. "comctl32.dll.CCGetScrollInfo",
1708. "comctl32.dll.CCEnableScrollBar",
1709. "comctl32.dll.QuerySystemGestureStatus",
1710. "uxtheme.dll.#49",
1711. "shell32.dll.#66",
1712. "uxtheme.dll.GetThemeColor",
1713. "uxtheme.dll.GetThemeMargins",
1714. "uxtheme.dll.GetThemeFont",
1715. "uxtheme.dll.GetThemeTextMetrics",
1716. "uxtheme.dll.GetThemeTextExtent",
1717. "gdi32.dll.GetLayout",
1718. "gdi32.dll.GdiRealizationInfo",
1719. "gdi32.dll.FontIsLinked",
1720. "advapi32.dll.RegQueryInfoKeyW",
1721. "gdi32.dll.GetTextFaceAliasW",
1722. "gdi32.dll.GetFontAssocStatus",
1723. "advapi32.dll.RegQueryValueExA",
1724. "uxtheme.dll.GetThemeBackgroundExtent",
1725. "uxtheme.dll.EnableThemeDialogTexture",
1726. "gdi32.dll.GdiIsMetaPrintDC",
1727. "ole32.dll.CoInitializeEx",
1728. "ole32.dll.CoRegisterInitializeSpy",
1729. "ole32.dll.CoRevokeInitializeSpy",
1730. "uxtheme.dll.DrawThemeParentBackground",
1731. "uxtheme.dll.DrawThemeBackground",
1732. "uxtheme.dll.DrawThemeText",
1733. "uxtheme.dll.BufferedPaintInit",
1734. "uxtheme.dll.BufferedPaintRenderAnimation",
1735. "uxtheme.dll.BeginBufferedAnimation",
1736. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
1737. "uxtheme.dll.GetThemeBackgroundContentRect",
1738. "uxtheme.dll.EndBufferedAnimation"
1739. ]
1740.  
1741. [*] Static Analysis: {
1742. "pe": {
1743. "peid_signatures": null,
1744. "imports": [
1745. {
1746. "imports": [
1747. {
1748. "name": "LoadLibraryA",
1749. "address": "0x66f338"
1750. },
1751. {
1752. "name": "GetProcAddress",
1753. "address": "0x66f33c"
1754. },
1755. {
1756. "name": "VirtualProtect",
1757. "address": "0x66f340"
1758. },
1759. {
1760. "name": "VirtualAlloc",
1761. "address": "0x66f344"
1762. },
1763. {
1764. "name": "VirtualFree",
1765. "address": "0x66f348"
1766. },
1767. {
1768. "name": "ExitProcess",
1769. "address": "0x66f34c"
1770. }
1771. ],
1772. "dll": "KERNEL32.DLL"
1773. },
1774. {
1775. "imports": [
1776. {
1777. "name": "AddAce",
1778. "address": "0x66f354"
1779. }
1780. ],
1781. "dll": "ADVAPI32.dll"
1782. },
1783. {
1784. "imports": [
1785. {
1786. "name": "ImageList_Remove",
1787. "address": "0x66f35c"
1788. }
1789. ],
1790. "dll": "COMCTL32.dll"
1791. },
1792. {
1793. "imports": [
1794. {
1795. "name": "GetSaveFileNameW",
1796. "address": "0x66f364"
1797. }
1798. ],
1799. "dll": "COMDLG32.dll"
1800. },
1801. {
1802. "imports": [
1803. {
1804. "name": "LineTo",
1805. "address": "0x66f36c"
1806. }
1807. ],
1808. "dll": "GDI32.dll"
1809. },
1810. {
1811. "imports": [
1812. {
1813. "name": "IcmpSendEcho",
1814. "address": "0x66f374"
1815. }
1816. ],
1817. "dll": "IPHLPAPI.DLL"
1818. },
1819. {
1820. "imports": [
1821. {
1822. "name": "WNetUseConnectionW",
1823. "address": "0x66f37c"
1824. }
1825. ],
1826. "dll": "MPR.dll"
1827. },
1828. {
1829. "imports": [
1830. {
1831. "name": "CoGetObject",
1832. "address": "0x66f384"
1833. }
1834. ],
1835. "dll": "ole32.dll"
1836. },
1837. {
1838. "imports": [
1839. {
1840. "name": "VariantInit",
1841. "address": "0x66f38c"
1842. }
1843. ],
1844. "dll": "OLEAUT32.dll"
1845. },
1846. {
1847. "imports": [
1848. {
1849. "name": "GetProcessMemoryInfo",
1850. "address": "0x66f394"
1851. }
1852. ],
1853. "dll": "PSAPI.DLL"
1854. },
1855. {
1856. "imports": [
1857. {
1858. "name": "DragFinish",
1859. "address": "0x66f39c"
1860. }
1861. ],
1862. "dll": "SHELL32.dll"
1863. },
1864. {
1865. "imports": [
1866. {
1867. "name": "GetDC",
1868. "address": "0x66f3a4"
1869. }
1870. ],
1871. "dll": "USER32.dll"
1872. },
1873. {
1874. "imports": [
1875. {
1876. "name": "LoadUserProfileW",
1877. "address": "0x66f3ac"
1878. }
1879. ],
1880. "dll": "USERENV.dll"
1881. },
1882. {
1883. "imports": [
1884. {
1885. "name": "IsThemeActive",
1886. "address": "0x66f3b4"
1887. }
1888. ],
1889. "dll": "UxTheme.dll"
1890. },
1891. {
1892. "imports": [
1893. {
1894. "name": "VerQueryValueW",
1895. "address": "0x66f3bc"
1896. }
1897. ],
1898. "dll": "VERSION.dll"
1899. },
1900. {
1901. "imports": [
1902. {
1903. "name": "FtpOpenFileW",
1904. "address": "0x66f3c4"
1905. }
1906. ],
1907. "dll": "WININET.dll"
1908. },
1909. {
1910. "imports": [
1911. {
1912. "name": "timeGetTime",
1913. "address": "0x66f3cc"
1914. }
1915. ],
1916. "dll": "WINMM.dll"
1917. },
1918. {
1919. "imports": [
1920. {
1921. "name": "socket",
1922. "address": "0x66f3d4"
1923. }
1924. ],
1925. "dll": "WSOCK32.dll"
1926. }
1927. ],
1928. "digital_signers": null,
1929. "exported_dll_name": null,
1930. "actual_checksum": "0x0012a275",
1931. "overlay": null,
1932. "imagebase": "0x00400000",
1933. "reported_checksum": "0x00000000",
1934. "icon_hash": null,
1935. "entrypoint": "0x005a30d0",
1936. "timestamp": "2015-04-11 15:52:02",
1937. "osversion": "5.1",
1938. "sections": [
1939. {
1940. "name": "UPX0",
1941. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1942. "virtual_address": "0x00001000",
1943. "size_of_data": "0x00000000",
1944. "entropy": "0.00",
1945. "raw_address": "0x00000400",
1946. "virtual_size": "0x0014e000",
1947. "characteristics_raw": "0xe0000080"
1948. },
1949. {
1950. "name": "UPX1",
1951. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1952. "virtual_address": "0x0014f000",
1953. "size_of_data": "0x00054400",
1954. "entropy": "7.94",
1955. "raw_address": "0x00000400",
1956. "virtual_size": "0x00055000",
1957. "characteristics_raw": "0xe0000040"
1958. },
1959. {
1960. "name": ".rsrc",
1961. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1962. "virtual_address": "0x001a4000",
1963. "size_of_data": "0x000cb600",
1964. "entropy": "7.71",
1965. "raw_address": "0x00054800",
1966. "virtual_size": "0x000cc000",
1967. "characteristics_raw": "0xc0000040"
1968. }
1969. ],
1970. "resources": [
1971. {
1972. "name": "RT_MENU",
1973. "language": "LANG_ENGLISH",
1974. "filetype": null,
1975. "sublanguage": "SUBLANG_ENGLISH_UK",
1976. "entropy": "0.00",
1977. "offset": "0x000fb98c",
1978. "size": "0x00000050"
1979. },
1980. {
1981. "name": "RT_DIALOG",
1982. "language": "LANG_ENGLISH",
1983. "filetype": null,
1984. "sublanguage": "SUBLANG_ENGLISH_UK",
1985. "entropy": "0.00",
1986. "offset": "0x000fb9dc",
1987. "size": "0x000000fc"
1988. },
1989. {
1990. "name": "RT_STRING",
1991. "language": "LANG_ENGLISH",
1992. "filetype": null,
1993. "sublanguage": "SUBLANG_ENGLISH_UK",
1994. "entropy": "0.00",
1995. "offset": "0x000fdc48",
1996. "size": "0x00000158"
1997. },
1998. {
1999. "name": "RT_STRING",
2000. "language": "LANG_ENGLISH",
2001. "filetype": null,
2002. "sublanguage": "SUBLANG_ENGLISH_UK",
2003. "entropy": "0.00",
2004. "offset": "0x000fdc48",
2005. "size": "0x00000158"
2006. },
2007. {
2008. "name": "RT_STRING",
2009. "language": "LANG_ENGLISH",
2010. "filetype": null,
2011. "sublanguage": "SUBLANG_ENGLISH_UK",
2012. "entropy": "0.00",
2013. "offset": "0x000fdc48",
2014. "size": "0x00000158"
2015. },
2016. {
2017. "name": "RT_STRING",
2018. "language": "LANG_ENGLISH",
2019. "filetype": null,
2020. "sublanguage": "SUBLANG_ENGLISH_UK",
2021. "entropy": "0.00",
2022. "offset": "0x000fdc48",
2023. "size": "0x00000158"
2024. },
2025. {
2026. "name": "RT_STRING",
2027. "language": "LANG_ENGLISH",
2028. "filetype": null,
2029. "sublanguage": "SUBLANG_ENGLISH_UK",
2030. "entropy": "0.00",
2031. "offset": "0x000fdc48",
2032. "size": "0x00000158"
2033. },
2034. {
2035. "name": "RT_STRING",
2036. "language": "LANG_ENGLISH",
2037. "filetype": null,
2038. "sublanguage": "SUBLANG_ENGLISH_UK",
2039. "entropy": "0.00",
2040. "offset": "0x000fdc48",
2041. "size": "0x00000158"
2042. },
2043. {
2044. "name": "RT_STRING",
2045. "language": "LANG_ENGLISH",
2046. "filetype": null,
2047. "sublanguage": "SUBLANG_ENGLISH_UK",
2048. "entropy": "0.00",
2049. "offset": "0x000fdc48",
2050. "size": "0x00000158"
2051. }
2052. ],
2053. "dirents": [
2054. {
2055. "virtual_address": "0x00000000",
2056. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2057. "size": "0x00000000"
2058. },
2059. {
2060. "virtual_address": "0x0026f1bc",
2061. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2062. "size": "0x00000424"
2063. },
2064. {
2065. "virtual_address": "0x001a4000",
2066. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2067. "size": "0x000cb1bc"
2068. },
2069. {
2070. "virtual_address": "0x00000000",
2071. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2072. "size": "0x00000000"
2073. },
2074. {
2075. "virtual_address": "0x00000000",
2076. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2077. "size": "0x00000000"
2078. },
2079. {
2080. "virtual_address": "0x0026f5e0",
2081. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2082. "size": "0x0000000c"
2083. },
2084. {
2085. "virtual_address": "0x00000000",
2086. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2087. "size": "0x00000000"
2088. },
2089. {
2090. "virtual_address": "0x00000000",
2091. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2092. "size": "0x00000000"
2093. },
2094. {
2095. "virtual_address": "0x00000000",
2096. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2097. "size": "0x00000000"
2098. },
2099. {
2100. "virtual_address": "0x00000000",
2101. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2102. "size": "0x00000000"
2103. },
2104. {
2105. "virtual_address": "0x001a32b4",
2106. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2107. "size": "0x00000048"
2108. },
2109. {
2110. "virtual_address": "0x00000000",
2111. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2112. "size": "0x00000000"
2113. },
2114. {
2115. "virtual_address": "0x00000000",
2116. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2117. "size": "0x00000000"
2118. },
2119. {
2120. "virtual_address": "0x00000000",
2121. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2122. "size": "0x00000000"
2123. },
2124. {
2125. "virtual_address": "0x00000000",
2126. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2127. "size": "0x00000000"
2128. },
2129. {
2130. "virtual_address": "0x00000000",
2131. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2132. "size": "0x00000000"
2133. }
2134. ],
2135. "exports": [],
2136. "guest_signers": {},
2137. "imphash": "ef471c0edf1877cd5a881a6a8bf647b9",
2138. "icon_fuzzy": null,
2139. "icon": null,
2140. "pdbpath": null,
2141. "imported_dll_count": 18,
2142. "versioninfo": []
2143. }
2144. }