Dridex_a177c6dc08457a93771ab177801f4596_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 3.05
5.  
6. [*] File Name: "Dridex_a177c6dc08457a93771ab177801f4596.exe"
7. [*] File Size: 381952
8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
9. [*] SHA256: "93129fefaa42061ae09972c9c5b35f8d38655a099706c2d938f3cb9fadb43d05"
10. [*] MD5: "a177c6dc08457a93771ab177801f4596"
11. [*] SHA1: "c5b5f1f59f180bf6bbfca7ae86c665b76169be78"
12. [*] SHA512: "4afe0931a17d8e57951d633b3e1d35447c9546e42e6f5f4e285ffa41d8a4e42112767ae7f43c8f8c5d5ab5368c0ade7908cbd16b636f24e419a8f89f441d96d7"
13. [*] CRC32: "2FC0DB62"
14. [*] SSDEEP: "6144:wNfJVsxPPXRWF1Lm22LmRW6o5OkrlpJ3okt7tLJefhh2NK2:CHsxPPXwFFm22B6LGLBAhINK"
15.  
16. [*] Process Execution: [
17. "Dridex_a177c6dc08457a93771ab177801f4596.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "File has been identified by 7 Antiviruses on VirusTotal as malicious",
27. "Details": [
28. {
29. "FireEye": "Generic.mg.a177c6dc08457a93"
30. },
31. {
32. "Trapmine": "malicious.high.ml.score"
33. },
34. {
35. "Microsoft": "Trojan:Win32/Wacatac.B!ml"
36. },
37. {
38. "Endgame": "malicious (high confidence)"
39. },
40. {
41. "Acronis": "suspicious"
42. },
43. {
44. "Rising": "Malware.Heuristic.MLite(80%) (AI-LITE:Mr3NoWNO4bXzcgVSu3a/dg)"
45. },
46. {
47. "CrowdStrike": "win/malicious_confidence_70% (D)"
48. }
49. ]
50. },
51. {
52. "Description": "Performs some HTTP requests",
53. "Details": [
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
59. },
60. {
61. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
62. },
63. {
64. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
65. },
66. {
67. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
68. },
69. {
70. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
71. },
72. {
73. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
74. },
75. {
76. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
77. },
78. {
79. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
80. },
81. {
82. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
83. },
84. {
85. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
86. },
87. {
88. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
89. },
90. {
91. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
92. },
93. {
94. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
95. },
96. {
97. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
98. },
99. {
100. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
101. },
102. {
103. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
104. },
105. {
106. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
107. },
108. {
109. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
110. },
111. {
112. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
113. },
114. {
115. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
116. },
117. {
118. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
119. },
120. {
121. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
122. },
123. {
124. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe"
125. },
126. {
127. "url": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes"
128. }
129. ]
130. }
131. ]
132.  
133. [*] Started Service: []
134.  
135. [*] Executed Commands: []
136.  
137. [*] Mutexes: [
138. "DBWinMutex"
139. ]
140.  
141. [*] Modified Files: []
142.  
143. [*] Deleted Files: []
144.  
145. [*] Modified Registry Keys: []
146.  
147. [*] Deleted Registry Keys: []
148.  
149. [*] DNS Communications: []
150.  
151. [*] Domains: []
152.  
153. [*] Network Communication - ICMP: []
154.  
155. [*] Network Communication - HTTP: [
156. {
157. "count": 1,
158. "body": "",
159. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
160. "user-agent": "Microsoft-CryptoAPI/6.1",
161. "method": "GET",
162. "host": "ocsp.digicert.com",
163. "version": "1.1",
164. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
165. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
166. "port": 80
167. },
168. {
169. "count": 1,
170. "body": "",
171. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
172. "user-agent": "Microsoft-CryptoAPI/6.1",
173. "method": "GET",
174. "host": "ocsp.digicert.com",
175. "version": "1.1",
176. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
177. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
178. "port": 80
179. },
180. {
181. "count": 1,
182. "body": "",
183. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
184. "user-agent": "Microsoft-CryptoAPI/6.1",
185. "method": "GET",
186. "host": "ocsp.digicert.com",
187. "version": "1.1",
188. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
189. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
190. "port": 80
191. },
192. {
193. "count": 1,
194. "body": "",
195. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
196. "user-agent": "Microsoft-CryptoAPI/6.1",
197. "method": "GET",
198. "host": "ocsp.pki.goog",
199. "version": "1.1",
200. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
201. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
202. "port": 80
203. },
204. {
205. "count": 1,
206. "body": "",
207. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
208. "user-agent": "Microsoft-CryptoAPI/6.1",
209. "method": "GET",
210. "host": "ocsp.digicert.com",
211. "version": "1.1",
212. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
213. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
214. "port": 80
215. },
216. {
217. "count": 1,
218. "body": "",
219. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
220. "user-agent": "Microsoft-CryptoAPI/6.1",
221. "method": "GET",
222. "host": "crl.microsoft.com",
223. "version": "1.1",
224. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
225. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
226. "port": 80
227. },
228. {
229. "count": 1,
230. "body": "",
231. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
232. "user-agent": "Microsoft-CryptoAPI/6.1",
233. "method": "GET",
234. "host": "ocsp.comodoca.com",
235. "version": "1.1",
236. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
237. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
238. "port": 80
239. },
240. {
241. "count": 1,
242. "body": "",
243. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
244. "user-agent": "Microsoft-CryptoAPI/6.1",
245. "method": "GET",
246. "host": "ocsp.pki.goog",
247. "version": "1.1",
248. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
249. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
250. "port": 80
251. },
252. {
253. "count": 1,
254. "body": "",
255. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
256. "user-agent": "Microsoft-CryptoAPI/6.1",
257. "method": "GET",
258. "host": "ocsp.digicert.com",
259. "version": "1.1",
260. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
261. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
262. "port": 80
263. },
264. {
265. "count": 1,
266. "body": "",
267. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
268. "user-agent": "Microsoft-CryptoAPI/6.1",
269. "method": "GET",
270. "host": "www.download.windowsupdate.com",
271. "version": "1.1",
272. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
273. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
274. "port": 80
275. },
276. {
277. "count": 1,
278. "body": "",
279. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
280. "user-agent": "Microsoft-CryptoAPI/6.1",
281. "method": "GET",
282. "host": "crl.microsoft.com",
283. "version": "1.1",
284. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
285. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
286. "port": 80
287. },
288. {
289. "count": 1,
290. "body": "",
291. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
292. "user-agent": "Microsoft-CryptoAPI/6.1",
293. "method": "GET",
294. "host": "ocsp.digicert.com",
295. "version": "1.1",
296. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
297. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
298. "port": 80
299. },
300. {
301. "count": 1,
302. "body": "",
303. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
304. "user-agent": "Microsoft-CryptoAPI/6.1",
305. "method": "GET",
306. "host": "ocsp.digicert.com",
307. "version": "1.1",
308. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
309. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
310. "port": 80
311. },
312. {
313. "count": 1,
314. "body": "",
315. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
316. "user-agent": "Microsoft-CryptoAPI/6.1",
317. "method": "GET",
318. "host": "ocsp.digicert.com",
319. "version": "1.1",
320. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
321. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
322. "port": 80
323. },
324. {
325. "count": 1,
326. "body": "",
327. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
328. "user-agent": "Microsoft-CryptoAPI/6.1",
329. "method": "GET",
330. "host": "ocsp.pki.goog",
331. "version": "1.1",
332. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
333. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
334. "port": 80
335. },
336. {
337. "count": 1,
338. "body": "",
339. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
340. "user-agent": "Microsoft-CryptoAPI/6.1",
341. "method": "GET",
342. "host": "ocsp.pki.goog",
343. "version": "1.1",
344. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
345. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
346. "port": 80
347. },
348. {
349. "count": 1,
350. "body": "",
351. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
352. "user-agent": "Microsoft-CryptoAPI/6.1",
353. "method": "GET",
354. "host": "ocsp.digicert.com",
355. "version": "1.1",
356. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
357. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
358. "port": 80
359. },
360. {
361. "count": 1,
362. "body": "",
363. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
364. "user-agent": "Microsoft-CryptoAPI/6.1",
365. "method": "GET",
366. "host": "ocsp.pki.goog",
367. "version": "1.1",
368. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
369. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
370. "port": 80
371. },
372. {
373. "count": 1,
374. "body": "",
375. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
376. "user-agent": "Microsoft-CryptoAPI/6.1",
377. "method": "GET",
378. "host": "ocsp.msocsp.com",
379. "version": "1.1",
380. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
381. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
382. "port": 80
383. },
384. {
385. "count": 1,
386. "body": "",
387. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
388. "user-agent": "Microsoft-CryptoAPI/6.1",
389. "method": "GET",
390. "host": "ocsp.thawte.com",
391. "version": "1.1",
392. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
393. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
394. "port": 80
395. },
396. {
397. "count": 1,
398. "body": "",
399. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
400. "user-agent": "Microsoft-CryptoAPI/6.1",
401. "method": "GET",
402. "host": "ocsp.usertrust.com",
403. "version": "1.1",
404. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
405. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
406. "port": 80
407. },
408. {
409. "count": 1,
410. "body": "",
411. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
412. "user-agent": "Microsoft-CryptoAPI/6.1",
413. "method": "GET",
414. "host": "th.symcd.com",
415. "version": "1.1",
416. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
417. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
418. "port": 80
419. },
420. {
421. "count": 1,
422. "body": "",
423. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
424. "user-agent": "Microsoft-CryptoAPI/6.1",
425. "method": "GET",
426. "host": "ocsp.digicert.com",
427. "version": "1.1",
428. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
429. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
430. "port": 80
431. },
432. {
433. "count": 1,
434. "body": "",
435. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
436. "user-agent": "Microsoft-CryptoAPI/6.1",
437. "method": "GET",
438. "host": "ocsp.digicert.com",
439. "version": "1.1",
440. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
441. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
442. "port": 80
443. },
444. {
445. "count": 1,
446. "body": "",
447. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
448. "user-agent": "Microsoft-CryptoAPI/6.1",
449. "method": "GET",
450. "host": "ocsp.pki.goog",
451. "version": "1.1",
452. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
453. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
454. "port": 80
455. },
456. {
457. "count": 1,
458. "body": "",
459. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
460. "user-agent": "Microsoft-CryptoAPI/6.1",
461. "method": "GET",
462. "host": "crl.microsoft.com",
463. "version": "1.1",
464. "path": "/pki/crl/products/microsoftrootcert.crl",
465. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
466. "port": 80
467. },
468. {
469. "count": 1,
470. "body": "",
471. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe",
472. "user-agent": "Microsoft BITS/7.5",
473. "method": "HEAD",
474. "host": "redirector.gvt1.com",
475. "version": "1.1",
476. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe",
477. "data": "HEAD /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
478. "port": 80
479. },
480. {
481. "count": 1,
482. "body": "",
483. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
484. "user-agent": "Microsoft BITS/7.5",
485. "method": "HEAD",
486. "host": "r5---sn-tt1e7n7k.gvt1.com",
487. "version": "1.1",
488. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
489. "data": "HEAD /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
490. "port": 80
491. },
492. {
493. "count": 1,
494. "body": "",
495. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
496. "user-agent": "Microsoft BITS/7.5",
497. "method": "GET",
498. "host": "r5---sn-tt1e7n7k.gvt1.com",
499. "version": "1.1",
500. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
501. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=0-6922\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
502. "port": 80
503. },
504. {
505. "count": 1,
506. "body": "",
507. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
508. "user-agent": "Microsoft BITS/7.5",
509. "method": "GET",
510. "host": "r5---sn-tt1e7n7k.gvt1.com",
511. "version": "1.1",
512. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
513. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=6923-16822\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
514. "port": 80
515. },
516. {
517. "count": 1,
518. "body": "",
519. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
520. "user-agent": "Microsoft BITS/7.5",
521. "method": "GET",
522. "host": "r5---sn-tt1e7n7k.gvt1.com",
523. "version": "1.1",
524. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
525. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=16823-26586\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
526. "port": 80
527. },
528. {
529. "count": 1,
530. "body": "",
531. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
532. "user-agent": "Microsoft BITS/7.5",
533. "method": "GET",
534. "host": "r5---sn-tt1e7n7k.gvt1.com",
535. "version": "1.1",
536. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
537. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=26587-43833\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
538. "port": 80
539. },
540. {
541. "count": 1,
542. "body": "",
543. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
544. "user-agent": "Microsoft BITS/7.5",
545. "method": "GET",
546. "host": "r5---sn-tt1e7n7k.gvt1.com",
547. "version": "1.1",
548. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
549. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=43834-57087\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
550. "port": 80
551. },
552. {
553. "count": 1,
554. "body": "",
555. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
556. "user-agent": "Microsoft BITS/7.5",
557. "method": "GET",
558. "host": "r5---sn-tt1e7n7k.gvt1.com",
559. "version": "1.1",
560. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
561. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=57088-85284\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
562. "port": 80
563. },
564. {
565. "count": 1,
566. "body": "",
567. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
568. "user-agent": "Microsoft BITS/7.5",
569. "method": "GET",
570. "host": "r5---sn-tt1e7n7k.gvt1.com",
571. "version": "1.1",
572. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
573. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=85285-138603\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
574. "port": 80
575. },
576. {
577. "count": 1,
578. "body": "",
579. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
580. "user-agent": "Microsoft BITS/7.5",
581. "method": "GET",
582. "host": "r5---sn-tt1e7n7k.gvt1.com",
583. "version": "1.1",
584. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
585. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=138604-210035\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
586. "port": 80
587. },
588. {
589. "count": 1,
590. "body": "",
591. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
592. "user-agent": "Microsoft BITS/7.5",
593. "method": "GET",
594. "host": "r5---sn-tt1e7n7k.gvt1.com",
595. "version": "1.1",
596. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
597. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=210036-302711\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
598. "port": 80
599. },
600. {
601. "count": 1,
602. "body": "",
603. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
604. "user-agent": "Microsoft BITS/7.5",
605. "method": "GET",
606. "host": "r5---sn-tt1e7n7k.gvt1.com",
607. "version": "1.1",
608. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
609. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=302712-422232\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
610. "port": 80
611. },
612. {
613. "count": 1,
614. "body": "",
615. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
616. "user-agent": "Microsoft BITS/7.5",
617. "method": "GET",
618. "host": "r5---sn-tt1e7n7k.gvt1.com",
619. "version": "1.1",
620. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
621. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=422233-578356\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
622. "port": 80
623. },
624. {
625. "count": 1,
626. "body": "",
627. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
628. "user-agent": "Microsoft BITS/7.5",
629. "method": "GET",
630. "host": "r5---sn-tt1e7n7k.gvt1.com",
631. "version": "1.1",
632. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
633. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=578357-782477\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
634. "port": 80
635. },
636. {
637. "count": 1,
638. "body": "",
639. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
640. "user-agent": "Microsoft BITS/7.5",
641. "method": "GET",
642. "host": "r5---sn-tt1e7n7k.gvt1.com",
643. "version": "1.1",
644. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
645. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=782478-1049508\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
646. "port": 80
647. },
648. {
649. "count": 1,
650. "body": "",
651. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
652. "user-agent": "Microsoft BITS/7.5",
653. "method": "GET",
654. "host": "r5---sn-tt1e7n7k.gvt1.com",
655. "version": "1.1",
656. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
657. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=1049509-1396905\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
658. "port": 80
659. },
660. {
661. "count": 1,
662. "body": "",
663. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
664. "user-agent": "Microsoft BITS/7.5",
665. "method": "GET",
666. "host": "r5---sn-tt1e7n7k.gvt1.com",
667. "version": "1.1",
668. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
669. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=1396906-1928000\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
670. "port": 80
671. },
672. {
673. "count": 1,
674. "body": "",
675. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
676. "user-agent": "Microsoft BITS/7.5",
677. "method": "GET",
678. "host": "r5---sn-tt1e7n7k.gvt1.com",
679. "version": "1.1",
680. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
681. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=1928001-2521994\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
682. "port": 80
683. },
684. {
685. "count": 1,
686. "body": "",
687. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
688. "user-agent": "Microsoft BITS/7.5",
689. "method": "GET",
690. "host": "r5---sn-tt1e7n7k.gvt1.com",
691. "version": "1.1",
692. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
693. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=2521995-3590863\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
694. "port": 80
695. },
696. {
697. "count": 1,
698. "body": "",
699. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
700. "user-agent": "Microsoft BITS/7.5",
701. "method": "GET",
702. "host": "r5---sn-tt1e7n7k.gvt1.com",
703. "version": "1.1",
704. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
705. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=3590864-4781304\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
706. "port": 80
707. },
708. {
709. "count": 1,
710. "body": "",
711. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
712. "user-agent": "Microsoft BITS/7.5",
713. "method": "GET",
714. "host": "r5---sn-tt1e7n7k.gvt1.com",
715. "version": "1.1",
716. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
717. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=4781305-5622176\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
718. "port": 80
719. },
720. {
721. "count": 1,
722. "body": "",
723. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
724. "user-agent": "Microsoft BITS/7.5",
725. "method": "GET",
726. "host": "r5---sn-tt1e7n7k.gvt1.com",
727. "version": "1.1",
728. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
729. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=5622177-7263744\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
730. "port": 80
731. },
732. {
733. "count": 1,
734. "body": "",
735. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
736. "user-agent": "Microsoft BITS/7.5",
737. "method": "GET",
738. "host": "r5---sn-tt1e7n7k.gvt1.com",
739. "version": "1.1",
740. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
741. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=7263745-8914456\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
742. "port": 80
743. },
744. {
745. "count": 1,
746. "body": "",
747. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
748. "user-agent": "Microsoft BITS/7.5",
749. "method": "GET",
750. "host": "r5---sn-tt1e7n7k.gvt1.com",
751. "version": "1.1",
752. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
753. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=8914457-9907016\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
754. "port": 80
755. },
756. {
757. "count": 1,
758. "body": "",
759. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
760. "user-agent": "Microsoft BITS/7.5",
761. "method": "GET",
762. "host": "r5---sn-tt1e7n7k.gvt1.com",
763. "version": "1.1",
764. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
765. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=9907017-11088710\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
766. "port": 80
767. },
768. {
769. "count": 1,
770. "body": "",
771. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
772. "user-agent": "Microsoft BITS/7.5",
773. "method": "GET",
774. "host": "r5---sn-tt1e7n7k.gvt1.com",
775. "version": "1.1",
776. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
777. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=11088711-12887669\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
778. "port": 80
779. },
780. {
781. "count": 1,
782. "body": "",
783. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
784. "user-agent": "Microsoft BITS/7.5",
785. "method": "GET",
786. "host": "r5---sn-tt1e7n7k.gvt1.com",
787. "version": "1.1",
788. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
789. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=12887670-14051237\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
790. "port": 80
791. },
792. {
793. "count": 1,
794. "body": "",
795. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
796. "user-agent": "Microsoft BITS/7.5",
797. "method": "GET",
798. "host": "r5---sn-tt1e7n7k.gvt1.com",
799. "version": "1.1",
800. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
801. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=14051238-15385053\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
802. "port": 80
803. },
804. {
805. "count": 1,
806. "body": "",
807. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
808. "user-agent": "Microsoft BITS/7.5",
809. "method": "GET",
810. "host": "r5---sn-tt1e7n7k.gvt1.com",
811. "version": "1.1",
812. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
813. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=15385054-16641646\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
814. "port": 80
815. },
816. {
817. "count": 1,
818. "body": "",
819. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
820. "user-agent": "Microsoft BITS/7.5",
821. "method": "GET",
822. "host": "r5---sn-tt1e7n7k.gvt1.com",
823. "version": "1.1",
824. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
825. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=16641647-18551038\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
826. "port": 80
827. },
828. {
829. "count": 1,
830. "body": "",
831. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
832. "user-agent": "Microsoft BITS/7.5",
833. "method": "GET",
834. "host": "r5---sn-tt1e7n7k.gvt1.com",
835. "version": "1.1",
836. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
837. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=18551039-20326851\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
838. "port": 80
839. },
840. {
841. "count": 1,
842. "body": "",
843. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
844. "user-agent": "Microsoft BITS/7.5",
845. "method": "GET",
846. "host": "r5---sn-tt1e7n7k.gvt1.com",
847. "version": "1.1",
848. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
849. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=20326852-21487504\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
850. "port": 80
851. },
852. {
853. "count": 1,
854. "body": "",
855. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
856. "user-agent": "Microsoft BITS/7.5",
857. "method": "GET",
858. "host": "r5---sn-tt1e7n7k.gvt1.com",
859. "version": "1.1",
860. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
861. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=21487505-22542505\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
862. "port": 80
863. },
864. {
865. "count": 1,
866. "body": "",
867. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
868. "user-agent": "Microsoft BITS/7.5",
869. "method": "GET",
870. "host": "r5---sn-tt1e7n7k.gvt1.com",
871. "version": "1.1",
872. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
873. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=22542506-23599052\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
874. "port": 80
875. },
876. {
877. "count": 1,
878. "body": "",
879. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
880. "user-agent": "Microsoft BITS/7.5",
881. "method": "GET",
882. "host": "r5---sn-tt1e7n7k.gvt1.com",
883. "version": "1.1",
884. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
885. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=23599053-24756655\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
886. "port": 80
887. },
888. {
889. "count": 1,
890. "body": "",
891. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
892. "user-agent": "Microsoft BITS/7.5",
893. "method": "GET",
894. "host": "r5---sn-tt1e7n7k.gvt1.com",
895. "version": "1.1",
896. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
897. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=24756656-26438926\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
898. "port": 80
899. },
900. {
901. "count": 1,
902. "body": "",
903. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
904. "user-agent": "Microsoft BITS/7.5",
905. "method": "GET",
906. "host": "r5---sn-tt1e7n7k.gvt1.com",
907. "version": "1.1",
908. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
909. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=26438927-28060582\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
910. "port": 80
911. },
912. {
913. "count": 1,
914. "body": "",
915. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
916. "user-agent": "Microsoft BITS/7.5",
917. "method": "GET",
918. "host": "r5---sn-tt1e7n7k.gvt1.com",
919. "version": "1.1",
920. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
921. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=28060583-29778765\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
922. "port": 80
923. },
924. {
925. "count": 1,
926. "body": "",
927. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
928. "user-agent": "Microsoft BITS/7.5",
929. "method": "GET",
930. "host": "r5---sn-tt1e7n7k.gvt1.com",
931. "version": "1.1",
932. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
933. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=29778766-30837092\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
934. "port": 80
935. },
936. {
937. "count": 1,
938. "body": "",
939. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
940. "user-agent": "Microsoft BITS/7.5",
941. "method": "GET",
942. "host": "r5---sn-tt1e7n7k.gvt1.com",
943. "version": "1.1",
944. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
945. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=30837093-32761086\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
946. "port": 80
947. },
948. {
949. "count": 1,
950. "body": "",
951. "uri": "http://r5---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
952. "user-agent": "Microsoft BITS/7.5",
953. "method": "GET",
954. "host": "r5---sn-tt1e7n7k.gvt1.com",
955. "version": "1.1",
956. "path": "/edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes",
957. "data": "GET /edgedl/release2/chrome/APHZtEIErdMX_75.0.3770.100/75.0.3770.100_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560970174&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 18 Jun 2019 04:17:17 GMT\r\nRange: bytes=32761087-33549055\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r5---sn-tt1e7n7k.gvt1.com\r\n\r\n",
958. "port": 80
959. }
960. ]
961.  
962. [*] Network Communication - SMTP: []
963.  
964. [*] Network Communication - Hosts: []
965.  
966. [*] Network Communication - IRC: []
967.  
968. [*] Static Analysis: {
969. "pe": {
970. "peid_signatures": null,
971. "imports": [
972. {
973. "imports": [
974. {
975. "name": "ExitProcess",
976. "address": "0x42d000"
977. },
978. {
979. "name": "lstrlenA",
980. "address": "0x42d004"
981. },
982. {
983. "name": "DebugActiveProcessStop",
984. "address": "0x42d008"
985. },
986. {
987. "name": "LockFile",
988. "address": "0x42d00c"
989. },
990. {
991. "name": "GetModuleHandleW",
992. "address": "0x42d010"
993. },
994. {
995. "name": "GetTickCount",
996. "address": "0x42d014"
997. },
998. {
999. "name": "GetBinaryTypeA",
1000. "address": "0x42d018"
1001. },
1002. {
1003. "name": "Module32First",
1004. "address": "0x42d01c"
1005. },
1006. {
1007. "name": "EnterCriticalSection",
1008. "address": "0x42d020"
1009. },
1010. {
1011. "name": "LocalAlloc",
1012. "address": "0x42d024"
1013. },
1014. {
1015. "name": "GetNumberFormatW",
1016. "address": "0x42d028"
1017. },
1018. {
1019. "name": "VirtualProtect",
1020. "address": "0x42d02c"
1021. },
1022. {
1023. "name": "CreateToolhelp32Snapshot",
1024. "address": "0x42d030"
1025. },
1026. {
1027. "name": "PeekConsoleInputA",
1028. "address": "0x42d034"
1029. },
1030. {
1031. "name": "CloseHandle",
1032. "address": "0x42d038"
1033. },
1034. {
1035. "name": "ReadConsoleW",
1036. "address": "0x42d03c"
1037. },
1038. {
1039. "name": "ReadFile",
1040. "address": "0x42d040"
1041. },
1042. {
1043. "name": "FlushFileBuffers",
1044. "address": "0x42d044"
1045. },
1046. {
1047. "name": "GetStringTypeW",
1048. "address": "0x42d048"
1049. },
1050. {
1051. "name": "EncodePointer",
1052. "address": "0x42d04c"
1053. },
1054. {
1055. "name": "DecodePointer",
1056. "address": "0x42d050"
1057. },
1058. {
1059. "name": "IsDebuggerPresent",
1060. "address": "0x42d054"
1061. },
1062. {
1063. "name": "IsProcessorFeaturePresent",
1064. "address": "0x42d058"
1065. },
1066. {
1067. "name": "GetCommandLineA",
1068. "address": "0x42d05c"
1069. },
1070. {
1071. "name": "RaiseException",
1072. "address": "0x42d060"
1073. },
1074. {
1075. "name": "RtlUnwind",
1076. "address": "0x42d064"
1077. },
1078. {
1079. "name": "LeaveCriticalSection",
1080. "address": "0x42d068"
1081. },
1082. {
1083. "name": "GetLastError",
1084. "address": "0x42d06c"
1085. },
1086. {
1087. "name": "GetModuleHandleExW",
1088. "address": "0x42d070"
1089. },
1090. {
1091. "name": "GetProcAddress",
1092. "address": "0x42d074"
1093. },
1094. {
1095. "name": "AreFileApisANSI",
1096. "address": "0x42d078"
1097. },
1098. {
1099. "name": "MultiByteToWideChar",
1100. "address": "0x42d07c"
1101. },
1102. {
1103. "name": "WideCharToMultiByte",
1104. "address": "0x42d080"
1105. },
1106. {
1107. "name": "HeapSize",
1108. "address": "0x42d084"
1109. },
1110. {
1111. "name": "HeapFree",
1112. "address": "0x42d088"
1113. },
1114. {
1115. "name": "UnhandledExceptionFilter",
1116. "address": "0x42d08c"
1117. },
1118. {
1119. "name": "SetUnhandledExceptionFilter",
1120. "address": "0x42d090"
1121. },
1122. {
1123. "name": "SetLastError",
1124. "address": "0x42d094"
1125. },
1126. {
1127. "name": "InitializeCriticalSectionAndSpinCount",
1128. "address": "0x42d098"
1129. },
1130. {
1131. "name": "CreateEventW",
1132. "address": "0x42d09c"
1133. },
1134. {
1135. "name": "Sleep",
1136. "address": "0x42d0a0"
1137. },
1138. {
1139. "name": "GetCurrentProcess",
1140. "address": "0x42d0a4"
1141. },
1142. {
1143. "name": "TerminateProcess",
1144. "address": "0x42d0a8"
1145. },
1146. {
1147. "name": "TlsAlloc",
1148. "address": "0x42d0ac"
1149. },
1150. {
1151. "name": "TlsGetValue",
1152. "address": "0x42d0b0"
1153. },
1154. {
1155. "name": "TlsSetValue",
1156. "address": "0x42d0b4"
1157. },
1158. {
1159. "name": "TlsFree",
1160. "address": "0x42d0b8"
1161. },
1162. {
1163. "name": "GetStartupInfoW",
1164. "address": "0x42d0bc"
1165. },
1166. {
1167. "name": "CreateSemaphoreW",
1168. "address": "0x42d0c0"
1169. },
1170. {
1171. "name": "HeapAlloc",
1172. "address": "0x42d0c4"
1173. },
1174. {
1175. "name": "GetCurrentThread",
1176. "address": "0x42d0c8"
1177. },
1178. {
1179. "name": "GetCurrentThreadId",
1180. "address": "0x42d0cc"
1181. },
1182. {
1183. "name": "GetProcessHeap",
1184. "address": "0x42d0d0"
1185. },
1186. {
1187. "name": "GetStdHandle",
1188. "address": "0x42d0d4"
1189. },
1190. {
1191. "name": "GetFileType",
1192. "address": "0x42d0d8"
1193. },
1194. {
1195. "name": "DeleteCriticalSection",
1196. "address": "0x42d0dc"
1197. },
1198. {
1199. "name": "GetModuleFileNameA",
1200. "address": "0x42d0e0"
1201. },
1202. {
1203. "name": "WriteFile",
1204. "address": "0x42d0e4"
1205. },
1206. {
1207. "name": "GetModuleFileNameW",
1208. "address": "0x42d0e8"
1209. },
1210. {
1211. "name": "QueryPerformanceCounter",
1212. "address": "0x42d0ec"
1213. },
1214. {
1215. "name": "GetCurrentProcessId",
1216. "address": "0x42d0f0"
1217. },
1218. {
1219. "name": "GetSystemTimeAsFileTime",
1220. "address": "0x42d0f4"
1221. },
1222. {
1223. "name": "GetEnvironmentStringsW",
1224. "address": "0x42d0f8"
1225. },
1226. {
1227. "name": "FreeEnvironmentStringsW",
1228. "address": "0x42d0fc"
1229. },
1230. {
1231. "name": "GetConsoleCP",
1232. "address": "0x42d100"
1233. },
1234. {
1235. "name": "GetConsoleMode",
1236. "address": "0x42d104"
1237. },
1238. {
1239. "name": "SetFilePointerEx",
1240. "address": "0x42d108"
1241. },
1242. {
1243. "name": "IsValidCodePage",
1244. "address": "0x42d10c"
1245. },
1246. {
1247. "name": "GetACP",
1248. "address": "0x42d110"
1249. },
1250. {
1251. "name": "GetOEMCP",
1252. "address": "0x42d114"
1253. },
1254. {
1255. "name": "GetCPInfo",
1256. "address": "0x42d118"
1257. },
1258. {
1259. "name": "FatalAppExitA",
1260. "address": "0x42d11c"
1261. },
1262. {
1263. "name": "SetConsoleCtrlHandler",
1264. "address": "0x42d120"
1265. },
1266. {
1267. "name": "FreeLibrary",
1268. "address": "0x42d124"
1269. },
1270. {
1271. "name": "LoadLibraryExW",
1272. "address": "0x42d128"
1273. },
1274. {
1275. "name": "HeapReAlloc",
1276. "address": "0x42d12c"
1277. },
1278. {
1279. "name": "GetDateFormatW",
1280. "address": "0x42d130"
1281. },
1282. {
1283. "name": "GetTimeFormatW",
1284. "address": "0x42d134"
1285. },
1286. {
1287. "name": "CompareStringW",
1288. "address": "0x42d138"
1289. },
1290. {
1291. "name": "LCMapStringW",
1292. "address": "0x42d13c"
1293. },
1294. {
1295. "name": "GetLocaleInfoW",
1296. "address": "0x42d140"
1297. },
1298. {
1299. "name": "IsValidLocale",
1300. "address": "0x42d144"
1301. },
1302. {
1303. "name": "GetUserDefaultLCID",
1304. "address": "0x42d148"
1305. },
1306. {
1307. "name": "EnumSystemLocalesW",
1308. "address": "0x42d14c"
1309. },
1310. {
1311. "name": "OutputDebugStringW",
1312. "address": "0x42d150"
1313. },
1314. {
1315. "name": "SetStdHandle",
1316. "address": "0x42d154"
1317. },
1318. {
1319. "name": "WriteConsoleW",
1320. "address": "0x42d158"
1321. },
1322. {
1323. "name": "CreateFileW",
1324. "address": "0x42d15c"
1325. }
1326. ],
1327. "dll": "KERNEL32.dll"
1328. },
1329. {
1330. "imports": [
1331. {
1332. "name": "GetMonitorInfoA",
1333. "address": "0x42d164"
1334. },
1335. {
1336. "name": "InSendMessageEx",
1337. "address": "0x42d168"
1338. },
1339. {
1340. "name": "ToAscii",
1341. "address": "0x42d16c"
1342. }
1343. ],
1344. "dll": "USER32.dll"
1345. }
1346. ],
1347. "digital_signers": null,
1348. "exported_dll_name": "bupek.exe",
1349. "actual_checksum": "0x00069481",
1350. "overlay": null,
1351. "imagebase": "0x00400000",
1352. "reported_checksum": "0x00069481",
1353. "icon_hash": null,
1354. "entrypoint": "0x00403ad3",
1355. "timestamp": "2018-01-25 08:25:36",
1356. "osversion": "5.1",
1357. "sections": [
1358. {
1359. "name": ".text",
1360. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1361. "virtual_address": "0x00001000",
1362. "size_of_data": "0x0002bc00",
1363. "entropy": "6.68",
1364. "raw_address": "0x00000400",
1365. "virtual_size": "0x0002ba9d",
1366. "characteristics_raw": "0x60000020"
1367. },
1368. {
1369. "name": ".rdata",
1370. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1371. "virtual_address": "0x0002d000",
1372. "size_of_data": "0x00029600",
1373. "entropy": "6.40",
1374. "raw_address": "0x0002c000",
1375. "virtual_size": "0x00029582",
1376. "characteristics_raw": "0x40000040"
1377. },
1378. {
1379. "name": ".data",
1380. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1381. "virtual_address": "0x00057000",
1382. "size_of_data": "0x00001e00",
1383. "entropy": "3.10",
1384. "raw_address": "0x00055600",
1385. "virtual_size": "0x00804d8c",
1386. "characteristics_raw": "0xc0000040"
1387. },
1388. {
1389. "name": ".rsrc",
1390. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1391. "virtual_address": "0x0085c000",
1392. "size_of_data": "0x00003e00",
1393. "entropy": "5.99",
1394. "raw_address": "0x00057400",
1395. "virtual_size": "0x00003cb8",
1396. "characteristics_raw": "0x40000040"
1397. },
1398. {
1399. "name": ".reloc",
1400. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1401. "virtual_address": "0x00860000",
1402. "size_of_data": "0x00002200",
1403. "entropy": "6.64",
1404. "raw_address": "0x0005b200",
1405. "virtual_size": "0x000021b8",
1406. "characteristics_raw": "0x42000040"
1407. }
1408. ],
1409. "resources": [],
1410. "dirents": [
1411. {
1412. "virtual_address": "0x00055cf0",
1413. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1414. "size": "0x00000049"
1415. },
1416. {
1417. "virtual_address": "0x00055d3c",
1418. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1419. "size": "0x0000003c"
1420. },
1421. {
1422. "virtual_address": "0x0085c000",
1423. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1424. "size": "0x00003cb8"
1425. },
1426. {
1427. "virtual_address": "0x00000000",
1428. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1429. "size": "0x00000000"
1430. },
1431. {
1432. "virtual_address": "0x00000000",
1433. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1434. "size": "0x00000000"
1435. },
1436. {
1437. "virtual_address": "0x00860000",
1438. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1439. "size": "0x000021b8"
1440. },
1441. {
1442. "virtual_address": "0x0002d1d0",
1443. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1444. "size": "0x00000038"
1445. },
1446. {
1447. "virtual_address": "0x00000000",
1448. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1449. "size": "0x00000000"
1450. },
1451. {
1452. "virtual_address": "0x00000000",
1453. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1454. "size": "0x00000000"
1455. },
1456. {
1457. "virtual_address": "0x00000000",
1458. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1459. "size": "0x00000000"
1460. },
1461. {
1462. "virtual_address": "0x00000000",
1463. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1464. "size": "0x00000000"
1465. },
1466. {
1467. "virtual_address": "0x00000000",
1468. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1469. "size": "0x00000000"
1470. },
1471. {
1472. "virtual_address": "0x0002d000",
1473. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1474. "size": "0x00000174"
1475. },
1476. {
1477. "virtual_address": "0x00000000",
1478. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1479. "size": "0x00000000"
1480. },
1481. {
1482. "virtual_address": "0x00000000",
1483. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1484. "size": "0x00000000"
1485. },
1486. {
1487. "virtual_address": "0x00000000",
1488. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1489. "size": "0x00000000"
1490. }
1491. ],
1492. "exports": [
1493. {
1494. "ordinal": 1,
1495. "name": "MyFunc165@@4",
1496. "address": "0x42c4f0"
1497. }
1498. ],
1499. "guest_signers": {},
1500. "imphash": "a9de0ae653d70388f1053417ed3bfb9b",
1501. "icon_fuzzy": null,
1502. "icon": null,
1503. "pdbpath": "C:\\cereyitocibi\\riwegeyuseyowadufu.pdb\\x00tmp_1417221033\\bin\\bupek.pdb\\x00\\x00\\x00\\x00\\x00\\xab\\x00\\x00\\x00\\xab\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x87E",
1504. "imported_dll_count": 2,
1505. "versioninfo": []
1506. }
1507. }
1508.  
1509. [*] Resolved APIs: [
1510. "kernel32.dll.FlsAlloc",
1511. "kernel32.dll.FlsFree",
1512. "kernel32.dll.FlsGetValue",
1513. "kernel32.dll.FlsSetValue",
1514. "kernel32.dll.InitializeCriticalSectionEx",
1515. "kernel32.dll.CreateEventExW",
1516. "kernel32.dll.CreateSemaphoreExW",
1517. "kernel32.dll.SetThreadStackGuarantee",
1518. "kernel32.dll.CreateThreadpoolTimer",
1519. "kernel32.dll.SetThreadpoolTimer",
1520. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
1521. "kernel32.dll.CloseThreadpoolTimer",
1522. "kernel32.dll.CreateThreadpoolWait",
1523. "kernel32.dll.SetThreadpoolWait",
1524. "kernel32.dll.CloseThreadpoolWait",
1525. "kernel32.dll.FlushProcessWriteBuffers",
1526. "kernel32.dll.FreeLibraryWhenCallbackReturns",
1527. "kernel32.dll.GetCurrentProcessorNumber",
1528. "kernel32.dll.GetLogicalProcessorInformation",
1529. "kernel32.dll.CreateSymbolicLinkW",
1530. "kernel32.dll.EnumSystemLocalesEx",
1531. "kernel32.dll.CompareStringEx",
1532. "kernel32.dll.GetDateFormatEx",
1533. "kernel32.dll.GetLocaleInfoEx",
1534. "kernel32.dll.GetTimeFormatEx",
1535. "kernel32.dll.GetUserDefaultLocaleName",
1536. "kernel32.dll.IsValidLocaleName",
1537. "kernel32.dll.LCMapStringEx",
1538. "kernel32.dll.GetTickCount64",
1539. "kernel32.dll.GlobalAlloc",
1540. "kernel32.dll.GetLastError",
1541. "kernel32.dll.Sleep",
1542. "kernel32.dll.CreateToolhelp32Snapshot",
1543. "kernel32.dll.Module32First",
1544. "kernel32.dll.CloseHandle",
1545. "kernel32.dll.LoadLibraryA",
1546. "kernel32.dll.VirtualAlloc",
1547. "kernel32.dll.VirtualProtect",
1548. "kernel32.dll.VirtualFree",
1549. "kernel32.dll.GetVersionExA",
1550. "kernel32.dll.TerminateProcess",
1551. "kernel32.dll.ExitProcess",
1552. "kernel32.dll.SetErrorMode",
1553. "kernel32.dll.FreeConsole",
1554. "kernel32.dll.OutputDebugStringW",
1555. "msvcr100.dll.atexit"
1556. ]
1557.  
1558. [*] Static Analysis: {
1559. "pe": {
1560. "peid_signatures": null,
1561. "imports": [
1562. {
1563. "imports": [
1564. {
1565. "name": "ExitProcess",
1566. "address": "0x42d000"
1567. },
1568. {
1569. "name": "lstrlenA",
1570. "address": "0x42d004"
1571. },
1572. {
1573. "name": "DebugActiveProcessStop",
1574. "address": "0x42d008"
1575. },
1576. {
1577. "name": "LockFile",
1578. "address": "0x42d00c"
1579. },
1580. {
1581. "name": "GetModuleHandleW",
1582. "address": "0x42d010"
1583. },
1584. {
1585. "name": "GetTickCount",
1586. "address": "0x42d014"
1587. },
1588. {
1589. "name": "GetBinaryTypeA",
1590. "address": "0x42d018"
1591. },
1592. {
1593. "name": "Module32First",
1594. "address": "0x42d01c"
1595. },
1596. {
1597. "name": "EnterCriticalSection",
1598. "address": "0x42d020"
1599. },
1600. {
1601. "name": "LocalAlloc",
1602. "address": "0x42d024"
1603. },
1604. {
1605. "name": "GetNumberFormatW",
1606. "address": "0x42d028"
1607. },
1608. {
1609. "name": "VirtualProtect",
1610. "address": "0x42d02c"
1611. },
1612. {
1613. "name": "CreateToolhelp32Snapshot",
1614. "address": "0x42d030"
1615. },
1616. {
1617. "name": "PeekConsoleInputA",
1618. "address": "0x42d034"
1619. },
1620. {
1621. "name": "CloseHandle",
1622. "address": "0x42d038"
1623. },
1624. {
1625. "name": "ReadConsoleW",
1626. "address": "0x42d03c"
1627. },
1628. {
1629. "name": "ReadFile",
1630. "address": "0x42d040"
1631. },
1632. {
1633. "name": "FlushFileBuffers",
1634. "address": "0x42d044"
1635. },
1636. {
1637. "name": "GetStringTypeW",
1638. "address": "0x42d048"
1639. },
1640. {
1641. "name": "EncodePointer",
1642. "address": "0x42d04c"
1643. },
1644. {
1645. "name": "DecodePointer",
1646. "address": "0x42d050"
1647. },
1648. {
1649. "name": "IsDebuggerPresent",
1650. "address": "0x42d054"
1651. },
1652. {
1653. "name": "IsProcessorFeaturePresent",
1654. "address": "0x42d058"
1655. },
1656. {
1657. "name": "GetCommandLineA",
1658. "address": "0x42d05c"
1659. },
1660. {
1661. "name": "RaiseException",
1662. "address": "0x42d060"
1663. },
1664. {
1665. "name": "RtlUnwind",
1666. "address": "0x42d064"
1667. },
1668. {
1669. "name": "LeaveCriticalSection",
1670. "address": "0x42d068"
1671. },
1672. {
1673. "name": "GetLastError",
1674. "address": "0x42d06c"
1675. },
1676. {
1677. "name": "GetModuleHandleExW",
1678. "address": "0x42d070"
1679. },
1680. {
1681. "name": "GetProcAddress",
1682. "address": "0x42d074"
1683. },
1684. {
1685. "name": "AreFileApisANSI",
1686. "address": "0x42d078"
1687. },
1688. {
1689. "name": "MultiByteToWideChar",
1690. "address": "0x42d07c"
1691. },
1692. {
1693. "name": "WideCharToMultiByte",
1694. "address": "0x42d080"
1695. },
1696. {
1697. "name": "HeapSize",
1698. "address": "0x42d084"
1699. },
1700. {
1701. "name": "HeapFree",
1702. "address": "0x42d088"
1703. },
1704. {
1705. "name": "UnhandledExceptionFilter",
1706. "address": "0x42d08c"
1707. },
1708. {
1709. "name": "SetUnhandledExceptionFilter",
1710. "address": "0x42d090"
1711. },
1712. {
1713. "name": "SetLastError",
1714. "address": "0x42d094"
1715. },
1716. {
1717. "name": "InitializeCriticalSectionAndSpinCount",
1718. "address": "0x42d098"
1719. },
1720. {
1721. "name": "CreateEventW",
1722. "address": "0x42d09c"
1723. },
1724. {
1725. "name": "Sleep",
1726. "address": "0x42d0a0"
1727. },
1728. {
1729. "name": "GetCurrentProcess",
1730. "address": "0x42d0a4"
1731. },
1732. {
1733. "name": "TerminateProcess",
1734. "address": "0x42d0a8"
1735. },
1736. {
1737. "name": "TlsAlloc",
1738. "address": "0x42d0ac"
1739. },
1740. {
1741. "name": "TlsGetValue",
1742. "address": "0x42d0b0"
1743. },
1744. {
1745. "name": "TlsSetValue",
1746. "address": "0x42d0b4"
1747. },
1748. {
1749. "name": "TlsFree",
1750. "address": "0x42d0b8"
1751. },
1752. {
1753. "name": "GetStartupInfoW",
1754. "address": "0x42d0bc"
1755. },
1756. {
1757. "name": "CreateSemaphoreW",
1758. "address": "0x42d0c0"
1759. },
1760. {
1761. "name": "HeapAlloc",
1762. "address": "0x42d0c4"
1763. },
1764. {
1765. "name": "GetCurrentThread",
1766. "address": "0x42d0c8"
1767. },
1768. {
1769. "name": "GetCurrentThreadId",
1770. "address": "0x42d0cc"
1771. },
1772. {
1773. "name": "GetProcessHeap",
1774. "address": "0x42d0d0"
1775. },
1776. {
1777. "name": "GetStdHandle",
1778. "address": "0x42d0d4"
1779. },
1780. {
1781. "name": "GetFileType",
1782. "address": "0x42d0d8"
1783. },
1784. {
1785. "name": "DeleteCriticalSection",
1786. "address": "0x42d0dc"
1787. },
1788. {
1789. "name": "GetModuleFileNameA",
1790. "address": "0x42d0e0"
1791. },
1792. {
1793. "name": "WriteFile",
1794. "address": "0x42d0e4"
1795. },
1796. {
1797. "name": "GetModuleFileNameW",
1798. "address": "0x42d0e8"
1799. },
1800. {
1801. "name": "QueryPerformanceCounter",
1802. "address": "0x42d0ec"
1803. },
1804. {
1805. "name": "GetCurrentProcessId",
1806. "address": "0x42d0f0"
1807. },
1808. {
1809. "name": "GetSystemTimeAsFileTime",
1810. "address": "0x42d0f4"
1811. },
1812. {
1813. "name": "GetEnvironmentStringsW",
1814. "address": "0x42d0f8"
1815. },
1816. {
1817. "name": "FreeEnvironmentStringsW",
1818. "address": "0x42d0fc"
1819. },
1820. {
1821. "name": "GetConsoleCP",
1822. "address": "0x42d100"
1823. },
1824. {
1825. "name": "GetConsoleMode",
1826. "address": "0x42d104"
1827. },
1828. {
1829. "name": "SetFilePointerEx",
1830. "address": "0x42d108"
1831. },
1832. {
1833. "name": "IsValidCodePage",
1834. "address": "0x42d10c"
1835. },
1836. {
1837. "name": "GetACP",
1838. "address": "0x42d110"
1839. },
1840. {
1841. "name": "GetOEMCP",
1842. "address": "0x42d114"
1843. },
1844. {
1845. "name": "GetCPInfo",
1846. "address": "0x42d118"
1847. },
1848. {
1849. "name": "FatalAppExitA",
1850. "address": "0x42d11c"
1851. },
1852. {
1853. "name": "SetConsoleCtrlHandler",
1854. "address": "0x42d120"
1855. },
1856. {
1857. "name": "FreeLibrary",
1858. "address": "0x42d124"
1859. },
1860. {
1861. "name": "LoadLibraryExW",
1862. "address": "0x42d128"
1863. },
1864. {
1865. "name": "HeapReAlloc",
1866. "address": "0x42d12c"
1867. },
1868. {
1869. "name": "GetDateFormatW",
1870. "address": "0x42d130"
1871. },
1872. {
1873. "name": "GetTimeFormatW",
1874. "address": "0x42d134"
1875. },
1876. {
1877. "name": "CompareStringW",
1878. "address": "0x42d138"
1879. },
1880. {
1881. "name": "LCMapStringW",
1882. "address": "0x42d13c"
1883. },
1884. {
1885. "name": "GetLocaleInfoW",
1886. "address": "0x42d140"
1887. },
1888. {
1889. "name": "IsValidLocale",
1890. "address": "0x42d144"
1891. },
1892. {
1893. "name": "GetUserDefaultLCID",
1894. "address": "0x42d148"
1895. },
1896. {
1897. "name": "EnumSystemLocalesW",
1898. "address": "0x42d14c"
1899. },
1900. {
1901. "name": "OutputDebugStringW",
1902. "address": "0x42d150"
1903. },
1904. {
1905. "name": "SetStdHandle",
1906. "address": "0x42d154"
1907. },
1908. {
1909. "name": "WriteConsoleW",
1910. "address": "0x42d158"
1911. },
1912. {
1913. "name": "CreateFileW",
1914. "address": "0x42d15c"
1915. }
1916. ],
1917. "dll": "KERNEL32.dll"
1918. },
1919. {
1920. "imports": [
1921. {
1922. "name": "GetMonitorInfoA",
1923. "address": "0x42d164"
1924. },
1925. {
1926. "name": "InSendMessageEx",
1927. "address": "0x42d168"
1928. },
1929. {
1930. "name": "ToAscii",
1931. "address": "0x42d16c"
1932. }
1933. ],
1934. "dll": "USER32.dll"
1935. }
1936. ],
1937. "digital_signers": null,
1938. "exported_dll_name": "bupek.exe",
1939. "actual_checksum": "0x00069481",
1940. "overlay": null,
1941. "imagebase": "0x00400000",
1942. "reported_checksum": "0x00069481",
1943. "icon_hash": null,
1944. "entrypoint": "0x00403ad3",
1945. "timestamp": "2018-01-25 08:25:36",
1946. "osversion": "5.1",
1947. "sections": [
1948. {
1949. "name": ".text",
1950. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1951. "virtual_address": "0x00001000",
1952. "size_of_data": "0x0002bc00",
1953. "entropy": "6.68",
1954. "raw_address": "0x00000400",
1955. "virtual_size": "0x0002ba9d",
1956. "characteristics_raw": "0x60000020"
1957. },
1958. {
1959. "name": ".rdata",
1960. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1961. "virtual_address": "0x0002d000",
1962. "size_of_data": "0x00029600",
1963. "entropy": "6.40",
1964. "raw_address": "0x0002c000",
1965. "virtual_size": "0x00029582",
1966. "characteristics_raw": "0x40000040"
1967. },
1968. {
1969. "name": ".data",
1970. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1971. "virtual_address": "0x00057000",
1972. "size_of_data": "0x00001e00",
1973. "entropy": "3.10",
1974. "raw_address": "0x00055600",
1975. "virtual_size": "0x00804d8c",
1976. "characteristics_raw": "0xc0000040"
1977. },
1978. {
1979. "name": ".rsrc",
1980. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1981. "virtual_address": "0x0085c000",
1982. "size_of_data": "0x00003e00",
1983. "entropy": "5.99",
1984. "raw_address": "0x00057400",
1985. "virtual_size": "0x00003cb8",
1986. "characteristics_raw": "0x40000040"
1987. },
1988. {
1989. "name": ".reloc",
1990. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1991. "virtual_address": "0x00860000",
1992. "size_of_data": "0x00002200",
1993. "entropy": "6.64",
1994. "raw_address": "0x0005b200",
1995. "virtual_size": "0x000021b8",
1996. "characteristics_raw": "0x42000040"
1997. }
1998. ],
1999. "resources": [],
2000. "dirents": [
2001. {
2002. "virtual_address": "0x00055cf0",
2003. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2004. "size": "0x00000049"
2005. },
2006. {
2007. "virtual_address": "0x00055d3c",
2008. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2009. "size": "0x0000003c"
2010. },
2011. {
2012. "virtual_address": "0x0085c000",
2013. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2014. "size": "0x00003cb8"
2015. },
2016. {
2017. "virtual_address": "0x00000000",
2018. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2019. "size": "0x00000000"
2020. },
2021. {
2022. "virtual_address": "0x00000000",
2023. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2024. "size": "0x00000000"
2025. },
2026. {
2027. "virtual_address": "0x00860000",
2028. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2029. "size": "0x000021b8"
2030. },
2031. {
2032. "virtual_address": "0x0002d1d0",
2033. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2034. "size": "0x00000038"
2035. },
2036. {
2037. "virtual_address": "0x00000000",
2038. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2039. "size": "0x00000000"
2040. },
2041. {
2042. "virtual_address": "0x00000000",
2043. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2044. "size": "0x00000000"
2045. },
2046. {
2047. "virtual_address": "0x00000000",
2048. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2049. "size": "0x00000000"
2050. },
2051. {
2052. "virtual_address": "0x00000000",
2053. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2054. "size": "0x00000000"
2055. },
2056. {
2057. "virtual_address": "0x00000000",
2058. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2059. "size": "0x00000000"
2060. },
2061. {
2062. "virtual_address": "0x0002d000",
2063. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2064. "size": "0x00000174"
2065. },
2066. {
2067. "virtual_address": "0x00000000",
2068. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2069. "size": "0x00000000"
2070. },
2071. {
2072. "virtual_address": "0x00000000",
2073. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2074. "size": "0x00000000"
2075. },
2076. {
2077. "virtual_address": "0x00000000",
2078. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2079. "size": "0x00000000"
2080. }
2081. ],
2082. "exports": [
2083. {
2084. "ordinal": 1,
2085. "name": "MyFunc165@@4",
2086. "address": "0x42c4f0"
2087. }
2088. ],
2089. "guest_signers": {},
2090. "imphash": "a9de0ae653d70388f1053417ed3bfb9b",
2091. "icon_fuzzy": null,
2092. "icon": null,
2093. "pdbpath": "C:\\cereyitocibi\\riwegeyuseyowadufu.pdb\\x00tmp_1417221033\\bin\\bupek.pdb\\x00\\x00\\x00\\x00\\x00\\xab\\x00\\x00\\x00\\xab\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x87E",
2094. "imported_dll_count": 2,
2095. "versioninfo": []
2096. }
2097. }