Exes_d3491c79fa8cbdea26bc3c552cd24458_exe_json.json

1.  
2. [*] MalFamily: "Malicious"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_d3491c79fa8cbdea26bc3c552cd24458.exe"
7. [*] File Size: 269019
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
9. [*] SHA256: "fe213febfc0a2ec538656997dbf04024ad483015bc250b01e54515d01647c617"
10. [*] MD5: "d3491c79fa8cbdea26bc3c552cd24458"
11. [*] SHA1: "e9d29ea6118664f34ef9fe7973458f45ee3b3984"
12. [*] SHA512: "fed645c61a7b7346ba0099ca1d110b2b78200d6c50d47112755b22ff4be09956047b1d89594d28248dc5f02007796225b54030bc8617166ef6fcd9b35295d369"
13. [*] CRC32: "C4E49AFB"
14. [*] SSDEEP: "3072:rdRGsvFggQc4SbiYsZKoeORr+EAE1z7pgNvlWAmUTIxd/FgqTmgg13piZQd8G6zA:r5LiXeORuipeTInLTBga1G6VSUvciTMb"
15.  
16. [*] Process Execution: [
17. "Exes_d3491c79fa8cbdea26bc3c552cd24458.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Reads data out of its own binary image",
27. "Details": [
28. {
29. "self_read": "process: Exes_d3491c79fa8cbdea26bc3c552cd24458.exe, pid: 748, offset: 0x00000000, length: 0x00041ad7"
30. },
31. {
32. "self_read": "process: Exes_d3491c79fa8cbdea26bc3c552cd24458.exe, pid: 748, offset: 0x00008c1c, length: 0x00038ebf"
33. }
34. ]
35. },
36. {
37. "Description": "Performs some HTTP requests",
38. "Details": [
39. {
40. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
41. },
42. {
43. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
44. },
45. {
46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
47. },
48. {
49. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
50. },
51. {
52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
53. },
54. {
55. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
56. },
57. {
58. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
59. },
60. {
61. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
62. },
63. {
64. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
68. },
69. {
70. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
71. },
72. {
73. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
74. },
75. {
76. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
77. },
78. {
79. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
80. },
81. {
82. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
83. },
84. {
85. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
86. },
87. {
88. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
89. },
90. {
91. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
92. },
93. {
94. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
95. },
96. {
97. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
98. },
99. {
100. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
101. },
102. {
103. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
104. },
105. {
106. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
107. },
108. {
109. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
110. },
111. {
112. "url": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes"
113. }
114. ]
115. },
116. {
117. "Description": "Installs itself for autorun at Windows startup",
118. "Details": [
119. {
120. "file": "C:\\Windows\\win.ini"
121. },
122. {
123. "file": "C:\\Windows\\win.ini"
124. }
125. ]
126. },
127. {
128. "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
129. "Details": [
130. {
131. "Bkav": "HW32.Packed."
132. },
133. {
134. "FireEye": "Generic.mg.d3491c79fa8cbdea"
135. },
136. {
137. "APEX": "Malicious"
138. },
139. {
140. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
141. },
142. {
143. "Paloalto": "generic.ml"
144. },
145. {
146. "Invincea": "heuristic"
147. },
148. {
149. "McAfee-GW-Edition": "BehavesLike.Win32.Ransom.dc"
150. },
151. {
152. "SentinelOne": "DFI - Suspicious PE"
153. },
154. {
155. "ESET-NOD32": "Win32/Injector.EGBD"
156. },
157. {
158. "Endgame": "malicious (high confidence)"
159. },
160. {
161. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
162. },
163. {
164. "Rising": "Trojan.Loader!1.B8C9 (CLASSIC)"
165. },
166. {
167. "AVG": "FileRepMalware"
168. },
169. {
170. "Cybereason": "malicious.611866"
171. },
172. {
173. "CrowdStrike": "win/malicious_confidence_80% (W)"
174. },
175. {
176. "Qihoo-360": "HEUR/QVM20.1.EB29.Malware.Gen"
177. }
178. ]
179. }
180. ]
181.  
182. [*] Started Service: []
183.  
184. [*] Executed Commands: []
185.  
186. [*] Mutexes: [
187. "OpenMetaverseInstaller"
188. ]
189.  
190. [*] Modified Files: [
191. "C:\\Users\\user\\AppData\\Local\\Temp\\nsq1EF.tmp",
192. "C:\\Users\\user\\AppData\\Local\\Temp\\ShareErrorMessagePage.xaml",
193. "C:\\Users\\user\\AppData\\Local\\Temp\\managedAssemblies.txt",
194. "C:\\Users\\user\\AppData\\Local\\Temp\\Deaconship",
195. "C:\\Users\\user\\AppData\\Local\\Temp\\enchantress.dll",
196. "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp\\System.dll",
197. "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp\\Splash.dll",
198. "C:\\Windows\\win.ini"
199. ]
200.  
201. [*] Deleted Files: [
202. "C:\\Users\\user\\AppData\\Local\\Temp\\nsb1DF.tmp",
203. "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp"
204. ]
205.  
206. [*] Modified Registry Keys: []
207.  
208. [*] Deleted Registry Keys: []
209.  
210. [*] DNS Communications: []
211.  
212. [*] Domains: []
213.  
214. [*] Network Communication - ICMP: []
215.  
216. [*] Network Communication - HTTP: [
217. {
218. "count": 1,
219. "body": "",
220. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
221. "user-agent": "Microsoft-CryptoAPI/6.1",
222. "method": "GET",
223. "host": "ocsp.digicert.com",
224. "version": "1.1",
225. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
226. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
227. "port": 80
228. },
229. {
230. "count": 1,
231. "body": "",
232. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
233. "user-agent": "Microsoft-CryptoAPI/6.1",
234. "method": "GET",
235. "host": "ocsp.digicert.com",
236. "version": "1.1",
237. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
238. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
239. "port": 80
240. },
241. {
242. "count": 1,
243. "body": "",
244. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
245. "user-agent": "Microsoft-CryptoAPI/6.1",
246. "method": "GET",
247. "host": "ocsp.digicert.com",
248. "version": "1.1",
249. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
250. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
251. "port": 80
252. },
253. {
254. "count": 1,
255. "body": "",
256. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
257. "user-agent": "Microsoft-CryptoAPI/6.1",
258. "method": "GET",
259. "host": "ocsp.pki.goog",
260. "version": "1.1",
261. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
262. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
263. "port": 80
264. },
265. {
266. "count": 1,
267. "body": "",
268. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
269. "user-agent": "Microsoft-CryptoAPI/6.1",
270. "method": "GET",
271. "host": "ocsp.digicert.com",
272. "version": "1.1",
273. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
274. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
275. "port": 80
276. },
277. {
278. "count": 1,
279. "body": "",
280. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
281. "user-agent": "Microsoft-CryptoAPI/6.1",
282. "method": "GET",
283. "host": "crl.microsoft.com",
284. "version": "1.1",
285. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
286. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
287. "port": 80
288. },
289. {
290. "count": 1,
291. "body": "",
292. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
293. "user-agent": "Microsoft-CryptoAPI/6.1",
294. "method": "GET",
295. "host": "ocsp.comodoca.com",
296. "version": "1.1",
297. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
298. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
299. "port": 80
300. },
301. {
302. "count": 1,
303. "body": "",
304. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
305. "user-agent": "Microsoft-CryptoAPI/6.1",
306. "method": "GET",
307. "host": "ocsp.pki.goog",
308. "version": "1.1",
309. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
310. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
311. "port": 80
312. },
313. {
314. "count": 1,
315. "body": "",
316. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
317. "user-agent": "Microsoft-CryptoAPI/6.1",
318. "method": "GET",
319. "host": "ocsp.digicert.com",
320. "version": "1.1",
321. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
322. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
323. "port": 80
324. },
325. {
326. "count": 1,
327. "body": "",
328. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
329. "user-agent": "Microsoft-CryptoAPI/6.1",
330. "method": "GET",
331. "host": "www.download.windowsupdate.com",
332. "version": "1.1",
333. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
334. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
335. "port": 80
336. },
337. {
338. "count": 1,
339. "body": "",
340. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
341. "user-agent": "Microsoft-CryptoAPI/6.1",
342. "method": "GET",
343. "host": "crl.microsoft.com",
344. "version": "1.1",
345. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
346. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
347. "port": 80
348. },
349. {
350. "count": 1,
351. "body": "",
352. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
353. "user-agent": "Microsoft-CryptoAPI/6.1",
354. "method": "GET",
355. "host": "ocsp.digicert.com",
356. "version": "1.1",
357. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
358. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
359. "port": 80
360. },
361. {
362. "count": 1,
363. "body": "",
364. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
365. "user-agent": "Microsoft-CryptoAPI/6.1",
366. "method": "GET",
367. "host": "ocsp.digicert.com",
368. "version": "1.1",
369. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
370. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
371. "port": 80
372. },
373. {
374. "count": 2,
375. "body": "",
376. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
377. "user-agent": "Microsoft-CryptoAPI/6.1",
378. "method": "GET",
379. "host": "ocsp.digicert.com",
380. "version": "1.1",
381. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
382. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
383. "port": 80
384. },
385. {
386. "count": 2,
387. "body": "",
388. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
389. "user-agent": "Microsoft-CryptoAPI/6.1",
390. "method": "GET",
391. "host": "ocsp.pki.goog",
392. "version": "1.1",
393. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
394. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
395. "port": 80
396. },
397. {
398. "count": 1,
399. "body": "",
400. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
401. "user-agent": "Microsoft-CryptoAPI/6.1",
402. "method": "GET",
403. "host": "ocsp.pki.goog",
404. "version": "1.1",
405. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
406. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
407. "port": 80
408. },
409. {
410. "count": 1,
411. "body": "",
412. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
413. "user-agent": "Microsoft-CryptoAPI/6.1",
414. "method": "GET",
415. "host": "ocsp.digicert.com",
416. "version": "1.1",
417. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
418. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
419. "port": 80
420. },
421. {
422. "count": 1,
423. "body": "",
424. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
425. "user-agent": "Microsoft-CryptoAPI/6.1",
426. "method": "GET",
427. "host": "ocsp.pki.goog",
428. "version": "1.1",
429. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
430. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
431. "port": 80
432. },
433. {
434. "count": 1,
435. "body": "",
436. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
437. "user-agent": "Microsoft-CryptoAPI/6.1",
438. "method": "GET",
439. "host": "ocsp.msocsp.com",
440. "version": "1.1",
441. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
442. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
443. "port": 80
444. },
445. {
446. "count": 1,
447. "body": "",
448. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
449. "user-agent": "Microsoft-CryptoAPI/6.1",
450. "method": "GET",
451. "host": "ocsp.thawte.com",
452. "version": "1.1",
453. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
454. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
455. "port": 80
456. },
457. {
458. "count": 2,
459. "body": "",
460. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
461. "user-agent": "Microsoft-CryptoAPI/6.1",
462. "method": "GET",
463. "host": "ocsp.usertrust.com",
464. "version": "1.1",
465. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
466. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
467. "port": 80
468. },
469. {
470. "count": 1,
471. "body": "",
472. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
473. "user-agent": "Microsoft-CryptoAPI/6.1",
474. "method": "GET",
475. "host": "th.symcd.com",
476. "version": "1.1",
477. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
478. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
479. "port": 80
480. },
481. {
482. "count": 1,
483. "body": "",
484. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
485. "user-agent": "Microsoft-CryptoAPI/6.1",
486. "method": "GET",
487. "host": "ocsp.digicert.com",
488. "version": "1.1",
489. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
490. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
491. "port": 80
492. },
493. {
494. "count": 1,
495. "body": "",
496. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
497. "user-agent": "Microsoft-CryptoAPI/6.1",
498. "method": "GET",
499. "host": "ocsp.digicert.com",
500. "version": "1.1",
501. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
502. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
503. "port": 80
504. },
505. {
506. "count": 1,
507. "body": "",
508. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
509. "user-agent": "Microsoft-CryptoAPI/6.1",
510. "method": "GET",
511. "host": "ocsp.pki.goog",
512. "version": "1.1",
513. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
514. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
515. "port": 80
516. },
517. {
518. "count": 1,
519. "body": "",
520. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
521. "user-agent": "Microsoft-CryptoAPI/6.1",
522. "method": "GET",
523. "host": "crl.microsoft.com",
524. "version": "1.1",
525. "path": "/pki/crl/products/microsoftrootcert.crl",
526. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
527. "port": 80
528. },
529. {
530. "count": 1,
531. "body": "",
532. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
533. "user-agent": "Microsoft BITS/7.5",
534. "method": "HEAD",
535. "host": "redirector.gvt1.com",
536. "version": "1.1",
537. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
538. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
539. "port": 80
540. },
541. {
542. "count": 1,
543. "body": "",
544. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
545. "user-agent": "Microsoft BITS/7.5",
546. "method": "HEAD",
547. "host": "r5---sn-a5msen7l.gvt1.com",
548. "version": "1.1",
549. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
550. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
551. "port": 80
552. },
553. {
554. "count": 1,
555. "body": "",
556. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
557. "user-agent": "Microsoft BITS/7.5",
558. "method": "GET",
559. "host": "r5---sn-a5msen7l.gvt1.com",
560. "version": "1.1",
561. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
562. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6155\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
563. "port": 80
564. },
565. {
566. "count": 1,
567. "body": "",
568. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
569. "user-agent": "Microsoft BITS/7.5",
570. "method": "GET",
571. "host": "r5---sn-a5msen7l.gvt1.com",
572. "version": "1.1",
573. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
574. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6156-15772\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
575. "port": 80
576. },
577. {
578. "count": 1,
579. "body": "",
580. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
581. "user-agent": "Microsoft BITS/7.5",
582. "method": "GET",
583. "host": "r5---sn-a5msen7l.gvt1.com",
584. "version": "1.1",
585. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
586. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=15773-29089\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
587. "port": 80
588. },
589. {
590. "count": 1,
591. "body": "",
592. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
593. "user-agent": "Microsoft BITS/7.5",
594. "method": "GET",
595. "host": "r5---sn-a5msen7l.gvt1.com",
596. "version": "1.1",
597. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
598. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29090-44296\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
599. "port": 80
600. },
601. {
602. "count": 1,
603. "body": "",
604. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
605. "user-agent": "Microsoft BITS/7.5",
606. "method": "GET",
607. "host": "r5---sn-a5msen7l.gvt1.com",
608. "version": "1.1",
609. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
610. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=44297-58817\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
611. "port": 80
612. },
613. {
614. "count": 1,
615. "body": "",
616. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
617. "user-agent": "Microsoft BITS/7.5",
618. "method": "GET",
619. "host": "r5---sn-a5msen7l.gvt1.com",
620. "version": "1.1",
621. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
622. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=58818-81595\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
623. "port": 80
624. },
625. {
626. "count": 1,
627. "body": "",
628. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
629. "user-agent": "Microsoft BITS/7.5",
630. "method": "GET",
631. "host": "r5---sn-a5msen7l.gvt1.com",
632. "version": "1.1",
633. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
634. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=81596-137399\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
635. "port": 80
636. },
637. {
638. "count": 1,
639. "body": "",
640. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
641. "user-agent": "Microsoft BITS/7.5",
642. "method": "GET",
643. "host": "r5---sn-a5msen7l.gvt1.com",
644. "version": "1.1",
645. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
646. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=137400-213880\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
647. "port": 80
648. },
649. {
650. "count": 1,
651. "body": "",
652. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
653. "user-agent": "Microsoft BITS/7.5",
654. "method": "GET",
655. "host": "r5---sn-a5msen7l.gvt1.com",
656. "version": "1.1",
657. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
658. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=213881-283363\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
659. "port": 80
660. },
661. {
662. "count": 1,
663. "body": "",
664. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
665. "user-agent": "Microsoft BITS/7.5",
666. "method": "GET",
667. "host": "r5---sn-a5msen7l.gvt1.com",
668. "version": "1.1",
669. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
670. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=283364-524651\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
671. "port": 80
672. },
673. {
674. "count": 1,
675. "body": "",
676. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
677. "user-agent": "Microsoft BITS/7.5",
678. "method": "GET",
679. "host": "r5---sn-a5msen7l.gvt1.com",
680. "version": "1.1",
681. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
682. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=524652-709284\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
683. "port": 80
684. },
685. {
686. "count": 1,
687. "body": "",
688. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
689. "user-agent": "Microsoft BITS/7.5",
690. "method": "GET",
691. "host": "r5---sn-a5msen7l.gvt1.com",
692. "version": "1.1",
693. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
694. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=709285-1315535\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
695. "port": 80
696. },
697. {
698. "count": 1,
699. "body": "",
700. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
701. "user-agent": "Microsoft BITS/7.5",
702. "method": "GET",
703. "host": "r5---sn-a5msen7l.gvt1.com",
704. "version": "1.1",
705. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
706. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1315536-2184550\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
707. "port": 80
708. },
709. {
710. "count": 1,
711. "body": "",
712. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
713. "user-agent": "Microsoft BITS/7.5",
714. "method": "GET",
715. "host": "r5---sn-a5msen7l.gvt1.com",
716. "version": "1.1",
717. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
718. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2184551-3507668\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
719. "port": 80
720. },
721. {
722. "count": 1,
723. "body": "",
724. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
725. "user-agent": "Microsoft BITS/7.5",
726. "method": "GET",
727. "host": "r5---sn-a5msen7l.gvt1.com",
728. "version": "1.1",
729. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
730. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3507669-5079444\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
731. "port": 80
732. },
733. {
734. "count": 1,
735. "body": "",
736. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
737. "user-agent": "Microsoft BITS/7.5",
738. "method": "GET",
739. "host": "r5---sn-a5msen7l.gvt1.com",
740. "version": "1.1",
741. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
742. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5079445-7098963\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
743. "port": 80
744. },
745. {
746. "count": 1,
747. "body": "",
748. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
749. "user-agent": "Microsoft BITS/7.5",
750. "method": "GET",
751. "host": "r5---sn-a5msen7l.gvt1.com",
752. "version": "1.1",
753. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
754. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7098964-9007426\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
755. "port": 80
756. },
757. {
758. "count": 1,
759. "body": "",
760. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
761. "user-agent": "Microsoft BITS/7.5",
762. "method": "GET",
763. "host": "r5---sn-a5msen7l.gvt1.com",
764. "version": "1.1",
765. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
766. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9007427-10932677\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
767. "port": 80
768. },
769. {
770. "count": 1,
771. "body": "",
772. "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
773. "user-agent": "Microsoft BITS/7.5",
774. "method": "GET",
775. "host": "r5---sn-a5msen7l.gvt1.com",
776. "version": "1.1",
777. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
778. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10932678-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
779. "port": 80
780. }
781. ]
782.  
783. [*] Network Communication - SMTP: []
784.  
785. [*] Network Communication - Hosts: []
786.  
787. [*] Network Communication - IRC: []
788.  
789. [*] Static Analysis: {
790. "pe": {
791. "peid_signatures": null,
792. "imports": [
793. {
794. "imports": [
795. {
796. "name": "SetEnvironmentVariableA",
797. "address": "0x408070"
798. },
799. {
800. "name": "CreateFileA",
801. "address": "0x408074"
802. },
803. {
804. "name": "GetFileSize",
805. "address": "0x408078"
806. },
807. {
808. "name": "GetModuleFileNameA",
809. "address": "0x40807c"
810. },
811. {
812. "name": "ReadFile",
813. "address": "0x408080"
814. },
815. {
816. "name": "GetCurrentProcess",
817. "address": "0x408084"
818. },
819. {
820. "name": "CopyFileA",
821. "address": "0x408088"
822. },
823. {
824. "name": "Sleep",
825. "address": "0x40808c"
826. },
827. {
828. "name": "GetTickCount",
829. "address": "0x408090"
830. },
831. {
832. "name": "GetWindowsDirectoryA",
833. "address": "0x408094"
834. },
835. {
836. "name": "GetTempPathA",
837. "address": "0x408098"
838. },
839. {
840. "name": "GetCommandLineA",
841. "address": "0x40809c"
842. },
843. {
844. "name": "lstrlenA",
845. "address": "0x4080a0"
846. },
847. {
848. "name": "GetVersion",
849. "address": "0x4080a4"
850. },
851. {
852. "name": "SetErrorMode",
853. "address": "0x4080a8"
854. },
855. {
856. "name": "lstrcpynA",
857. "address": "0x4080ac"
858. },
859. {
860. "name": "ExitProcess",
861. "address": "0x4080b0"
862. },
863. {
864. "name": "SetCurrentDirectoryA",
865. "address": "0x4080b4"
866. },
867. {
868. "name": "GlobalLock",
869. "address": "0x4080b8"
870. },
871. {
872. "name": "CreateThread",
873. "address": "0x4080bc"
874. },
875. {
876. "name": "GetLastError",
877. "address": "0x4080c0"
878. },
879. {
880. "name": "CreateDirectoryA",
881. "address": "0x4080c4"
882. },
883. {
884. "name": "CreateProcessA",
885. "address": "0x4080c8"
886. },
887. {
888. "name": "RemoveDirectoryA",
889. "address": "0x4080cc"
890. },
891. {
892. "name": "GetTempFileNameA",
893. "address": "0x4080d0"
894. },
895. {
896. "name": "WriteFile",
897. "address": "0x4080d4"
898. },
899. {
900. "name": "lstrcpyA",
901. "address": "0x4080d8"
902. },
903. {
904. "name": "MoveFileExA",
905. "address": "0x4080dc"
906. },
907. {
908. "name": "lstrcatA",
909. "address": "0x4080e0"
910. },
911. {
912. "name": "GetSystemDirectoryA",
913. "address": "0x4080e4"
914. },
915. {
916. "name": "GetProcAddress",
917. "address": "0x4080e8"
918. },
919. {
920. "name": "GetExitCodeProcess",
921. "address": "0x4080ec"
922. },
923. {
924. "name": "WaitForSingleObject",
925. "address": "0x4080f0"
926. },
927. {
928. "name": "CompareFileTime",
929. "address": "0x4080f4"
930. },
931. {
932. "name": "SetFileAttributesA",
933. "address": "0x4080f8"
934. },
935. {
936. "name": "GetFileAttributesA",
937. "address": "0x4080fc"
938. },
939. {
940. "name": "GetShortPathNameA",
941. "address": "0x408100"
942. },
943. {
944. "name": "MoveFileA",
945. "address": "0x408104"
946. },
947. {
948. "name": "GetFullPathNameA",
949. "address": "0x408108"
950. },
951. {
952. "name": "SetFileTime",
953. "address": "0x40810c"
954. },
955. {
956. "name": "SearchPathA",
957. "address": "0x408110"
958. },
959. {
960. "name": "CloseHandle",
961. "address": "0x408114"
962. },
963. {
964. "name": "lstrcmpiA",
965. "address": "0x408118"
966. },
967. {
968. "name": "GlobalUnlock",
969. "address": "0x40811c"
970. },
971. {
972. "name": "GetDiskFreeSpaceA",
973. "address": "0x408120"
974. },
975. {
976. "name": "lstrcmpA",
977. "address": "0x408124"
978. },
979. {
980. "name": "FindFirstFileA",
981. "address": "0x408128"
982. },
983. {
984. "name": "FindNextFileA",
985. "address": "0x40812c"
986. },
987. {
988. "name": "DeleteFileA",
989. "address": "0x408130"
990. },
991. {
992. "name": "SetFilePointer",
993. "address": "0x408134"
994. },
995. {
996. "name": "GetPrivateProfileStringA",
997. "address": "0x408138"
998. },
999. {
1000. "name": "FindClose",
1001. "address": "0x40813c"
1002. },
1003. {
1004. "name": "MultiByteToWideChar",
1005. "address": "0x408140"
1006. },
1007. {
1008. "name": "FreeLibrary",
1009. "address": "0x408144"
1010. },
1011. {
1012. "name": "MulDiv",
1013. "address": "0x408148"
1014. },
1015. {
1016. "name": "WritePrivateProfileStringA",
1017. "address": "0x40814c"
1018. },
1019. {
1020. "name": "LoadLibraryExA",
1021. "address": "0x408150"
1022. },
1023. {
1024. "name": "GetModuleHandleA",
1025. "address": "0x408154"
1026. },
1027. {
1028. "name": "GlobalAlloc",
1029. "address": "0x408158"
1030. },
1031. {
1032. "name": "GlobalFree",
1033. "address": "0x40815c"
1034. },
1035. {
1036. "name": "ExpandEnvironmentStringsA",
1037. "address": "0x408160"
1038. }
1039. ],
1040. "dll": "KERNEL32.dll"
1041. },
1042. {
1043. "imports": [
1044. {
1045. "name": "ScreenToClient",
1046. "address": "0x408184"
1047. },
1048. {
1049. "name": "GetSystemMenu",
1050. "address": "0x408188"
1051. },
1052. {
1053. "name": "SetClassLongA",
1054. "address": "0x40818c"
1055. },
1056. {
1057. "name": "IsWindowEnabled",
1058. "address": "0x408190"
1059. },
1060. {
1061. "name": "SetWindowPos",
1062. "address": "0x408194"
1063. },
1064. {
1065. "name": "GetSysColor",
1066. "address": "0x408198"
1067. },
1068. {
1069. "name": "GetWindowLongA",
1070. "address": "0x40819c"
1071. },
1072. {
1073. "name": "SetCursor",
1074. "address": "0x4081a0"
1075. },
1076. {
1077. "name": "LoadCursorA",
1078. "address": "0x4081a4"
1079. },
1080. {
1081. "name": "CheckDlgButton",
1082. "address": "0x4081a8"
1083. },
1084. {
1085. "name": "GetMessagePos",
1086. "address": "0x4081ac"
1087. },
1088. {
1089. "name": "LoadBitmapA",
1090. "address": "0x4081b0"
1091. },
1092. {
1093. "name": "CallWindowProcA",
1094. "address": "0x4081b4"
1095. },
1096. {
1097. "name": "IsWindowVisible",
1098. "address": "0x4081b8"
1099. },
1100. {
1101. "name": "CloseClipboard",
1102. "address": "0x4081bc"
1103. },
1104. {
1105. "name": "SetClipboardData",
1106. "address": "0x4081c0"
1107. },
1108. {
1109. "name": "EmptyClipboard",
1110. "address": "0x4081c4"
1111. },
1112. {
1113. "name": "PostQuitMessage",
1114. "address": "0x4081c8"
1115. },
1116. {
1117. "name": "GetWindowRect",
1118. "address": "0x4081cc"
1119. },
1120. {
1121. "name": "EnableMenuItem",
1122. "address": "0x4081d0"
1123. },
1124. {
1125. "name": "CreatePopupMenu",
1126. "address": "0x4081d4"
1127. },
1128. {
1129. "name": "GetSystemMetrics",
1130. "address": "0x4081d8"
1131. },
1132. {
1133. "name": "SetDlgItemTextA",
1134. "address": "0x4081dc"
1135. },
1136. {
1137. "name": "GetDlgItemTextA",
1138. "address": "0x4081e0"
1139. },
1140. {
1141. "name": "MessageBoxIndirectA",
1142. "address": "0x4081e4"
1143. },
1144. {
1145. "name": "CharPrevA",
1146. "address": "0x4081e8"
1147. },
1148. {
1149. "name": "DispatchMessageA",
1150. "address": "0x4081ec"
1151. },
1152. {
1153. "name": "PeekMessageA",
1154. "address": "0x4081f0"
1155. },
1156. {
1157. "name": "ReleaseDC",
1158. "address": "0x4081f4"
1159. },
1160. {
1161. "name": "EnableWindow",
1162. "address": "0x4081f8"
1163. },
1164. {
1165. "name": "InvalidateRect",
1166. "address": "0x4081fc"
1167. },
1168. {
1169. "name": "SendMessageA",
1170. "address": "0x408200"
1171. },
1172. {
1173. "name": "DefWindowProcA",
1174. "address": "0x408204"
1175. },
1176. {
1177. "name": "BeginPaint",
1178. "address": "0x408208"
1179. },
1180. {
1181. "name": "GetClientRect",
1182. "address": "0x40820c"
1183. },
1184. {
1185. "name": "FillRect",
1186. "address": "0x408210"
1187. },
1188. {
1189. "name": "DrawTextA",
1190. "address": "0x408214"
1191. },
1192. {
1193. "name": "EndDialog",
1194. "address": "0x408218"
1195. },
1196. {
1197. "name": "RegisterClassA",
1198. "address": "0x40821c"
1199. },
1200. {
1201. "name": "SystemParametersInfoA",
1202. "address": "0x408220"
1203. },
1204. {
1205. "name": "CreateWindowExA",
1206. "address": "0x408224"
1207. },
1208. {
1209. "name": "GetClassInfoA",
1210. "address": "0x408228"
1211. },
1212. {
1213. "name": "DialogBoxParamA",
1214. "address": "0x40822c"
1215. },
1216. {
1217. "name": "CharNextA",
1218. "address": "0x408230"
1219. },
1220. {
1221. "name": "ExitWindowsEx",
1222. "address": "0x408234"
1223. },
1224. {
1225. "name": "GetDC",
1226. "address": "0x408238"
1227. },
1228. {
1229. "name": "CreateDialogParamA",
1230. "address": "0x40823c"
1231. },
1232. {
1233. "name": "SetTimer",
1234. "address": "0x408240"
1235. },
1236. {
1237. "name": "GetDlgItem",
1238. "address": "0x408244"
1239. },
1240. {
1241. "name": "SetWindowLongA",
1242. "address": "0x408248"
1243. },
1244. {
1245. "name": "SetForegroundWindow",
1246. "address": "0x40824c"
1247. },
1248. {
1249. "name": "LoadImageA",
1250. "address": "0x408250"
1251. },
1252. {
1253. "name": "IsWindow",
1254. "address": "0x408254"
1255. },
1256. {
1257. "name": "SendMessageTimeoutA",
1258. "address": "0x408258"
1259. },
1260. {
1261. "name": "FindWindowExA",
1262. "address": "0x40825c"
1263. },
1264. {
1265. "name": "OpenClipboard",
1266. "address": "0x408260"
1267. },
1268. {
1269. "name": "TrackPopupMenu",
1270. "address": "0x408264"
1271. },
1272. {
1273. "name": "AppendMenuA",
1274. "address": "0x408268"
1275. },
1276. {
1277. "name": "EndPaint",
1278. "address": "0x40826c"
1279. },
1280. {
1281. "name": "DestroyWindow",
1282. "address": "0x408270"
1283. },
1284. {
1285. "name": "wsprintfA",
1286. "address": "0x408274"
1287. },
1288. {
1289. "name": "ShowWindow",
1290. "address": "0x408278"
1291. },
1292. {
1293. "name": "SetWindowTextA",
1294. "address": "0x40827c"
1295. }
1296. ],
1297. "dll": "USER32.dll"
1298. },
1299. {
1300. "imports": [
1301. {
1302. "name": "SelectObject",
1303. "address": "0x40804c"
1304. },
1305. {
1306. "name": "SetBkMode",
1307. "address": "0x408050"
1308. },
1309. {
1310. "name": "CreateFontIndirectA",
1311. "address": "0x408054"
1312. },
1313. {
1314. "name": "SetTextColor",
1315. "address": "0x408058"
1316. },
1317. {
1318. "name": "DeleteObject",
1319. "address": "0x40805c"
1320. },
1321. {
1322. "name": "GetDeviceCaps",
1323. "address": "0x408060"
1324. },
1325. {
1326. "name": "CreateBrushIndirect",
1327. "address": "0x408064"
1328. },
1329. {
1330. "name": "SetBkColor",
1331. "address": "0x408068"
1332. }
1333. ],
1334. "dll": "GDI32.dll"
1335. },
1336. {
1337. "imports": [
1338. {
1339. "name": "SHGetSpecialFolderLocation",
1340. "address": "0x408168"
1341. },
1342. {
1343. "name": "ShellExecuteExA",
1344. "address": "0x40816c"
1345. },
1346. {
1347. "name": "SHGetPathFromIDListA",
1348. "address": "0x408170"
1349. },
1350. {
1351. "name": "SHBrowseForFolderA",
1352. "address": "0x408174"
1353. },
1354. {
1355. "name": "SHGetFileInfoA",
1356. "address": "0x408178"
1357. },
1358. {
1359. "name": "SHFileOperationA",
1360. "address": "0x40817c"
1361. }
1362. ],
1363. "dll": "SHELL32.dll"
1364. },
1365. {
1366. "imports": [
1367. {
1368. "name": "AdjustTokenPrivileges",
1369. "address": "0x408000"
1370. },
1371. {
1372. "name": "RegCreateKeyExA",
1373. "address": "0x408004"
1374. },
1375. {
1376. "name": "RegOpenKeyExA",
1377. "address": "0x408008"
1378. },
1379. {
1380. "name": "SetFileSecurityA",
1381. "address": "0x40800c"
1382. },
1383. {
1384. "name": "OpenProcessToken",
1385. "address": "0x408010"
1386. },
1387. {
1388. "name": "LookupPrivilegeValueA",
1389. "address": "0x408014"
1390. },
1391. {
1392. "name": "RegEnumValueA",
1393. "address": "0x408018"
1394. },
1395. {
1396. "name": "RegDeleteKeyA",
1397. "address": "0x40801c"
1398. },
1399. {
1400. "name": "RegDeleteValueA",
1401. "address": "0x408020"
1402. },
1403. {
1404. "name": "RegCloseKey",
1405. "address": "0x408024"
1406. },
1407. {
1408. "name": "RegSetValueExA",
1409. "address": "0x408028"
1410. },
1411. {
1412. "name": "RegQueryValueExA",
1413. "address": "0x40802c"
1414. },
1415. {
1416. "name": "RegEnumKeyA",
1417. "address": "0x408030"
1418. }
1419. ],
1420. "dll": "ADVAPI32.dll"
1421. },
1422. {
1423. "imports": [
1424. {
1425. "name": "ImageList_Create",
1426. "address": "0x408038"
1427. },
1428. {
1429. "name": "ImageList_AddMasked",
1430. "address": "0x40803c"
1431. },
1432. {
1433. "name": "ImageList_Destroy",
1434. "address": "0x408040"
1435. },
1436. {
1437. "name": null,
1438. "address": "0x408044"
1439. }
1440. ],
1441. "dll": "COMCTL32.dll"
1442. },
1443. {
1444. "imports": [
1445. {
1446. "name": "OleUninitialize",
1447. "address": "0x408284"
1448. },
1449. {
1450. "name": "OleInitialize",
1451. "address": "0x408288"
1452. },
1453. {
1454. "name": "CoTaskMemFree",
1455. "address": "0x40828c"
1456. },
1457. {
1458. "name": "CoCreateInstance",
1459. "address": "0x408290"
1460. }
1461. ],
1462. "dll": "ole32.dll"
1463. }
1464. ],
1465. "digital_signers": null,
1466. "exported_dll_name": null,
1467. "actual_checksum": "0x000444e0",
1468. "overlay": {
1469. "size": "0x00038edb",
1470. "offset": "0x00008c00"
1471. },
1472. "imagebase": "0x00400000",
1473. "reported_checksum": "0x00000000",
1474. "icon_hash": null,
1475. "entrypoint": "0x00403328",
1476. "timestamp": "2018-12-15 22:24:32",
1477. "osversion": "4.0",
1478. "sections": [
1479. {
1480. "name": ".text",
1481. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1482. "virtual_address": "0x00001000",
1483. "size_of_data": "0x00006200",
1484. "entropy": "6.40",
1485. "raw_address": "0x00000400",
1486. "virtual_size": "0x00006077",
1487. "characteristics_raw": "0x60000020"
1488. },
1489. {
1490. "name": ".rdata",
1491. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1492. "virtual_address": "0x00008000",
1493. "size_of_data": "0x00001400",
1494. "entropy": "5.04",
1495. "raw_address": "0x00006600",
1496. "virtual_size": "0x00001250",
1497. "characteristics_raw": "0x40000040"
1498. },
1499. {
1500. "name": ".data",
1501. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1502. "virtual_address": "0x0000a000",
1503. "size_of_data": "0x00000400",
1504. "entropy": "5.22",
1505. "raw_address": "0x00007a00",
1506. "virtual_size": "0x0001a838",
1507. "characteristics_raw": "0xc0000040"
1508. },
1509. {
1510. "name": ".ndata",
1511. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1512. "virtual_address": "0x00025000",
1513. "size_of_data": "0x00000000",
1514. "entropy": "0.00",
1515. "raw_address": "0x00000000",
1516. "virtual_size": "0x00008000",
1517. "characteristics_raw": "0xc0000080"
1518. },
1519. {
1520. "name": ".rsrc",
1521. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1522. "virtual_address": "0x0002d000",
1523. "size_of_data": "0x00000e00",
1524. "entropy": "4.05",
1525. "raw_address": "0x00007e00",
1526. "virtual_size": "0x00000c30",
1527. "characteristics_raw": "0x40000040"
1528. }
1529. ],
1530. "resources": [],
1531. "dirents": [
1532. {
1533. "virtual_address": "0x00000000",
1534. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1535. "size": "0x00000000"
1536. },
1537. {
1538. "virtual_address": "0x00008430",
1539. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1540. "size": "0x000000a0"
1541. },
1542. {
1543. "virtual_address": "0x0002d000",
1544. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1545. "size": "0x00000c30"
1546. },
1547. {
1548. "virtual_address": "0x00000000",
1549. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1550. "size": "0x00000000"
1551. },
1552. {
1553. "virtual_address": "0x00000000",
1554. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1555. "size": "0x00000000"
1556. },
1557. {
1558. "virtual_address": "0x00000000",
1559. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1560. "size": "0x00000000"
1561. },
1562. {
1563. "virtual_address": "0x00000000",
1564. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1565. "size": "0x00000000"
1566. },
1567. {
1568. "virtual_address": "0x00000000",
1569. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1570. "size": "0x00000000"
1571. },
1572. {
1573. "virtual_address": "0x00000000",
1574. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1575. "size": "0x00000000"
1576. },
1577. {
1578. "virtual_address": "0x00000000",
1579. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1580. "size": "0x00000000"
1581. },
1582. {
1583. "virtual_address": "0x00000000",
1584. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1585. "size": "0x00000000"
1586. },
1587. {
1588. "virtual_address": "0x00000000",
1589. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1590. "size": "0x00000000"
1591. },
1592. {
1593. "virtual_address": "0x00008000",
1594. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1595. "size": "0x00000298"
1596. },
1597. {
1598. "virtual_address": "0x00000000",
1599. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1600. "size": "0x00000000"
1601. },
1602. {
1603. "virtual_address": "0x00000000",
1604. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1605. "size": "0x00000000"
1606. },
1607. {
1608. "virtual_address": "0x00000000",
1609. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1610. "size": "0x00000000"
1611. }
1612. ],
1613. "exports": [],
1614. "guest_signers": {},
1615. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
1616. "icon_fuzzy": null,
1617. "icon": null,
1618. "pdbpath": null,
1619. "imported_dll_count": 7,
1620. "versioninfo": []
1621. }
1622. }
1623.  
1624. [*] Resolved APIs: [
1625. "version.dll.GetFileVersionInfoA",
1626. "shfolder.dll.SHGetFolderPathA",
1627. "shlwapi.dll.#437",
1628. "cryptbase.dll.SystemFunction036",
1629. "uxtheme.dll.ThemeInitApiHook",
1630. "user32.dll.IsProcessDPIAware",
1631. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
1632. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
1633. "kernel32.dll.GetUserDefaultUILanguage",
1634. "shell32.dll.#680",
1635. "system.dll.Alloc",
1636. "system.dll.Call",
1637. "splash.dll.show",
1638. "kernel32.dll.CreateMutexA",
1639. "enchantress.dll.q",
1640. "kernel32.dll.VirtualAlloc",
1641. "kernel32.dll.CloseHandle",
1642. "kernel32.dll.GetFileSize",
1643. "kernel32.dll.GlobalAlloc",
1644. "kernel32.dll.ReadFile",
1645. "kernel32.dll.CreateFileA",
1646. "kernel32.dll.LoadLibraryA",
1647. "user32.dll.MessageBoxA",
1648. "user32.dll.CreateWindowStationW",
1649. "user32.dll.ReplyMessage",
1650. "advapi32.dll.NotifyChangeEventLog",
1651. "advapi32.dll.ObjectCloseAuditAlarmW",
1652. "advapi32.dll.CryptDecrypt",
1653. "kernel32.dll.GetCurrentProcessId",
1654. "kernel32.dll.GetWindowsDirectoryA",
1655. "kernel32.dll.WriteProfileStringA",
1656. "kernel32.dll.SetThreadPriorityBoost",
1657. "kernel32.dll.SwitchToThread",
1658. "cryptsp.dll.CryptDecrypt"
1659. ]
1660.  
1661. [*] Static Analysis: {
1662. "pe": {
1663. "peid_signatures": null,
1664. "imports": [
1665. {
1666. "imports": [
1667. {
1668. "name": "SetEnvironmentVariableA",
1669. "address": "0x408070"
1670. },
1671. {
1672. "name": "CreateFileA",
1673. "address": "0x408074"
1674. },
1675. {
1676. "name": "GetFileSize",
1677. "address": "0x408078"
1678. },
1679. {
1680. "name": "GetModuleFileNameA",
1681. "address": "0x40807c"
1682. },
1683. {
1684. "name": "ReadFile",
1685. "address": "0x408080"
1686. },
1687. {
1688. "name": "GetCurrentProcess",
1689. "address": "0x408084"
1690. },
1691. {
1692. "name": "CopyFileA",
1693. "address": "0x408088"
1694. },
1695. {
1696. "name": "Sleep",
1697. "address": "0x40808c"
1698. },
1699. {
1700. "name": "GetTickCount",
1701. "address": "0x408090"
1702. },
1703. {
1704. "name": "GetWindowsDirectoryA",
1705. "address": "0x408094"
1706. },
1707. {
1708. "name": "GetTempPathA",
1709. "address": "0x408098"
1710. },
1711. {
1712. "name": "GetCommandLineA",
1713. "address": "0x40809c"
1714. },
1715. {
1716. "name": "lstrlenA",
1717. "address": "0x4080a0"
1718. },
1719. {
1720. "name": "GetVersion",
1721. "address": "0x4080a4"
1722. },
1723. {
1724. "name": "SetErrorMode",
1725. "address": "0x4080a8"
1726. },
1727. {
1728. "name": "lstrcpynA",
1729. "address": "0x4080ac"
1730. },
1731. {
1732. "name": "ExitProcess",
1733. "address": "0x4080b0"
1734. },
1735. {
1736. "name": "SetCurrentDirectoryA",
1737. "address": "0x4080b4"
1738. },
1739. {
1740. "name": "GlobalLock",
1741. "address": "0x4080b8"
1742. },
1743. {
1744. "name": "CreateThread",
1745. "address": "0x4080bc"
1746. },
1747. {
1748. "name": "GetLastError",
1749. "address": "0x4080c0"
1750. },
1751. {
1752. "name": "CreateDirectoryA",
1753. "address": "0x4080c4"
1754. },
1755. {
1756. "name": "CreateProcessA",
1757. "address": "0x4080c8"
1758. },
1759. {
1760. "name": "RemoveDirectoryA",
1761. "address": "0x4080cc"
1762. },
1763. {
1764. "name": "GetTempFileNameA",
1765. "address": "0x4080d0"
1766. },
1767. {
1768. "name": "WriteFile",
1769. "address": "0x4080d4"
1770. },
1771. {
1772. "name": "lstrcpyA",
1773. "address": "0x4080d8"
1774. },
1775. {
1776. "name": "MoveFileExA",
1777. "address": "0x4080dc"
1778. },
1779. {
1780. "name": "lstrcatA",
1781. "address": "0x4080e0"
1782. },
1783. {
1784. "name": "GetSystemDirectoryA",
1785. "address": "0x4080e4"
1786. },
1787. {
1788. "name": "GetProcAddress",
1789. "address": "0x4080e8"
1790. },
1791. {
1792. "name": "GetExitCodeProcess",
1793. "address": "0x4080ec"
1794. },
1795. {
1796. "name": "WaitForSingleObject",
1797. "address": "0x4080f0"
1798. },
1799. {
1800. "name": "CompareFileTime",
1801. "address": "0x4080f4"
1802. },
1803. {
1804. "name": "SetFileAttributesA",
1805. "address": "0x4080f8"
1806. },
1807. {
1808. "name": "GetFileAttributesA",
1809. "address": "0x4080fc"
1810. },
1811. {
1812. "name": "GetShortPathNameA",
1813. "address": "0x408100"
1814. },
1815. {
1816. "name": "MoveFileA",
1817. "address": "0x408104"
1818. },
1819. {
1820. "name": "GetFullPathNameA",
1821. "address": "0x408108"
1822. },
1823. {
1824. "name": "SetFileTime",
1825. "address": "0x40810c"
1826. },
1827. {
1828. "name": "SearchPathA",
1829. "address": "0x408110"
1830. },
1831. {
1832. "name": "CloseHandle",
1833. "address": "0x408114"
1834. },
1835. {
1836. "name": "lstrcmpiA",
1837. "address": "0x408118"
1838. },
1839. {
1840. "name": "GlobalUnlock",
1841. "address": "0x40811c"
1842. },
1843. {
1844. "name": "GetDiskFreeSpaceA",
1845. "address": "0x408120"
1846. },
1847. {
1848. "name": "lstrcmpA",
1849. "address": "0x408124"
1850. },
1851. {
1852. "name": "FindFirstFileA",
1853. "address": "0x408128"
1854. },
1855. {
1856. "name": "FindNextFileA",
1857. "address": "0x40812c"
1858. },
1859. {
1860. "name": "DeleteFileA",
1861. "address": "0x408130"
1862. },
1863. {
1864. "name": "SetFilePointer",
1865. "address": "0x408134"
1866. },
1867. {
1868. "name": "GetPrivateProfileStringA",
1869. "address": "0x408138"
1870. },
1871. {
1872. "name": "FindClose",
1873. "address": "0x40813c"
1874. },
1875. {
1876. "name": "MultiByteToWideChar",
1877. "address": "0x408140"
1878. },
1879. {
1880. "name": "FreeLibrary",
1881. "address": "0x408144"
1882. },
1883. {
1884. "name": "MulDiv",
1885. "address": "0x408148"
1886. },
1887. {
1888. "name": "WritePrivateProfileStringA",
1889. "address": "0x40814c"
1890. },
1891. {
1892. "name": "LoadLibraryExA",
1893. "address": "0x408150"
1894. },
1895. {
1896. "name": "GetModuleHandleA",
1897. "address": "0x408154"
1898. },
1899. {
1900. "name": "GlobalAlloc",
1901. "address": "0x408158"
1902. },
1903. {
1904. "name": "GlobalFree",
1905. "address": "0x40815c"
1906. },
1907. {
1908. "name": "ExpandEnvironmentStringsA",
1909. "address": "0x408160"
1910. }
1911. ],
1912. "dll": "KERNEL32.dll"
1913. },
1914. {
1915. "imports": [
1916. {
1917. "name": "ScreenToClient",
1918. "address": "0x408184"
1919. },
1920. {
1921. "name": "GetSystemMenu",
1922. "address": "0x408188"
1923. },
1924. {
1925. "name": "SetClassLongA",
1926. "address": "0x40818c"
1927. },
1928. {
1929. "name": "IsWindowEnabled",
1930. "address": "0x408190"
1931. },
1932. {
1933. "name": "SetWindowPos",
1934. "address": "0x408194"
1935. },
1936. {
1937. "name": "GetSysColor",
1938. "address": "0x408198"
1939. },
1940. {
1941. "name": "GetWindowLongA",
1942. "address": "0x40819c"
1943. },
1944. {
1945. "name": "SetCursor",
1946. "address": "0x4081a0"
1947. },
1948. {
1949. "name": "LoadCursorA",
1950. "address": "0x4081a4"
1951. },
1952. {
1953. "name": "CheckDlgButton",
1954. "address": "0x4081a8"
1955. },
1956. {
1957. "name": "GetMessagePos",
1958. "address": "0x4081ac"
1959. },
1960. {
1961. "name": "LoadBitmapA",
1962. "address": "0x4081b0"
1963. },
1964. {
1965. "name": "CallWindowProcA",
1966. "address": "0x4081b4"
1967. },
1968. {
1969. "name": "IsWindowVisible",
1970. "address": "0x4081b8"
1971. },
1972. {
1973. "name": "CloseClipboard",
1974. "address": "0x4081bc"
1975. },
1976. {
1977. "name": "SetClipboardData",
1978. "address": "0x4081c0"
1979. },
1980. {
1981. "name": "EmptyClipboard",
1982. "address": "0x4081c4"
1983. },
1984. {
1985. "name": "PostQuitMessage",
1986. "address": "0x4081c8"
1987. },
1988. {
1989. "name": "GetWindowRect",
1990. "address": "0x4081cc"
1991. },
1992. {
1993. "name": "EnableMenuItem",
1994. "address": "0x4081d0"
1995. },
1996. {
1997. "name": "CreatePopupMenu",
1998. "address": "0x4081d4"
1999. },
2000. {
2001. "name": "GetSystemMetrics",
2002. "address": "0x4081d8"
2003. },
2004. {
2005. "name": "SetDlgItemTextA",
2006. "address": "0x4081dc"
2007. },
2008. {
2009. "name": "GetDlgItemTextA",
2010. "address": "0x4081e0"
2011. },
2012. {
2013. "name": "MessageBoxIndirectA",
2014. "address": "0x4081e4"
2015. },
2016. {
2017. "name": "CharPrevA",
2018. "address": "0x4081e8"
2019. },
2020. {
2021. "name": "DispatchMessageA",
2022. "address": "0x4081ec"
2023. },
2024. {
2025. "name": "PeekMessageA",
2026. "address": "0x4081f0"
2027. },
2028. {
2029. "name": "ReleaseDC",
2030. "address": "0x4081f4"
2031. },
2032. {
2033. "name": "EnableWindow",
2034. "address": "0x4081f8"
2035. },
2036. {
2037. "name": "InvalidateRect",
2038. "address": "0x4081fc"
2039. },
2040. {
2041. "name": "SendMessageA",
2042. "address": "0x408200"
2043. },
2044. {
2045. "name": "DefWindowProcA",
2046. "address": "0x408204"
2047. },
2048. {
2049. "name": "BeginPaint",
2050. "address": "0x408208"
2051. },
2052. {
2053. "name": "GetClientRect",
2054. "address": "0x40820c"
2055. },
2056. {
2057. "name": "FillRect",
2058. "address": "0x408210"
2059. },
2060. {
2061. "name": "DrawTextA",
2062. "address": "0x408214"
2063. },
2064. {
2065. "name": "EndDialog",
2066. "address": "0x408218"
2067. },
2068. {
2069. "name": "RegisterClassA",
2070. "address": "0x40821c"
2071. },
2072. {
2073. "name": "SystemParametersInfoA",
2074. "address": "0x408220"
2075. },
2076. {
2077. "name": "CreateWindowExA",
2078. "address": "0x408224"
2079. },
2080. {
2081. "name": "GetClassInfoA",
2082. "address": "0x408228"
2083. },
2084. {
2085. "name": "DialogBoxParamA",
2086. "address": "0x40822c"
2087. },
2088. {
2089. "name": "CharNextA",
2090. "address": "0x408230"
2091. },
2092. {
2093. "name": "ExitWindowsEx",
2094. "address": "0x408234"
2095. },
2096. {
2097. "name": "GetDC",
2098. "address": "0x408238"
2099. },
2100. {
2101. "name": "CreateDialogParamA",
2102. "address": "0x40823c"
2103. },
2104. {
2105. "name": "SetTimer",
2106. "address": "0x408240"
2107. },
2108. {
2109. "name": "GetDlgItem",
2110. "address": "0x408244"
2111. },
2112. {
2113. "name": "SetWindowLongA",
2114. "address": "0x408248"
2115. },
2116. {
2117. "name": "SetForegroundWindow",
2118. "address": "0x40824c"
2119. },
2120. {
2121. "name": "LoadImageA",
2122. "address": "0x408250"
2123. },
2124. {
2125. "name": "IsWindow",
2126. "address": "0x408254"
2127. },
2128. {
2129. "name": "SendMessageTimeoutA",
2130. "address": "0x408258"
2131. },
2132. {
2133. "name": "FindWindowExA",
2134. "address": "0x40825c"
2135. },
2136. {
2137. "name": "OpenClipboard",
2138. "address": "0x408260"
2139. },
2140. {
2141. "name": "TrackPopupMenu",
2142. "address": "0x408264"
2143. },
2144. {
2145. "name": "AppendMenuA",
2146. "address": "0x408268"
2147. },
2148. {
2149. "name": "EndPaint",
2150. "address": "0x40826c"
2151. },
2152. {
2153. "name": "DestroyWindow",
2154. "address": "0x408270"
2155. },
2156. {
2157. "name": "wsprintfA",
2158. "address": "0x408274"
2159. },
2160. {
2161. "name": "ShowWindow",
2162. "address": "0x408278"
2163. },
2164. {
2165. "name": "SetWindowTextA",
2166. "address": "0x40827c"
2167. }
2168. ],
2169. "dll": "USER32.dll"
2170. },
2171. {
2172. "imports": [
2173. {
2174. "name": "SelectObject",
2175. "address": "0x40804c"
2176. },
2177. {
2178. "name": "SetBkMode",
2179. "address": "0x408050"
2180. },
2181. {
2182. "name": "CreateFontIndirectA",
2183. "address": "0x408054"
2184. },
2185. {
2186. "name": "SetTextColor",
2187. "address": "0x408058"
2188. },
2189. {
2190. "name": "DeleteObject",
2191. "address": "0x40805c"
2192. },
2193. {
2194. "name": "GetDeviceCaps",
2195. "address": "0x408060"
2196. },
2197. {
2198. "name": "CreateBrushIndirect",
2199. "address": "0x408064"
2200. },
2201. {
2202. "name": "SetBkColor",
2203. "address": "0x408068"
2204. }
2205. ],
2206. "dll": "GDI32.dll"
2207. },
2208. {
2209. "imports": [
2210. {
2211. "name": "SHGetSpecialFolderLocation",
2212. "address": "0x408168"
2213. },
2214. {
2215. "name": "ShellExecuteExA",
2216. "address": "0x40816c"
2217. },
2218. {
2219. "name": "SHGetPathFromIDListA",
2220. "address": "0x408170"
2221. },
2222. {
2223. "name": "SHBrowseForFolderA",
2224. "address": "0x408174"
2225. },
2226. {
2227. "name": "SHGetFileInfoA",
2228. "address": "0x408178"
2229. },
2230. {
2231. "name": "SHFileOperationA",
2232. "address": "0x40817c"
2233. }
2234. ],
2235. "dll": "SHELL32.dll"
2236. },
2237. {
2238. "imports": [
2239. {
2240. "name": "AdjustTokenPrivileges",
2241. "address": "0x408000"
2242. },
2243. {
2244. "name": "RegCreateKeyExA",
2245. "address": "0x408004"
2246. },
2247. {
2248. "name": "RegOpenKeyExA",
2249. "address": "0x408008"
2250. },
2251. {
2252. "name": "SetFileSecurityA",
2253. "address": "0x40800c"
2254. },
2255. {
2256. "name": "OpenProcessToken",
2257. "address": "0x408010"
2258. },
2259. {
2260. "name": "LookupPrivilegeValueA",
2261. "address": "0x408014"
2262. },
2263. {
2264. "name": "RegEnumValueA",
2265. "address": "0x408018"
2266. },
2267. {
2268. "name": "RegDeleteKeyA",
2269. "address": "0x40801c"
2270. },
2271. {
2272. "name": "RegDeleteValueA",
2273. "address": "0x408020"
2274. },
2275. {
2276. "name": "RegCloseKey",
2277. "address": "0x408024"
2278. },
2279. {
2280. "name": "RegSetValueExA",
2281. "address": "0x408028"
2282. },
2283. {
2284. "name": "RegQueryValueExA",
2285. "address": "0x40802c"
2286. },
2287. {
2288. "name": "RegEnumKeyA",
2289. "address": "0x408030"
2290. }
2291. ],
2292. "dll": "ADVAPI32.dll"
2293. },
2294. {
2295. "imports": [
2296. {
2297. "name": "ImageList_Create",
2298. "address": "0x408038"
2299. },
2300. {
2301. "name": "ImageList_AddMasked",
2302. "address": "0x40803c"
2303. },
2304. {
2305. "name": "ImageList_Destroy",
2306. "address": "0x408040"
2307. },
2308. {
2309. "name": null,
2310. "address": "0x408044"
2311. }
2312. ],
2313. "dll": "COMCTL32.dll"
2314. },
2315. {
2316. "imports": [
2317. {
2318. "name": "OleUninitialize",
2319. "address": "0x408284"
2320. },
2321. {
2322. "name": "OleInitialize",
2323. "address": "0x408288"
2324. },
2325. {
2326. "name": "CoTaskMemFree",
2327. "address": "0x40828c"
2328. },
2329. {
2330. "name": "CoCreateInstance",
2331. "address": "0x408290"
2332. }
2333. ],
2334. "dll": "ole32.dll"
2335. }
2336. ],
2337. "digital_signers": null,
2338. "exported_dll_name": null,
2339. "actual_checksum": "0x000444e0",
2340. "overlay": {
2341. "size": "0x00038edb",
2342. "offset": "0x00008c00"
2343. },
2344. "imagebase": "0x00400000",
2345. "reported_checksum": "0x00000000",
2346. "icon_hash": null,
2347. "entrypoint": "0x00403328",
2348. "timestamp": "2018-12-15 22:24:32",
2349. "osversion": "4.0",
2350. "sections": [
2351. {
2352. "name": ".text",
2353. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2354. "virtual_address": "0x00001000",
2355. "size_of_data": "0x00006200",
2356. "entropy": "6.40",
2357. "raw_address": "0x00000400",
2358. "virtual_size": "0x00006077",
2359. "characteristics_raw": "0x60000020"
2360. },
2361. {
2362. "name": ".rdata",
2363. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2364. "virtual_address": "0x00008000",
2365. "size_of_data": "0x00001400",
2366. "entropy": "5.04",
2367. "raw_address": "0x00006600",
2368. "virtual_size": "0x00001250",
2369. "characteristics_raw": "0x40000040"
2370. },
2371. {
2372. "name": ".data",
2373. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2374. "virtual_address": "0x0000a000",
2375. "size_of_data": "0x00000400",
2376. "entropy": "5.22",
2377. "raw_address": "0x00007a00",
2378. "virtual_size": "0x0001a838",
2379. "characteristics_raw": "0xc0000040"
2380. },
2381. {
2382. "name": ".ndata",
2383. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2384. "virtual_address": "0x00025000",
2385. "size_of_data": "0x00000000",
2386. "entropy": "0.00",
2387. "raw_address": "0x00000000",
2388. "virtual_size": "0x00008000",
2389. "characteristics_raw": "0xc0000080"
2390. },
2391. {
2392. "name": ".rsrc",
2393. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2394. "virtual_address": "0x0002d000",
2395. "size_of_data": "0x00000e00",
2396. "entropy": "4.05",
2397. "raw_address": "0x00007e00",
2398. "virtual_size": "0x00000c30",
2399. "characteristics_raw": "0x40000040"
2400. }
2401. ],
2402. "resources": [],
2403. "dirents": [
2404. {
2405. "virtual_address": "0x00000000",
2406. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2407. "size": "0x00000000"
2408. },
2409. {
2410. "virtual_address": "0x00008430",
2411. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2412. "size": "0x000000a0"
2413. },
2414. {
2415. "virtual_address": "0x0002d000",
2416. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2417. "size": "0x00000c30"
2418. },
2419. {
2420. "virtual_address": "0x00000000",
2421. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2422. "size": "0x00000000"
2423. },
2424. {
2425. "virtual_address": "0x00000000",
2426. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2427. "size": "0x00000000"
2428. },
2429. {
2430. "virtual_address": "0x00000000",
2431. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2432. "size": "0x00000000"
2433. },
2434. {
2435. "virtual_address": "0x00000000",
2436. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2437. "size": "0x00000000"
2438. },
2439. {
2440. "virtual_address": "0x00000000",
2441. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2442. "size": "0x00000000"
2443. },
2444. {
2445. "virtual_address": "0x00000000",
2446. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2447. "size": "0x00000000"
2448. },
2449. {
2450. "virtual_address": "0x00000000",
2451. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2452. "size": "0x00000000"
2453. },
2454. {
2455. "virtual_address": "0x00000000",
2456. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2457. "size": "0x00000000"
2458. },
2459. {
2460. "virtual_address": "0x00000000",
2461. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2462. "size": "0x00000000"
2463. },
2464. {
2465. "virtual_address": "0x00008000",
2466. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2467. "size": "0x00000298"
2468. },
2469. {
2470. "virtual_address": "0x00000000",
2471. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2472. "size": "0x00000000"
2473. },
2474. {
2475. "virtual_address": "0x00000000",
2476. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2477. "size": "0x00000000"
2478. },
2479. {
2480. "virtual_address": "0x00000000",
2481. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2482. "size": "0x00000000"
2483. }
2484. ],
2485. "exports": [],
2486. "guest_signers": {},
2487. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
2488. "icon_fuzzy": null,
2489. "icon": null,
2490. "pdbpath": null,
2491. "imported_dll_count": 7,
2492. "versioninfo": []
2493. }
2494. }