Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Malicious"
- [*] MalScore: 10.0
- [*] File Name: "Exes_d3491c79fa8cbdea26bc3c552cd24458.exe"
- [*] File Size: 269019
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
- [*] SHA256: "fe213febfc0a2ec538656997dbf04024ad483015bc250b01e54515d01647c617"
- [*] MD5: "d3491c79fa8cbdea26bc3c552cd24458"
- [*] SHA1: "e9d29ea6118664f34ef9fe7973458f45ee3b3984"
- [*] SHA512: "fed645c61a7b7346ba0099ca1d110b2b78200d6c50d47112755b22ff4be09956047b1d89594d28248dc5f02007796225b54030bc8617166ef6fcd9b35295d369"
- [*] CRC32: "C4E49AFB"
- [*] SSDEEP: "3072:rdRGsvFggQc4SbiYsZKoeORr+EAE1z7pgNvlWAmUTIxd/FgqTmgg13piZQd8G6zA:r5LiXeORuipeTInLTBga1G6VSUvciTMb"
- [*] Process Execution: [
- "Exes_d3491c79fa8cbdea26bc3c552cd24458.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: Exes_d3491c79fa8cbdea26bc3c552cd24458.exe, pid: 748, offset: 0x00000000, length: 0x00041ad7"
- },
- {
- "self_read": "process: Exes_d3491c79fa8cbdea26bc3c552cd24458.exe, pid: 748, offset: 0x00008c1c, length: 0x00038ebf"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "file": "C:\\Windows\\win.ini"
- },
- {
- "file": "C:\\Windows\\win.ini"
- }
- ]
- },
- {
- "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "Bkav": "HW32.Packed."
- },
- {
- "FireEye": "Generic.mg.d3491c79fa8cbdea"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Kaspersky": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Ransom.dc"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "ESET-NOD32": "Win32/Injector.EGBD"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "Rising": "Trojan.Loader!1.B8C9 (CLASSIC)"
- },
- {
- "AVG": "FileRepMalware"
- },
- {
- "Cybereason": "malicious.611866"
- },
- {
- "CrowdStrike": "win/malicious_confidence_80% (W)"
- },
- {
- "Qihoo-360": "HEUR/QVM20.1.EB29.Malware.Gen"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: [
- "OpenMetaverseInstaller"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsq1EF.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\ShareErrorMessagePage.xaml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\managedAssemblies.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Deaconship",
- "C:\\Users\\user\\AppData\\Local\\Temp\\enchantress.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp\\System.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp\\Splash.dll",
- "C:\\Windows\\win.ini"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsb1DF.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsq23E.tmp"
- ]
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6155\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6156-15772\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=15773-29089\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29090-44296\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=44297-58817\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=58818-81595\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=81596-137399\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=137400-213880\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=213881-283363\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=283364-524651\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=524652-709284\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=709285-1315535\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1315536-2184550\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2184551-3507668\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3507669-5079444\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5079445-7098963\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7098964-9007426\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9007427-10932677\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-a5msen7l.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-a5msen7l.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.83.40.106&mm=28&mn=sn-a5msen7l&ms=nvh&mt=1560804941&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10932678-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-a5msen7l.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x408070"
- },
- {
- "name": "CreateFileA",
- "address": "0x408074"
- },
- {
- "name": "GetFileSize",
- "address": "0x408078"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40807c"
- },
- {
- "name": "ReadFile",
- "address": "0x408080"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x408084"
- },
- {
- "name": "CopyFileA",
- "address": "0x408088"
- },
- {
- "name": "Sleep",
- "address": "0x40808c"
- },
- {
- "name": "GetTickCount",
- "address": "0x408090"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x408094"
- },
- {
- "name": "GetTempPathA",
- "address": "0x408098"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40809c"
- },
- {
- "name": "lstrlenA",
- "address": "0x4080a0"
- },
- {
- "name": "GetVersion",
- "address": "0x4080a4"
- },
- {
- "name": "SetErrorMode",
- "address": "0x4080a8"
- },
- {
- "name": "lstrcpynA",
- "address": "0x4080ac"
- },
- {
- "name": "ExitProcess",
- "address": "0x4080b0"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4080b4"
- },
- {
- "name": "GlobalLock",
- "address": "0x4080b8"
- },
- {
- "name": "CreateThread",
- "address": "0x4080bc"
- },
- {
- "name": "GetLastError",
- "address": "0x4080c0"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x4080c4"
- },
- {
- "name": "CreateProcessA",
- "address": "0x4080c8"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x4080cc"
- },
- {
- "name": "GetTempFileNameA",
- "address": "0x4080d0"
- },
- {
- "name": "WriteFile",
- "address": "0x4080d4"
- },
- {
- "name": "lstrcpyA",
- "address": "0x4080d8"
- },
- {
- "name": "MoveFileExA",
- "address": "0x4080dc"
- },
- {
- "name": "lstrcatA",
- "address": "0x4080e0"
- },
- {
- "name": "GetSystemDirectoryA",
- "address": "0x4080e4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4080e8"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x4080ec"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x4080f0"
- },
- {
- "name": "CompareFileTime",
- "address": "0x4080f4"
- },
- {
- "name": "SetFileAttributesA",
- "address": "0x4080f8"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4080fc"
- },
- {
- "name": "GetShortPathNameA",
- "address": "0x408100"
- },
- {
- "name": "MoveFileA",
- "address": "0x408104"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x408108"
- },
- {
- "name": "SetFileTime",
- "address": "0x40810c"
- },
- {
- "name": "SearchPathA",
- "address": "0x408110"
- },
- {
- "name": "CloseHandle",
- "address": "0x408114"
- },
- {
- "name": "lstrcmpiA",
- "address": "0x408118"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x40811c"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x408120"
- },
- {
- "name": "lstrcmpA",
- "address": "0x408124"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x408128"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40812c"
- },
- {
- "name": "DeleteFileA",
- "address": "0x408130"
- },
- {
- "name": "SetFilePointer",
- "address": "0x408134"
- },
- {
- "name": "GetPrivateProfileStringA",
- "address": "0x408138"
- },
- {
- "name": "FindClose",
- "address": "0x40813c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x408140"
- },
- {
- "name": "FreeLibrary",
- "address": "0x408144"
- },
- {
- "name": "MulDiv",
- "address": "0x408148"
- },
- {
- "name": "WritePrivateProfileStringA",
- "address": "0x40814c"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x408150"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x408154"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x408158"
- },
- {
- "name": "GlobalFree",
- "address": "0x40815c"
- },
- {
- "name": "ExpandEnvironmentStringsA",
- "address": "0x408160"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ScreenToClient",
- "address": "0x408184"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x408188"
- },
- {
- "name": "SetClassLongA",
- "address": "0x40818c"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x408190"
- },
- {
- "name": "SetWindowPos",
- "address": "0x408194"
- },
- {
- "name": "GetSysColor",
- "address": "0x408198"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x40819c"
- },
- {
- "name": "SetCursor",
- "address": "0x4081a0"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4081a4"
- },
- {
- "name": "CheckDlgButton",
- "address": "0x4081a8"
- },
- {
- "name": "GetMessagePos",
- "address": "0x4081ac"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x4081b0"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4081b4"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x4081b8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4081bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4081c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x4081c4"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4081c8"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4081cc"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x4081d0"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4081d4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4081d8"
- },
- {
- "name": "SetDlgItemTextA",
- "address": "0x4081dc"
- },
- {
- "name": "GetDlgItemTextA",
- "address": "0x4081e0"
- },
- {
- "name": "MessageBoxIndirectA",
- "address": "0x4081e4"
- },
- {
- "name": "CharPrevA",
- "address": "0x4081e8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4081ec"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4081f0"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4081f4"
- },
- {
- "name": "EnableWindow",
- "address": "0x4081f8"
- },
- {
- "name": "InvalidateRect",
- "address": "0x4081fc"
- },
- {
- "name": "SendMessageA",
- "address": "0x408200"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x408204"
- },
- {
- "name": "BeginPaint",
- "address": "0x408208"
- },
- {
- "name": "GetClientRect",
- "address": "0x40820c"
- },
- {
- "name": "FillRect",
- "address": "0x408210"
- },
- {
- "name": "DrawTextA",
- "address": "0x408214"
- },
- {
- "name": "EndDialog",
- "address": "0x408218"
- },
- {
- "name": "RegisterClassA",
- "address": "0x40821c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x408220"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x408224"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x408228"
- },
- {
- "name": "DialogBoxParamA",
- "address": "0x40822c"
- },
- {
- "name": "CharNextA",
- "address": "0x408230"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x408234"
- },
- {
- "name": "GetDC",
- "address": "0x408238"
- },
- {
- "name": "CreateDialogParamA",
- "address": "0x40823c"
- },
- {
- "name": "SetTimer",
- "address": "0x408240"
- },
- {
- "name": "GetDlgItem",
- "address": "0x408244"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x408248"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x40824c"
- },
- {
- "name": "LoadImageA",
- "address": "0x408250"
- },
- {
- "name": "IsWindow",
- "address": "0x408254"
- },
- {
- "name": "SendMessageTimeoutA",
- "address": "0x408258"
- },
- {
- "name": "FindWindowExA",
- "address": "0x40825c"
- },
- {
- "name": "OpenClipboard",
- "address": "0x408260"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x408264"
- },
- {
- "name": "AppendMenuA",
- "address": "0x408268"
- },
- {
- "name": "EndPaint",
- "address": "0x40826c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x408270"
- },
- {
- "name": "wsprintfA",
- "address": "0x408274"
- },
- {
- "name": "ShowWindow",
- "address": "0x408278"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x40827c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "SelectObject",
- "address": "0x40804c"
- },
- {
- "name": "SetBkMode",
- "address": "0x408050"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x408054"
- },
- {
- "name": "SetTextColor",
- "address": "0x408058"
- },
- {
- "name": "DeleteObject",
- "address": "0x40805c"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x408060"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x408064"
- },
- {
- "name": "SetBkColor",
- "address": "0x408068"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x408168"
- },
- {
- "name": "ShellExecuteExA",
- "address": "0x40816c"
- },
- {
- "name": "SHGetPathFromIDListA",
- "address": "0x408170"
- },
- {
- "name": "SHBrowseForFolderA",
- "address": "0x408174"
- },
- {
- "name": "SHGetFileInfoA",
- "address": "0x408178"
- },
- {
- "name": "SHFileOperationA",
- "address": "0x40817c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x408000"
- },
- {
- "name": "RegCreateKeyExA",
- "address": "0x408004"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x408008"
- },
- {
- "name": "SetFileSecurityA",
- "address": "0x40800c"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x408010"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x408014"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x408018"
- },
- {
- "name": "RegDeleteKeyA",
- "address": "0x40801c"
- },
- {
- "name": "RegDeleteValueA",
- "address": "0x408020"
- },
- {
- "name": "RegCloseKey",
- "address": "0x408024"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x408028"
- },
- {
- "name": "RegQueryValueExA",
- "address": "0x40802c"
- },
- {
- "name": "RegEnumKeyA",
- "address": "0x408030"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Create",
- "address": "0x408038"
- },
- {
- "name": "ImageList_AddMasked",
- "address": "0x40803c"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x408040"
- },
- {
- "name": null,
- "address": "0x408044"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "OleUninitialize",
- "address": "0x408284"
- },
- {
- "name": "OleInitialize",
- "address": "0x408288"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x40828c"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x408290"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000444e0",
- "overlay": {
- "size": "0x00038edb",
- "offset": "0x00008c00"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00403328",
- "timestamp": "2018-12-15 22:24:32",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00006200",
- "entropy": "6.40",
- "raw_address": "0x00000400",
- "virtual_size": "0x00006077",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00008000",
- "size_of_data": "0x00001400",
- "entropy": "5.04",
- "raw_address": "0x00006600",
- "virtual_size": "0x00001250",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000a000",
- "size_of_data": "0x00000400",
- "entropy": "5.22",
- "raw_address": "0x00007a00",
- "virtual_size": "0x0001a838",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".ndata",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00025000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00008000",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0002d000",
- "size_of_data": "0x00000e00",
- "entropy": "4.05",
- "raw_address": "0x00007e00",
- "virtual_size": "0x00000c30",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00008430",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x0002d000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000c30"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00008000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000298"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "version.dll.GetFileVersionInfoA",
- "shfolder.dll.SHGetFolderPathA",
- "shlwapi.dll.#437",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "kernel32.dll.GetUserDefaultUILanguage",
- "shell32.dll.#680",
- "system.dll.Alloc",
- "system.dll.Call",
- "splash.dll.show",
- "kernel32.dll.CreateMutexA",
- "enchantress.dll.q",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.GlobalAlloc",
- "kernel32.dll.ReadFile",
- "kernel32.dll.CreateFileA",
- "kernel32.dll.LoadLibraryA",
- "user32.dll.MessageBoxA",
- "user32.dll.CreateWindowStationW",
- "user32.dll.ReplyMessage",
- "advapi32.dll.NotifyChangeEventLog",
- "advapi32.dll.ObjectCloseAuditAlarmW",
- "advapi32.dll.CryptDecrypt",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.GetWindowsDirectoryA",
- "kernel32.dll.WriteProfileStringA",
- "kernel32.dll.SetThreadPriorityBoost",
- "kernel32.dll.SwitchToThread",
- "cryptsp.dll.CryptDecrypt"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x408070"
- },
- {
- "name": "CreateFileA",
- "address": "0x408074"
- },
- {
- "name": "GetFileSize",
- "address": "0x408078"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40807c"
- },
- {
- "name": "ReadFile",
- "address": "0x408080"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x408084"
- },
- {
- "name": "CopyFileA",
- "address": "0x408088"
- },
- {
- "name": "Sleep",
- "address": "0x40808c"
- },
- {
- "name": "GetTickCount",
- "address": "0x408090"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x408094"
- },
- {
- "name": "GetTempPathA",
- "address": "0x408098"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40809c"
- },
- {
- "name": "lstrlenA",
- "address": "0x4080a0"
- },
- {
- "name": "GetVersion",
- "address": "0x4080a4"
- },
- {
- "name": "SetErrorMode",
- "address": "0x4080a8"
- },
- {
- "name": "lstrcpynA",
- "address": "0x4080ac"
- },
- {
- "name": "ExitProcess",
- "address": "0x4080b0"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4080b4"
- },
- {
- "name": "GlobalLock",
- "address": "0x4080b8"
- },
- {
- "name": "CreateThread",
- "address": "0x4080bc"
- },
- {
- "name": "GetLastError",
- "address": "0x4080c0"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x4080c4"
- },
- {
- "name": "CreateProcessA",
- "address": "0x4080c8"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x4080cc"
- },
- {
- "name": "GetTempFileNameA",
- "address": "0x4080d0"
- },
- {
- "name": "WriteFile",
- "address": "0x4080d4"
- },
- {
- "name": "lstrcpyA",
- "address": "0x4080d8"
- },
- {
- "name": "MoveFileExA",
- "address": "0x4080dc"
- },
- {
- "name": "lstrcatA",
- "address": "0x4080e0"
- },
- {
- "name": "GetSystemDirectoryA",
- "address": "0x4080e4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4080e8"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x4080ec"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x4080f0"
- },
- {
- "name": "CompareFileTime",
- "address": "0x4080f4"
- },
- {
- "name": "SetFileAttributesA",
- "address": "0x4080f8"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4080fc"
- },
- {
- "name": "GetShortPathNameA",
- "address": "0x408100"
- },
- {
- "name": "MoveFileA",
- "address": "0x408104"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x408108"
- },
- {
- "name": "SetFileTime",
- "address": "0x40810c"
- },
- {
- "name": "SearchPathA",
- "address": "0x408110"
- },
- {
- "name": "CloseHandle",
- "address": "0x408114"
- },
- {
- "name": "lstrcmpiA",
- "address": "0x408118"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x40811c"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x408120"
- },
- {
- "name": "lstrcmpA",
- "address": "0x408124"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x408128"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40812c"
- },
- {
- "name": "DeleteFileA",
- "address": "0x408130"
- },
- {
- "name": "SetFilePointer",
- "address": "0x408134"
- },
- {
- "name": "GetPrivateProfileStringA",
- "address": "0x408138"
- },
- {
- "name": "FindClose",
- "address": "0x40813c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x408140"
- },
- {
- "name": "FreeLibrary",
- "address": "0x408144"
- },
- {
- "name": "MulDiv",
- "address": "0x408148"
- },
- {
- "name": "WritePrivateProfileStringA",
- "address": "0x40814c"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x408150"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x408154"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x408158"
- },
- {
- "name": "GlobalFree",
- "address": "0x40815c"
- },
- {
- "name": "ExpandEnvironmentStringsA",
- "address": "0x408160"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ScreenToClient",
- "address": "0x408184"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x408188"
- },
- {
- "name": "SetClassLongA",
- "address": "0x40818c"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x408190"
- },
- {
- "name": "SetWindowPos",
- "address": "0x408194"
- },
- {
- "name": "GetSysColor",
- "address": "0x408198"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x40819c"
- },
- {
- "name": "SetCursor",
- "address": "0x4081a0"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4081a4"
- },
- {
- "name": "CheckDlgButton",
- "address": "0x4081a8"
- },
- {
- "name": "GetMessagePos",
- "address": "0x4081ac"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x4081b0"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4081b4"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x4081b8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4081bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4081c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x4081c4"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4081c8"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4081cc"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x4081d0"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4081d4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4081d8"
- },
- {
- "name": "SetDlgItemTextA",
- "address": "0x4081dc"
- },
- {
- "name": "GetDlgItemTextA",
- "address": "0x4081e0"
- },
- {
- "name": "MessageBoxIndirectA",
- "address": "0x4081e4"
- },
- {
- "name": "CharPrevA",
- "address": "0x4081e8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4081ec"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4081f0"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4081f4"
- },
- {
- "name": "EnableWindow",
- "address": "0x4081f8"
- },
- {
- "name": "InvalidateRect",
- "address": "0x4081fc"
- },
- {
- "name": "SendMessageA",
- "address": "0x408200"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x408204"
- },
- {
- "name": "BeginPaint",
- "address": "0x408208"
- },
- {
- "name": "GetClientRect",
- "address": "0x40820c"
- },
- {
- "name": "FillRect",
- "address": "0x408210"
- },
- {
- "name": "DrawTextA",
- "address": "0x408214"
- },
- {
- "name": "EndDialog",
- "address": "0x408218"
- },
- {
- "name": "RegisterClassA",
- "address": "0x40821c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x408220"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x408224"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x408228"
- },
- {
- "name": "DialogBoxParamA",
- "address": "0x40822c"
- },
- {
- "name": "CharNextA",
- "address": "0x408230"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x408234"
- },
- {
- "name": "GetDC",
- "address": "0x408238"
- },
- {
- "name": "CreateDialogParamA",
- "address": "0x40823c"
- },
- {
- "name": "SetTimer",
- "address": "0x408240"
- },
- {
- "name": "GetDlgItem",
- "address": "0x408244"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x408248"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x40824c"
- },
- {
- "name": "LoadImageA",
- "address": "0x408250"
- },
- {
- "name": "IsWindow",
- "address": "0x408254"
- },
- {
- "name": "SendMessageTimeoutA",
- "address": "0x408258"
- },
- {
- "name": "FindWindowExA",
- "address": "0x40825c"
- },
- {
- "name": "OpenClipboard",
- "address": "0x408260"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x408264"
- },
- {
- "name": "AppendMenuA",
- "address": "0x408268"
- },
- {
- "name": "EndPaint",
- "address": "0x40826c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x408270"
- },
- {
- "name": "wsprintfA",
- "address": "0x408274"
- },
- {
- "name": "ShowWindow",
- "address": "0x408278"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x40827c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "SelectObject",
- "address": "0x40804c"
- },
- {
- "name": "SetBkMode",
- "address": "0x408050"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x408054"
- },
- {
- "name": "SetTextColor",
- "address": "0x408058"
- },
- {
- "name": "DeleteObject",
- "address": "0x40805c"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x408060"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x408064"
- },
- {
- "name": "SetBkColor",
- "address": "0x408068"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x408168"
- },
- {
- "name": "ShellExecuteExA",
- "address": "0x40816c"
- },
- {
- "name": "SHGetPathFromIDListA",
- "address": "0x408170"
- },
- {
- "name": "SHBrowseForFolderA",
- "address": "0x408174"
- },
- {
- "name": "SHGetFileInfoA",
- "address": "0x408178"
- },
- {
- "name": "SHFileOperationA",
- "address": "0x40817c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x408000"
- },
- {
- "name": "RegCreateKeyExA",
- "address": "0x408004"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x408008"
- },
- {
- "name": "SetFileSecurityA",
- "address": "0x40800c"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x408010"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x408014"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x408018"
- },
- {
- "name": "RegDeleteKeyA",
- "address": "0x40801c"
- },
- {
- "name": "RegDeleteValueA",
- "address": "0x408020"
- },
- {
- "name": "RegCloseKey",
- "address": "0x408024"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x408028"
- },
- {
- "name": "RegQueryValueExA",
- "address": "0x40802c"
- },
- {
- "name": "RegEnumKeyA",
- "address": "0x408030"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Create",
- "address": "0x408038"
- },
- {
- "name": "ImageList_AddMasked",
- "address": "0x40803c"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x408040"
- },
- {
- "name": null,
- "address": "0x408044"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "OleUninitialize",
- "address": "0x408284"
- },
- {
- "name": "OleInitialize",
- "address": "0x408288"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x40828c"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x408290"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000444e0",
- "overlay": {
- "size": "0x00038edb",
- "offset": "0x00008c00"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00403328",
- "timestamp": "2018-12-15 22:24:32",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00006200",
- "entropy": "6.40",
- "raw_address": "0x00000400",
- "virtual_size": "0x00006077",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00008000",
- "size_of_data": "0x00001400",
- "entropy": "5.04",
- "raw_address": "0x00006600",
- "virtual_size": "0x00001250",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000a000",
- "size_of_data": "0x00000400",
- "entropy": "5.22",
- "raw_address": "0x00007a00",
- "virtual_size": "0x0001a838",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".ndata",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00025000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00008000",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0002d000",
- "size_of_data": "0x00000e00",
- "entropy": "4.05",
- "raw_address": "0x00007e00",
- "virtual_size": "0x00000c30",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00008430",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x0002d000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000c30"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00008000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000298"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement