Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Zlob"
- [*] MalScore: 10.0
- [*] File Name: "01"
- [*] File Size: 57096
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "d08e515044a61b2b2dad9deda564460914a9559cdfb9772babf04039d3814252"
- [*] MD5: "8caf035dd4cf30a9904ff243c372df6e"
- [*] SHA1: "470bc49c9d3923c73148dd9d58395199f9743df5"
- [*] SHA512: "e53f36e0c8e6b4662c5a6e06a1c8c8f42bd3d0c4f3f75642ca2ab96df189132686b4142959d2f622dc8336835ed5e752f1efce26e12957a2609ad7ccc5c433a2"
- [*] CRC32: "13613AA0"
- [*] SSDEEP: "768:3P6FP6vnVPXovpOg0nBZpfW89DvGH7dc7vCy6vUg/O43ZY1KgGEJC:CFAPXfg0nzpV9rGHq7v1x4paoEA"
- [*] Process Execution: [
- "01.exe",
- "hkmoov.exe",
- "reg.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "hkmoov.exe tried to sleep 1740 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: 01.exe, pid: 2704, offset: 0x00000000, length: 0x0000df08"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
- }
- ]
- },
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- },
- {
- "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
- },
- {
- "suspicious_request": "http://safegross.com/ppk/index.php"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
- },
- {
- "suspicious_request": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://safegross.com/ppk/index.php"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
- },
- {
- "url": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "Attempts to identify installed AV products by installation directory",
- "Details": [
- {
- "file": "C:\\ProgramData\\AVAST Software"
- },
- {
- "file": "C:\\ProgramData\\Avira"
- },
- {
- "file": "C:\\ProgramData\\Kaspersky Lab"
- },
- {
- "file": "C:\\ProgramData\\ESET"
- },
- {
- "file": "C:\\ProgramData\\Panda Security"
- },
- {
- "file": "C:\\ProgramData\\Bitdefender"
- },
- {
- "file": "C:\\ProgramData\\AVG"
- },
- {
- "file": "C:\\ProgramData\\Doctor Web"
- }
- ]
- },
- {
- "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "FireEye": "Generic.mg.8caf035dd4cf30a9"
- },
- {
- "McAfee": "Artemis!8CAF035DD4CF"
- },
- {
- "ESET-NOD32": "a variant of Win32/Kryptik.GUCF"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Kaspersky": "Trojan.Win32.Agent.xaalpa"
- },
- {
- "Avast": "Win32:BackdoorX-gen [Trj]"
- },
- {
- "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
- },
- {
- "Sophos": "Troj/Agent-BBUR"
- },
- {
- "F-Secure": "Trojan.TR/AD.Zlob.wkfyf"
- },
- {
- "DrWeb": "Trojan.SpyBot.840"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "Artemis!Trojan"
- },
- {
- "Ikarus": "Backdoor.Rat.FlawedAmmyy"
- },
- {
- "Avira": "TR/AD.Zlob.wkfyf"
- },
- {
- "Microsoft": "TrojanDownloader:Win32/Zlob.ZXP!bit"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "ZoneAlarm": "Trojan.Win32.Agent.xaalpa"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Agent.C3291732"
- },
- {
- "ALYac": "Backdoor.RAT.FlawedAmmyy"
- },
- {
- "Tencent": "Win32.Trojan.Raasmx.Auto"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "Fortinet": "W32/GenKryptik.DKZJ!tr"
- },
- {
- "AVG": "Win32:BackdoorX-gen [Trj]"
- },
- {
- "CrowdStrike": "win/malicious_confidence_70% (W)"
- }
- ]
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "c:\\programdata\\d61e6e07ea\\hkmoov.exe",
- "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\d61e6e07ea"
- ]
- [*] Mutexes: []
- [*] Modified Files: [
- "C:\\ProgramData\\0",
- "C:\\programdata\\d61e6e07ea\\hkmoov.exe",
- "C:\\programdata\\d61e6e07ea\\hkmoov.exe:Zone.Identifier"
- ]
- [*] Deleted Files: []
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "safegross.com",
- "answers": [
- {
- "data": "151.237.80.80",
- "type": "A"
- },
- {
- "data": "89.238.207.5",
- "type": "A"
- },
- {
- "data": "93.103.166.70",
- "type": "A"
- },
- {
- "data": "37.152.176.90",
- "type": "A"
- },
- {
- "data": "91.104.177.151",
- "type": "A"
- },
- {
- "data": "89.190.74.198",
- "type": "A"
- },
- {
- "data": "2.185.146.116",
- "type": "A"
- },
- {
- "data": "5.253.53.236",
- "type": "A"
- },
- {
- "data": "95.158.162.200",
- "type": "A"
- },
- {
- "data": "197.255.225.249",
- "type": "A"
- },
- {
- "data": "89.45.19.26",
- "type": "A"
- },
- {
- "data": "186.87.135.97",
- "type": "A"
- },
- {
- "data": "193.33.1.18",
- "type": "A"
- },
- {
- "data": "31.5.167.149",
- "type": "A"
- },
- {
- "data": "41.110.200.194",
- "type": "A"
- },
- {
- "data": "85.187.48.16",
- "type": "A"
- },
- {
- "data": "181.59.254.21",
- "type": "A"
- },
- {
- "data": "89.45.19.24",
- "type": "A"
- },
- {
- "data": "86.101.230.109",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "",
- "domain": "safegross.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 29,
- "body": "id=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
- "uri": "http://safegross.com/ppk/index.php",
- "user-agent": "",
- "method": "POST",
- "host": "safegross.com",
- "version": "1.1",
- "path": "/ppk/index.php",
- "data": "POST /ppk/index.php HTTP/1.1\r\nHost: safegross.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 76\r\n\r\nid=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=0-6820\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6821-17424\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=17425-27568\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27569-38149\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=38150-60344\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=60345-105675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=105676-182544\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=182545-235456\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=235457-387454\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=387455-619308\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=619309-843977\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=843978-1423050\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=1423051-2174378\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=2174379-3522791\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=3522792-5055846\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=5055847-6102108\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6102109-7233475\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=7233476-9002772\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=9002773-10438628\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=10438629-11885988\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=11885989-12942231\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=12942232-13981114\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=13981115-15457991\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=15457992-16973479\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=16973480-18438938\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=18438939-19888021\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=19888022-20811638\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=20811639-22252440\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=22252441-23705723\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=23705724-25236904\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=25236905-26834675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=26834676-27861757\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27861758-29675521\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r5---sn-tt1e7n7e.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=29675522-30336767\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "VirtualAllocEx",
- "address": "0x41d00c"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x41d010"
- },
- {
- "name": "GetOEMCP",
- "address": "0x41d014"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x41d018"
- },
- {
- "name": "GetProcAddress",
- "address": "0x41d01c"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x41d020"
- },
- {
- "name": "GetLastError",
- "address": "0x41d024"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x41d028"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x41d02c"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x41d030"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x41d034"
- },
- {
- "name": "lstrlenA",
- "address": "0x41d038"
- },
- {
- "name": "GetVersionExA",
- "address": "0x41d03c"
- },
- {
- "name": "GetVersionExW",
- "address": "0x41d040"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x41d044"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x41d048"
- },
- {
- "name": "GetTickCount",
- "address": "0x41d04c"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x41d050"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "DestroyWindow",
- "address": "0x41d058"
- },
- {
- "name": "RegisterClassW",
- "address": "0x41d05c"
- },
- {
- "name": "LoadIconA",
- "address": "0x41d060"
- },
- {
- "name": "SetWindowLongW",
- "address": "0x41d064"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x41d068"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x41d06c"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x41d070"
- },
- {
- "name": "DestroyIcon",
- "address": "0x41d074"
- },
- {
- "name": "SendMessageW",
- "address": "0x41d078"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x41d07c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x41d080"
- },
- {
- "name": "LoadStringW",
- "address": "0x41d084"
- },
- {
- "name": "PostMessageW",
- "address": "0x41d088"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateDIBSection",
- "address": "0x41d000"
- },
- {
- "name": "CreateBitmap",
- "address": "0x41d004"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "CoInitialize",
- "address": "0x41d0d8"
- },
- {
- "name": "CoGetObject",
- "address": "0x41d0dc"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "__setusermatherr",
- "address": "0x41d090"
- },
- {
- "name": "_c_exit",
- "address": "0x41d094"
- },
- {
- "name": "_except_handler3",
- "address": "0x41d098"
- },
- {
- "name": "_XcptFilter",
- "address": "0x41d09c"
- },
- {
- "name": "_cexit",
- "address": "0x41d0a0"
- },
- {
- "name": "exit",
- "address": "0x41d0a4"
- },
- {
- "name": "_wcmdln",
- "address": "0x41d0a8"
- },
- {
- "name": "__wgetmainargs",
- "address": "0x41d0ac"
- },
- {
- "name": "_initterm",
- "address": "0x41d0b0"
- },
- {
- "name": "_exit",
- "address": "0x41d0b4"
- },
- {
- "name": "_adjust_fdiv",
- "address": "0x41d0b8"
- },
- {
- "name": "__p__commode",
- "address": "0x41d0bc"
- },
- {
- "name": "__p__fmode",
- "address": "0x41d0c0"
- },
- {
- "name": "__set_app_type",
- "address": "0x41d0c4"
- },
- {
- "name": "_controlfp",
- "address": "0x41d0c8"
- },
- {
- "name": "__dllonexit",
- "address": "0x41d0cc"
- },
- {
- "name": "_onexit",
- "address": "0x41d0d0"
- }
- ],
- "dll": "msvcrt.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0001d0b3",
- "overlay": {
- "size": "0x00001f08",
- "offset": "0x0000c000"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x0001d0b3",
- "icon_hash": null,
- "entrypoint": "0x00404636",
- "timestamp": "2016-08-19 14:55:52",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00004000",
- "entropy": "5.74",
- "raw_address": "0x00001000",
- "virtual_size": "0x00003916",
- "characteristics_raw": "0xf0000020"
- },
- {
- "name": ".bss",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00017030",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001d000",
- "size_of_data": "0x00001000",
- "entropy": "2.45",
- "raw_address": "0x00005000",
- "virtual_size": "0x000005dc",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0001e000",
- "size_of_data": "0x00005000",
- "entropy": "6.48",
- "raw_address": "0x00006000",
- "virtual_size": "0x00004ef4",
- "characteristics_raw": "0xd0000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00023000",
- "size_of_data": "0x00001000",
- "entropy": "0.70",
- "raw_address": "0x0000b000",
- "virtual_size": "0x0000024e",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001d104",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000078"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000c000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00001f08"
- },
- {
- "virtual_address": "0x00023000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000011c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000e4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 5,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "user32.dll.GetWindowContextHelpId",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.VirtualProtect",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.VirtualQuery",
- "advapi32.dll.GetUserNameA",
- "kernel32.dll.AddAtomA",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.CreateDirectoryA",
- "kernel32.dll.CreateFileA",
- "kernel32.dll.CreateProcessA",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.FindAtomA",
- "kernel32.dll.FreeLibrary",
- "kernel32.dll.GetAtomNameA",
- "kernel32.dll.GetComputerNameA",
- "kernel32.dll.GetFileAttributesA",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.GetModuleFileNameA",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.GetSystemDirectoryA",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.GetTempPathA",
- "kernel32.dll.GetVersionExA",
- "kernel32.dll.GetVolumeInformationA",
- "kernel32.dll.SetUnhandledExceptionFilter",
- "kernel32.dll.Sleep",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.WriteFile",
- "msvcrt.dll._itoa",
- "msvcrt.dll._strlwr",
- "msvcrt.dll.__getmainargs",
- "msvcrt.dll.__p__environ",
- "msvcrt.dll.__p__fmode",
- "msvcrt.dll.__set_app_type",
- "msvcrt.dll._cexit",
- "msvcrt.dll._iob",
- "msvcrt.dll._onexit",
- "msvcrt.dll._setmode",
- "msvcrt.dll.abort",
- "msvcrt.dll.atexit",
- "msvcrt.dll.atoi",
- "msvcrt.dll.exit",
- "msvcrt.dll.fclose",
- "msvcrt.dll.fflush",
- "msvcrt.dll.fopen",
- "msvcrt.dll.fprintf",
- "msvcrt.dll.fread",
- "msvcrt.dll.free",
- "msvcrt.dll.fwrite",
- "msvcrt.dll.malloc",
- "msvcrt.dll.memcpy",
- "msvcrt.dll.memmove",
- "msvcrt.dll.memset",
- "msvcrt.dll.signal",
- "msvcrt.dll.strcat",
- "msvcrt.dll.strcmp",
- "msvcrt.dll.strcpy",
- "msvcrt.dll.strlen",
- "msvcrt.dll.strncat",
- "shell32.dll.ShellExecuteExA",
- "user32.dll.GetSystemMetrics",
- "wsock32.dll.WSACleanup",
- "wsock32.dll.WSAStartup",
- "wsock32.dll.closesocket",
- "wsock32.dll.connect",
- "wsock32.dll.gethostbyname",
- "wsock32.dll.htons",
- "wsock32.dll.inet_addr",
- "wsock32.dll.inet_ntoa",
- "wsock32.dll.recv",
- "wsock32.dll.send",
- "wsock32.dll.socket",
- "shell32.dll.#680",
- "kernel32.dll.GetNativeSystemInfo",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "VirtualAllocEx",
- "address": "0x41d00c"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x41d010"
- },
- {
- "name": "GetOEMCP",
- "address": "0x41d014"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x41d018"
- },
- {
- "name": "GetProcAddress",
- "address": "0x41d01c"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x41d020"
- },
- {
- "name": "GetLastError",
- "address": "0x41d024"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x41d028"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x41d02c"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x41d030"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x41d034"
- },
- {
- "name": "lstrlenA",
- "address": "0x41d038"
- },
- {
- "name": "GetVersionExA",
- "address": "0x41d03c"
- },
- {
- "name": "GetVersionExW",
- "address": "0x41d040"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x41d044"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x41d048"
- },
- {
- "name": "GetTickCount",
- "address": "0x41d04c"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x41d050"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "DestroyWindow",
- "address": "0x41d058"
- },
- {
- "name": "RegisterClassW",
- "address": "0x41d05c"
- },
- {
- "name": "LoadIconA",
- "address": "0x41d060"
- },
- {
- "name": "SetWindowLongW",
- "address": "0x41d064"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x41d068"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x41d06c"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x41d070"
- },
- {
- "name": "DestroyIcon",
- "address": "0x41d074"
- },
- {
- "name": "SendMessageW",
- "address": "0x41d078"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x41d07c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x41d080"
- },
- {
- "name": "LoadStringW",
- "address": "0x41d084"
- },
- {
- "name": "PostMessageW",
- "address": "0x41d088"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateDIBSection",
- "address": "0x41d000"
- },
- {
- "name": "CreateBitmap",
- "address": "0x41d004"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "CoInitialize",
- "address": "0x41d0d8"
- },
- {
- "name": "CoGetObject",
- "address": "0x41d0dc"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "__setusermatherr",
- "address": "0x41d090"
- },
- {
- "name": "_c_exit",
- "address": "0x41d094"
- },
- {
- "name": "_except_handler3",
- "address": "0x41d098"
- },
- {
- "name": "_XcptFilter",
- "address": "0x41d09c"
- },
- {
- "name": "_cexit",
- "address": "0x41d0a0"
- },
- {
- "name": "exit",
- "address": "0x41d0a4"
- },
- {
- "name": "_wcmdln",
- "address": "0x41d0a8"
- },
- {
- "name": "__wgetmainargs",
- "address": "0x41d0ac"
- },
- {
- "name": "_initterm",
- "address": "0x41d0b0"
- },
- {
- "name": "_exit",
- "address": "0x41d0b4"
- },
- {
- "name": "_adjust_fdiv",
- "address": "0x41d0b8"
- },
- {
- "name": "__p__commode",
- "address": "0x41d0bc"
- },
- {
- "name": "__p__fmode",
- "address": "0x41d0c0"
- },
- {
- "name": "__set_app_type",
- "address": "0x41d0c4"
- },
- {
- "name": "_controlfp",
- "address": "0x41d0c8"
- },
- {
- "name": "__dllonexit",
- "address": "0x41d0cc"
- },
- {
- "name": "_onexit",
- "address": "0x41d0d0"
- }
- ],
- "dll": "msvcrt.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0001d0b3",
- "overlay": {
- "size": "0x00001f08",
- "offset": "0x0000c000"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x0001d0b3",
- "icon_hash": null,
- "entrypoint": "0x00404636",
- "timestamp": "2016-08-19 14:55:52",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00004000",
- "entropy": "5.74",
- "raw_address": "0x00001000",
- "virtual_size": "0x00003916",
- "characteristics_raw": "0xf0000020"
- },
- {
- "name": ".bss",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00017030",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001d000",
- "size_of_data": "0x00001000",
- "entropy": "2.45",
- "raw_address": "0x00005000",
- "virtual_size": "0x000005dc",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0001e000",
- "size_of_data": "0x00005000",
- "entropy": "6.48",
- "raw_address": "0x00006000",
- "virtual_size": "0x00004ef4",
- "characteristics_raw": "0xd0000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00023000",
- "size_of_data": "0x00001000",
- "entropy": "0.70",
- "raw_address": "0x0000b000",
- "virtual_size": "0x0000024e",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001d104",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000078"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000c000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00001f08"
- },
- {
- "virtual_address": "0x00023000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000011c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000e4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 5,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement