Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_181d2f93.exe"
- [*] File Size: 1179136
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed"
- [*] SHA256: "56ff6937ac04352eeb83b3ae75b9a1d2efb3177f7b460c148864a3236b22efb2"
- [*] MD5: "072760d80286205652af3041d68d7033"
- [*] SHA1: "94eb839fd537dbfb93cb51c53b2eb15f70480edc"
- [*] SHA512: "2736a3a4a299aaa1e08fe0da7607357a52dae3869c22c27f2a4356e0dcb240d3cb1b1ceef0bf1c3645917aa2d874c5f3ba5e7846f2e0d78015dc1e0ed90dcbf4"
- [*] CRC32: "181D2F93"
- [*] SSDEEP: "24576:7q5TfcdHj4fmbrPevqKoyWdMIZJ0HyFaoVuy8jadVhZIV7Um5ibp:7UTsamnmvqKoyWdMIZJ0hm38juS"
- [*] Process Execution: [
- "Exes_181d2f93.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: UPX1, entropy: 7.94, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00054400, virtual_size: 0x00055000"
- },
- {
- "section": "name: .rsrc, entropy: 7.71, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000cb600, virtual_size: 0x000cc000"
- }
- ]
- },
- {
- "Description": "The executable is compressed using UPX",
- "Details": [
- {
- "section": "name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x0014e000"
- }
- ]
- },
- {
- "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "FireEye": "Generic.mg.072760d802862056"
- },
- {
- "VIPRE": "Trojan.Win32.Generic!BT"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "K7AntiVirus": "Riskware ( 0040eff71 )"
- },
- {
- "Symantec": "Trojan.Gen.2"
- },
- {
- "APEX": "Malicious"
- },
- {
- "ClamAV": "Win.Malware.Agent-6346337-0"
- },
- {
- "AegisLab": "Trojan.Win32.Generic.4!c"
- },
- {
- "DrWeb": "BackDoor.Comet.2352"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.tc"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Endgame": "malicious (moderate confidence)"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "McAfee": "Artemis!072760D80286"
- },
- {
- "VBA32": "Backdoor.Comet"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Created Services: []
- [*] Mutexes: [
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut27B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\idm_reset.reg",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut29B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\idm_trial.reg",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2AC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\idm_reg.reg",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2BC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\SetACLx32.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2FC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\SetACLx64.exe"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut27B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut29B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2AC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2BC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut2FC.tmp"
- ]
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7171\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7172-17738\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17739-27619\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27620-36862\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=36863-57626\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=57627-100211\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=100212-187078\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=187079-363953\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=363954-721408\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=721409-1336537\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1336538-2784830\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2784831-5563531\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5563532-11346945\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560592405&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11346946-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "LoadLibraryA",
- "address": "0x66f338"
- },
- {
- "name": "GetProcAddress",
- "address": "0x66f33c"
- },
- {
- "name": "VirtualProtect",
- "address": "0x66f340"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x66f344"
- },
- {
- "name": "VirtualFree",
- "address": "0x66f348"
- },
- {
- "name": "ExitProcess",
- "address": "0x66f34c"
- }
- ],
- "dll": "KERNEL32.DLL"
- },
- {
- "imports": [
- {
- "name": "AddAce",
- "address": "0x66f354"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Remove",
- "address": "0x66f35c"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetSaveFileNameW",
- "address": "0x66f364"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "LineTo",
- "address": "0x66f36c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "IcmpSendEcho",
- "address": "0x66f374"
- }
- ],
- "dll": "IPHLPAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "WNetUseConnectionW",
- "address": "0x66f37c"
- }
- ],
- "dll": "MPR.dll"
- },
- {
- "imports": [
- {
- "name": "CoGetObject",
- "address": "0x66f384"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "VariantInit",
- "address": "0x66f38c"
- }
- ],
- "dll": "OLEAUT32.dll"
- },
- {
- "imports": [
- {
- "name": "GetProcessMemoryInfo",
- "address": "0x66f394"
- }
- ],
- "dll": "PSAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "DragFinish",
- "address": "0x66f39c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetDC",
- "address": "0x66f3a4"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "LoadUserProfileW",
- "address": "0x66f3ac"
- }
- ],
- "dll": "USERENV.dll"
- },
- {
- "imports": [
- {
- "name": "IsThemeActive",
- "address": "0x66f3b4"
- }
- ],
- "dll": "UxTheme.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueW",
- "address": "0x66f3bc"
- }
- ],
- "dll": "VERSION.dll"
- },
- {
- "imports": [
- {
- "name": "FtpOpenFileW",
- "address": "0x66f3c4"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x66f3cc"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "socket",
- "address": "0x66f3d4"
- }
- ],
- "dll": "WSOCK32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0012a275",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x005a30d0",
- "timestamp": "2015-04-11 15:52:02",
- "osversion": "5.1",
- "sections": [
- {
- "name": "UPX0",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000400",
- "virtual_size": "0x0014e000",
- "characteristics_raw": "0xe0000080"
- },
- {
- "name": "UPX1",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0014f000",
- "size_of_data": "0x00054400",
- "entropy": "7.94",
- "raw_address": "0x00000400",
- "virtual_size": "0x00055000",
- "characteristics_raw": "0xe0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x001a4000",
- "size_of_data": "0x000cb600",
- "entropy": "7.71",
- "raw_address": "0x00054800",
- "virtual_size": "0x000cc000",
- "characteristics_raw": "0xc0000040"
- }
- ],
- "resources": [
- {
- "name": "RT_MENU",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fb98c",
- "size": "0x00000050"
- },
- {
- "name": "RT_DIALOG",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fb9dc",
- "size": "0x000000fc"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- }
- ],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0026f1bc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000424"
- },
- {
- "virtual_address": "0x001a4000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000cb1bc"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0026f5e0",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x001a32b4",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "ef471c0edf1877cd5a881a6a8bf647b9",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 18,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.HeapAlloc",
- "kernel32.dll.GetProcessHeap",
- "kernel32.dll.HeapFree",
- "kernel32.dll.Sleep",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.MultiByteToWideChar",
- "kernel32.dll.MulDiv",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.FreeLibrary",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.WideCharToMultiByte",
- "kernel32.dll.lstrcpyW",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.QueryPerformanceCounter",
- "kernel32.dll.VirtualFreeEx",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.VirtualAllocEx",
- "kernel32.dll.WriteProcessMemory",
- "kernel32.dll.ReadProcessMemory",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.SetFilePointerEx",
- "kernel32.dll.ReadFile",
- "kernel32.dll.WriteFile",
- "kernel32.dll.FlushFileBuffers",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Process32FirstW",
- "kernel32.dll.Process32NextW",
- "kernel32.dll.SetFileTime",
- "kernel32.dll.GetFileAttributesW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.GetLongPathNameW",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.MoveFileW",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.RemoveDirectoryW",
- "kernel32.dll.SetSystemPowerState",
- "kernel32.dll.QueryPerformanceFrequency",
- "kernel32.dll.FindResourceW",
- "kernel32.dll.LoadResource",
- "kernel32.dll.LockResource",
- "kernel32.dll.SizeofResource",
- "kernel32.dll.EnumResourceNamesW",
- "kernel32.dll.OutputDebugStringW",
- "kernel32.dll.GetTempPathW",
- "kernel32.dll.GetTempFileNameW",
- "kernel32.dll.DeviceIoControl",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.CompareStringW",
- "kernel32.dll.DeleteCriticalSection",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.LeaveCriticalSection",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.CreatePipe",
- "kernel32.dll.InterlockedExchange",
- "kernel32.dll.TerminateThread",
- "kernel32.dll.LoadLibraryExW",
- "kernel32.dll.FindResourceExW",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.FormatMessageW",
- "kernel32.dll.GetExitCodeProcess",
- "kernel32.dll.GetPrivateProfileStringW",
- "kernel32.dll.WritePrivateProfileStringW",
- "kernel32.dll.GetPrivateProfileSectionW",
- "kernel32.dll.WritePrivateProfileSectionW",
- "kernel32.dll.GetPrivateProfileSectionNamesW",
- "kernel32.dll.FileTimeToLocalFileTime",
- "kernel32.dll.FileTimeToSystemTime",
- "kernel32.dll.SystemTimeToFileTime",
- "kernel32.dll.LocalFileTimeToFileTime",
- "kernel32.dll.GetDriveTypeW",
- "kernel32.dll.GetDiskFreeSpaceExW",
- "kernel32.dll.GetDiskFreeSpaceW",
- "kernel32.dll.GetVolumeInformationW",
- "kernel32.dll.SetVolumeLabelW",
- "kernel32.dll.CreateHardLinkW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.GetShortPathNameW",
- "kernel32.dll.CreateEventW",
- "kernel32.dll.SetEvent",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GlobalLock",
- "kernel32.dll.GlobalUnlock",
- "kernel32.dll.GlobalAlloc",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.GlobalFree",
- "kernel32.dll.GlobalMemoryStatusEx",
- "kernel32.dll.Beep",
- "kernel32.dll.GetSystemDirectoryW",
- "kernel32.dll.GetComputerNameW",
- "kernel32.dll.GetWindowsDirectoryW",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.GetProcessIoCounters",
- "kernel32.dll.CreateProcessW",
- "kernel32.dll.SetPriorityClass",
- "kernel32.dll.LoadLibraryW",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.GetLastError",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.SetCurrentDirectoryW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.lstrcmpiW",
- "kernel32.dll.RaiseException",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.InterlockedDecrement",
- "kernel32.dll.InterlockedIncrement",
- "kernel32.dll.CreateThread",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.EnterCriticalSection",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.GetModuleHandleExW",
- "kernel32.dll.ExitThread",
- "kernel32.dll.GetSystemTimeAsFileTime",
- "kernel32.dll.ResumeThread",
- "kernel32.dll.GetCommandLineW",
- "kernel32.dll.IsProcessorFeaturePresent",
- "kernel32.dll.HeapSize",
- "kernel32.dll.IsValidCodePage",
- "kernel32.dll.GetACP",
- "kernel32.dll.GetOEMCP",
- "kernel32.dll.GetCPInfo",
- "kernel32.dll.SetLastError",
- "kernel32.dll.UnhandledExceptionFilter",
- "kernel32.dll.SetUnhandledExceptionFilter",
- "kernel32.dll.TlsAlloc",
- "kernel32.dll.TlsGetValue",
- "kernel32.dll.TlsSetValue",
- "kernel32.dll.TlsFree",
- "kernel32.dll.GetStartupInfoW",
- "kernel32.dll.GetStringTypeW",
- "kernel32.dll.SetStdHandle",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetConsoleCP",
- "kernel32.dll.GetConsoleMode",
- "kernel32.dll.RtlUnwind",
- "kernel32.dll.ReadConsoleW",
- "kernel32.dll.SetFilePointer",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.GetDateFormatW",
- "kernel32.dll.GetTimeFormatW",
- "kernel32.dll.LCMapStringW",
- "kernel32.dll.GetEnvironmentStringsW",
- "kernel32.dll.FreeEnvironmentStringsW",
- "kernel32.dll.HeapReAlloc",
- "kernel32.dll.WriteConsoleW",
- "kernel32.dll.SetEndOfFile",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.SetEnvironmentVariableA",
- "advapi32.dll.GetAclInformation",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegDeleteValueW",
- "advapi32.dll.RegDeleteKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegSetValueExW",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.GetUserNameW",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "advapi32.dll.RegConnectRegistryW",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AdjustTokenPrivileges",
- "advapi32.dll.OpenThreadToken",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.DuplicateTokenEx",
- "advapi32.dll.CreateProcessAsUserW",
- "advapi32.dll.CreateProcessWithLogonW",
- "advapi32.dll.GetLengthSid",
- "advapi32.dll.CopySid",
- "advapi32.dll.InitiateSystemShutdownExW",
- "advapi32.dll.LogonUserW",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.CheckTokenMembership",
- "advapi32.dll.FreeSid",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.GetSecurityDescriptorDacl",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.AddAce",
- "advapi32.dll.GetAce",
- "comctl32.dll.ImageList_Destroy",
- "comctl32.dll.ImageList_Remove",
- "comctl32.dll.ImageList_SetDragCursorImage",
- "comctl32.dll.ImageList_BeginDrag",
- "comctl32.dll.ImageList_DragEnter",
- "comctl32.dll.ImageList_DragLeave",
- "comctl32.dll.ImageList_EndDrag",
- "comctl32.dll.ImageList_DragMove",
- "comctl32.dll.ImageList_Create",
- "comctl32.dll.InitCommonControlsEx",
- "comctl32.dll.ImageList_ReplaceIcon",
- "comdlg32.dll.GetSaveFileNameW",
- "comdlg32.dll.GetOpenFileNameW",
- "gdi32.dll.SetPixel",
- "gdi32.dll.DeleteObject",
- "gdi32.dll.GetTextExtentPoint32W",
- "gdi32.dll.ExtCreatePen",
- "gdi32.dll.StrokeAndFillPath",
- "gdi32.dll.StrokePath",
- "gdi32.dll.GetDeviceCaps",
- "gdi32.dll.CloseFigure",
- "gdi32.dll.LineTo",
- "gdi32.dll.AngleArc",
- "gdi32.dll.CreateCompatibleBitmap",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.MoveToEx",
- "gdi32.dll.Ellipse",
- "gdi32.dll.PolyDraw",
- "gdi32.dll.BeginPath",
- "gdi32.dll.SelectObject",
- "gdi32.dll.StretchBlt",
- "gdi32.dll.GetDIBits",
- "gdi32.dll.DeleteDC",
- "gdi32.dll.GetPixel",
- "gdi32.dll.CreateDCW",
- "gdi32.dll.GetStockObject",
- "gdi32.dll.Rectangle",
- "gdi32.dll.SetViewportOrgEx",
- "gdi32.dll.GetObjectW",
- "gdi32.dll.SetBkMode",
- "gdi32.dll.RoundRect",
- "gdi32.dll.SetBkColor",
- "gdi32.dll.CreatePen",
- "gdi32.dll.CreateSolidBrush",
- "gdi32.dll.SetTextColor",
- "gdi32.dll.CreateFontW",
- "gdi32.dll.GetTextFaceW",
- "gdi32.dll.EndPath",
- "iphlpapi.dll.IcmpCreateFile",
- "iphlpapi.dll.IcmpCloseHandle",
- "iphlpapi.dll.IcmpSendEcho",
- "mpr.dll.WNetUseConnectionW",
- "mpr.dll.WNetCancelConnection2W",
- "mpr.dll.WNetGetConnectionW",
- "mpr.dll.WNetAddConnection2W",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CLSIDFromString",
- "ole32.dll.ProgIDFromCLSID",
- "ole32.dll.CLSIDFromProgID",
- "ole32.dll.OleSetMenuDescriptor",
- "ole32.dll.MkParseDisplayName",
- "ole32.dll.OleSetContainedObject",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.IIDFromString",
- "ole32.dll.StringFromGUID2",
- "ole32.dll.CreateStreamOnHGlobal",
- "ole32.dll.CoInitialize",
- "ole32.dll.CoUninitialize",
- "ole32.dll.GetRunningObjectTable",
- "ole32.dll.CoGetInstanceFromFile",
- "ole32.dll.CoGetObject",
- "ole32.dll.CoInitializeSecurity",
- "ole32.dll.CoCreateInstanceEx",
- "ole32.dll.CoSetProxyBlanket",
- "oleaut32.dll.#163",
- "oleaut32.dll.#183",
- "oleaut32.dll.#11",
- "oleaut32.dll.#3",
- "oleaut32.dll.#6",
- "oleaut32.dll.#38",
- "oleaut32.dll.#39",
- "oleaut32.dll.#24",
- "oleaut32.dll.#23",
- "oleaut32.dll.#37",
- "oleaut32.dll.#186",
- "oleaut32.dll.#411",
- "oleaut32.dll.#2",
- "oleaut32.dll.#7",
- "oleaut32.dll.#185",
- "oleaut32.dll.#220",
- "oleaut32.dll.#77",
- "oleaut32.dll.#418",
- "oleaut32.dll.#164",
- "oleaut32.dll.#10",
- "oleaut32.dll.#9",
- "oleaut32.dll.#31",
- "oleaut32.dll.#32",
- "oleaut32.dll.#146",
- "oleaut32.dll.#12",
- "oleaut32.dll.#41",
- "oleaut32.dll.#8",
- "psapi.dll.GetProcessMemoryInfo",
- "shell32.dll.DragQueryPoint",
- "shell32.dll.ShellExecuteExW",
- "shell32.dll.DragQueryFileW",
- "shell32.dll.SHEmptyRecycleBinW",
- "shell32.dll.SHGetPathFromIDListW",
- "shell32.dll.SHBrowseForFolderW",
- "shell32.dll.SHCreateShellItem",
- "shell32.dll.SHGetDesktopFolder",
- "shell32.dll.SHGetSpecialFolderLocation",
- "shell32.dll.SHGetFolderPathW",
- "shell32.dll.SHFileOperationW",
- "shell32.dll.ExtractIconExW",
- "shell32.dll.Shell_NotifyIconW",
- "shell32.dll.ShellExecuteW",
- "shell32.dll.DragFinish",
- "user32.dll.SetWindowPos",
- "user32.dll.GetCursorInfo",
- "user32.dll.RegisterHotKey",
- "user32.dll.ClientToScreen",
- "user32.dll.GetKeyboardLayoutNameW",
- "user32.dll.IsCharAlphaW",
- "user32.dll.IsCharAlphaNumericW",
- "user32.dll.IsCharLowerW",
- "user32.dll.IsCharUpperW",
- "user32.dll.GetMenuStringW",
- "user32.dll.GetSubMenu",
- "user32.dll.GetCaretPos",
- "user32.dll.IsZoomed",
- "user32.dll.MonitorFromPoint",
- "user32.dll.GetMonitorInfoW",
- "user32.dll.SetWindowLongW",
- "user32.dll.SetLayeredWindowAttributes",
- "user32.dll.FlashWindow",
- "user32.dll.GetClassLongW",
- "user32.dll.TranslateAcceleratorW",
- "user32.dll.IsDialogMessageW",
- "user32.dll.GetSysColor",
- "user32.dll.InflateRect",
- "user32.dll.DrawFocusRect",
- "user32.dll.DrawTextW",
- "user32.dll.FrameRect",
- "user32.dll.DrawFrameControl",
- "user32.dll.FillRect",
- "user32.dll.PtInRect",
- "user32.dll.DestroyAcceleratorTable",
- "user32.dll.CreateAcceleratorTableW",
- "user32.dll.SetCursor",
- "user32.dll.GetWindowDC",
- "user32.dll.GetSystemMetrics",
- "user32.dll.DrawMenuBar",
- "user32.dll.GetActiveWindow",
- "user32.dll.CharNextW",
- "user32.dll.wsprintfW",
- "user32.dll.RedrawWindow",
- "user32.dll.DestroyMenu",
- "user32.dll.SetMenu",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.CreateMenu",
- "user32.dll.IsDlgButtonChecked",
- "user32.dll.DefDlgProcW",
- "user32.dll.CallWindowProcW",
- "user32.dll.ReleaseCapture",
- "user32.dll.SetCapture",
- "user32.dll.MonitorFromRect",
- "user32.dll.LoadImageW",
- "user32.dll.CreateIconFromResourceEx",
- "user32.dll.mouse_event",
- "user32.dll.ExitWindowsEx",
- "user32.dll.SetActiveWindow",
- "user32.dll.FindWindowExW",
- "user32.dll.EnumThreadWindows",
- "user32.dll.SetMenuDefaultItem",
- "user32.dll.InsertMenuItemW",
- "user32.dll.IsMenu",
- "user32.dll.TrackPopupMenuEx",
- "user32.dll.GetCursorPos",
- "user32.dll.CopyImage",
- "user32.dll.CheckMenuRadioItem",
- "user32.dll.GetMenuItemID",
- "user32.dll.GetMenuItemCount",
- "user32.dll.SetMenuItemInfoW",
- "user32.dll.GetMenuItemInfoW",
- "user32.dll.SetForegroundWindow",
- "user32.dll.IsIconic",
- "user32.dll.FindWindowW",
- "user32.dll.UnregisterHotKey",
- "user32.dll.keybd_event",
- "user32.dll.SendInput",
- "user32.dll.GetAsyncKeyState",
- "user32.dll.SetKeyboardState",
- "user32.dll.GetKeyboardState",
- "user32.dll.GetKeyState",
- "user32.dll.VkKeyScanW",
- "user32.dll.LoadStringW",
- "user32.dll.DialogBoxParamW",
- "user32.dll.MessageBeep",
- "user32.dll.EndDialog",
- "user32.dll.SendDlgItemMessageW",
- "user32.dll.GetDlgItem",
- "user32.dll.SetWindowTextW",
- "user32.dll.CopyRect",
- "user32.dll.ReleaseDC",
- "user32.dll.GetDC",
- "user32.dll.EndPaint",
- "user32.dll.BeginPaint",
- "user32.dll.GetClientRect",
- "user32.dll.GetMenu",
- "user32.dll.DestroyWindow",
- "user32.dll.EnumWindows",
- "user32.dll.GetDesktopWindow",
- "user32.dll.IsWindow",
- "user32.dll.IsWindowEnabled",
- "user32.dll.IsWindowVisible",
- "user32.dll.EnableWindow",
- "user32.dll.InvalidateRect",
- "user32.dll.GetWindowLongW",
- "user32.dll.GetWindowThreadProcessId",
- "user32.dll.AttachThreadInput",
- "user32.dll.GetFocus",
- "user32.dll.ScreenToClient",
- "user32.dll.SendMessageTimeoutW",
- "user32.dll.EnumChildWindows",
- "user32.dll.CharUpperBuffW",
- "user32.dll.GetClassNameW",
- "user32.dll.GetParent",
- "user32.dll.GetDlgCtrlID",
- "user32.dll.SendMessageW",
- "user32.dll.MapVirtualKeyW",
- "user32.dll.PostMessageW",
- "user32.dll.GetWindowRect",
- "user32.dll.SetUserObjectSecurity",
- "user32.dll.CloseDesktop",
- "user32.dll.CloseWindowStation",
- "user32.dll.OpenDesktopW",
- "user32.dll.SetProcessWindowStation",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.OpenWindowStationW",
- "user32.dll.GetUserObjectSecurity",
- "user32.dll.AdjustWindowRectEx",
- "user32.dll.SetRect",
- "user32.dll.SetClipboardData",
- "user32.dll.EmptyClipboard",
- "user32.dll.CountClipboardFormats",
- "user32.dll.CloseClipboard",
- "user32.dll.GetClipboardData",
- "user32.dll.IsClipboardFormatAvailable",
- "user32.dll.OpenClipboard",
- "user32.dll.BlockInput",
- "user32.dll.GetMessageW",
- "user32.dll.LockWindowUpdate",
- "user32.dll.DispatchMessageW",
- "user32.dll.TranslateMessage",
- "user32.dll.DeleteMenu",
- "user32.dll.PeekMessageW",
- "user32.dll.MessageBoxW",
- "user32.dll.DefWindowProcW",
- "user32.dll.MoveWindow",
- "user32.dll.SetFocus",
- "user32.dll.PostQuitMessage",
- "user32.dll.KillTimer",
- "user32.dll.CreatePopupMenu",
- "user32.dll.RegisterWindowMessageW",
- "user32.dll.SetTimer",
- "user32.dll.ShowWindow",
- "user32.dll.CreateWindowExW",
- "user32.dll.RegisterClassExW",
- "user32.dll.LoadIconW",
- "user32.dll.LoadCursorW",
- "user32.dll.GetSysColorBrush",
- "user32.dll.GetForegroundWindow",
- "user32.dll.MessageBoxA",
- "user32.dll.DestroyIcon",
- "user32.dll.SystemParametersInfoW",
- "user32.dll.CharLowerBuffW",
- "user32.dll.GetWindowTextW",
- "userenv.dll.UnloadUserProfile",
- "userenv.dll.DestroyEnvironmentBlock",
- "userenv.dll.CreateEnvironmentBlock",
- "userenv.dll.LoadUserProfileW",
- "uxtheme.dll.IsThemeActive",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "version.dll.GetFileVersionInfoSizeW",
- "wininet.dll.InternetReadFile",
- "wininet.dll.InternetCloseHandle",
- "wininet.dll.InternetOpenW",
- "wininet.dll.InternetSetOptionW",
- "wininet.dll.InternetCrackUrlW",
- "wininet.dll.HttpQueryInfoW",
- "wininet.dll.InternetQueryOptionW",
- "wininet.dll.HttpOpenRequestW",
- "wininet.dll.HttpSendRequestW",
- "wininet.dll.FtpOpenFileW",
- "wininet.dll.FtpGetFileSize",
- "wininet.dll.InternetOpenUrlW",
- "wininet.dll.InternetConnectW",
- "wininet.dll.InternetQueryDataAvailable",
- "winmm.dll.timeGetTime",
- "winmm.dll.waveOutSetVolume",
- "winmm.dll.mciSendStringW",
- "wsock32.dll.#151",
- "wsock32.dll.#16",
- "wsock32.dll.#19",
- "wsock32.dll.#21",
- "wsock32.dll.#15",
- "wsock32.dll.#17",
- "wsock32.dll.#18",
- "wsock32.dll.#115",
- "wsock32.dll.#9",
- "wsock32.dll.#1",
- "wsock32.dll.#13",
- "wsock32.dll.#2",
- "wsock32.dll.#3",
- "wsock32.dll.#4",
- "wsock32.dll.#116",
- "wsock32.dll.#10",
- "wsock32.dll.#20",
- "wsock32.dll.#111",
- "wsock32.dll.#11",
- "wsock32.dll.#52",
- "wsock32.dll.#57",
- "wsock32.dll.#23",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.CreateSemaphoreExW",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.CreateThreadpoolTimer",
- "kernel32.dll.SetThreadpoolTimer",
- "kernel32.dll.WaitForThreadpoolTimerCallbacks",
- "kernel32.dll.CloseThreadpoolTimer",
- "kernel32.dll.CreateThreadpoolWait",
- "kernel32.dll.SetThreadpoolWait",
- "kernel32.dll.CloseThreadpoolWait",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.FreeLibraryWhenCallbackReturns",
- "kernel32.dll.GetCurrentProcessorNumber",
- "kernel32.dll.GetLogicalProcessorInformation",
- "kernel32.dll.CreateSymbolicLinkW",
- "kernel32.dll.EnumSystemLocalesEx",
- "kernel32.dll.CompareStringEx",
- "kernel32.dll.GetDateFormatEx",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.GetTimeFormatEx",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.IsValidLocaleName",
- "kernel32.dll.LCMapStringEx",
- "kernel32.dll.IsWow64Process",
- "kernel32.dll.GetNativeSystemInfo",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "kernel32.dll.Wow64DisableWow64FsRedirection",
- "kernel32.dll.Wow64RevertWow64FsRedirection",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "comctl32.dll.RegisterClassNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.GetThemeBool",
- "imm32.dll.ImmGetContext",
- "imm32.dll.ImmReleaseContext",
- "imm32.dll.ImmAssociateContext",
- "imm32.dll.ImmIsIME",
- "comctl32.dll.HIMAGELIST_QueryInterface",
- "comctl32.dll.DrawShadowText",
- "comctl32.dll.DrawSizeBox",
- "comctl32.dll.DrawScrollBar",
- "comctl32.dll.SizeBoxHwnd",
- "comctl32.dll.ScrollBar_MouseMove",
- "comctl32.dll.ScrollBar_Menu",
- "comctl32.dll.HandleScrollCmd",
- "comctl32.dll.DetachScrollBars",
- "comctl32.dll.AttachScrollBars",
- "comctl32.dll.CCSetScrollInfo",
- "comctl32.dll.CCGetScrollInfo",
- "comctl32.dll.CCEnableScrollBar",
- "comctl32.dll.QuerySystemGestureStatus",
- "uxtheme.dll.#49",
- "shell32.dll.#66",
- "uxtheme.dll.GetThemeColor",
- "uxtheme.dll.GetThemeMargins",
- "uxtheme.dll.GetThemeFont",
- "uxtheme.dll.GetThemeTextMetrics",
- "uxtheme.dll.GetThemeTextExtent",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "uxtheme.dll.GetThemeBackgroundExtent",
- "uxtheme.dll.EnableThemeDialogTexture",
- "gdi32.dll.GdiIsMetaPrintDC",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoRevokeInitializeSpy",
- "uxtheme.dll.DrawThemeParentBackground",
- "uxtheme.dll.DrawThemeBackground",
- "uxtheme.dll.DrawThemeText",
- "uxtheme.dll.BufferedPaintInit",
- "uxtheme.dll.BufferedPaintRenderAnimation",
- "uxtheme.dll.BeginBufferedAnimation",
- "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
- "uxtheme.dll.GetThemeBackgroundContentRect",
- "uxtheme.dll.EndBufferedAnimation"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "LoadLibraryA",
- "address": "0x66f338"
- },
- {
- "name": "GetProcAddress",
- "address": "0x66f33c"
- },
- {
- "name": "VirtualProtect",
- "address": "0x66f340"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x66f344"
- },
- {
- "name": "VirtualFree",
- "address": "0x66f348"
- },
- {
- "name": "ExitProcess",
- "address": "0x66f34c"
- }
- ],
- "dll": "KERNEL32.DLL"
- },
- {
- "imports": [
- {
- "name": "AddAce",
- "address": "0x66f354"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Remove",
- "address": "0x66f35c"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetSaveFileNameW",
- "address": "0x66f364"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "LineTo",
- "address": "0x66f36c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "IcmpSendEcho",
- "address": "0x66f374"
- }
- ],
- "dll": "IPHLPAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "WNetUseConnectionW",
- "address": "0x66f37c"
- }
- ],
- "dll": "MPR.dll"
- },
- {
- "imports": [
- {
- "name": "CoGetObject",
- "address": "0x66f384"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "VariantInit",
- "address": "0x66f38c"
- }
- ],
- "dll": "OLEAUT32.dll"
- },
- {
- "imports": [
- {
- "name": "GetProcessMemoryInfo",
- "address": "0x66f394"
- }
- ],
- "dll": "PSAPI.DLL"
- },
- {
- "imports": [
- {
- "name": "DragFinish",
- "address": "0x66f39c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetDC",
- "address": "0x66f3a4"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "LoadUserProfileW",
- "address": "0x66f3ac"
- }
- ],
- "dll": "USERENV.dll"
- },
- {
- "imports": [
- {
- "name": "IsThemeActive",
- "address": "0x66f3b4"
- }
- ],
- "dll": "UxTheme.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueW",
- "address": "0x66f3bc"
- }
- ],
- "dll": "VERSION.dll"
- },
- {
- "imports": [
- {
- "name": "FtpOpenFileW",
- "address": "0x66f3c4"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x66f3cc"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "socket",
- "address": "0x66f3d4"
- }
- ],
- "dll": "WSOCK32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0012a275",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x005a30d0",
- "timestamp": "2015-04-11 15:52:02",
- "osversion": "5.1",
- "sections": [
- {
- "name": "UPX0",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000400",
- "virtual_size": "0x0014e000",
- "characteristics_raw": "0xe0000080"
- },
- {
- "name": "UPX1",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0014f000",
- "size_of_data": "0x00054400",
- "entropy": "7.94",
- "raw_address": "0x00000400",
- "virtual_size": "0x00055000",
- "characteristics_raw": "0xe0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x001a4000",
- "size_of_data": "0x000cb600",
- "entropy": "7.71",
- "raw_address": "0x00054800",
- "virtual_size": "0x000cc000",
- "characteristics_raw": "0xc0000040"
- }
- ],
- "resources": [
- {
- "name": "RT_MENU",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fb98c",
- "size": "0x00000050"
- },
- {
- "name": "RT_DIALOG",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fb9dc",
- "size": "0x000000fc"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "filetype": null,
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "entropy": "0.00",
- "offset": "0x000fdc48",
- "size": "0x00000158"
- }
- ],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0026f1bc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000424"
- },
- {
- "virtual_address": "0x001a4000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000cb1bc"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0026f5e0",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x001a32b4",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "ef471c0edf1877cd5a881a6a8bf647b9",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 18,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement